File name:

adobe-flash-player.exe

Full analysis: https://app.any.run/tasks/fb2f34f9-4ef3-45bf-8eee-64e1371f1d81
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: September 11, 2024, 18:13:16
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

E1221548B31173638B10A100F5504C29

SHA1:

3E3F91D1CB2C8A35077D3C66D8BD83D69BB6769A

SHA256:

C6F566BD3007A269EC975936D37B340367C49C8D5A7EFCA75CD2896EDA1AB06B

SSDEEP:

98304:x+cD4dn6LtPFJub7ItGSQTIgQ0afhOpiKOAVNVahm4iciQSd5o5BGul4XvDtVVB3:/Ya7N3yD2uI1LaNNh9w4ZOpXB8b

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • lite_installer.exe (PID: 5732)
      • seederexe.exe (PID: 7216)
      • 360TS_Setup.exe (PID: 4528)

    • Steals credentials from Web Browsers

      • seederexe.exe (PID: 7216)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • adobe-flash-player.exe (PID: 6188)
      • adobe-flash-player.exe (PID: 4976)
      • adobe-flash-player.tmp (PID: 4804)
      • downloader.exe (PID: 2456)
      • Yandex.exe (PID: 7520)
      • lite_installer.exe (PID: 5732)
      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)
      • 360TS_Setup.exe (PID: 4528)
      • 360TS_Setup.exe (PID: 3812)

    • Reads security settings of Internet Explorer

      • adobe-flash-player.tmp (PID: 6152)
      • downloader.exe (PID: 2456)
      • flashplayer32pp_xa_install.exe (PID: 6180)
      • lite_installer.exe (PID: 5732)
      • adobe-flash-player.tmp (PID: 4804)
      • Yandex.exe (PID: 7520)
      • explorer.exe (PID: 7556)
      • {CAC81055-7812-47E3-B0D9-707BB7F5D855}.exe (PID: 7712)
      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)
      • 360TS_Setup.exe (PID: 4528)

    • Searches for installed software

      • adobe-flash-player.tmp (PID: 4804)

    • Reads the Windows owner or organization settings

      • adobe-flash-player.tmp (PID: 4804)
      • msiexec.exe (PID: 6692)

    • Reads Microsoft Outlook installation path

      • flashplayer32pp_xa_install.exe (PID: 6180)

    • Reads Internet Explorer settings

      • flashplayer32pp_xa_install.exe (PID: 6180)

    • Process requests binary or script from the Internet

      • downloader.exe (PID: 2456)
      • lite_installer.exe (PID: 5732)
      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)
      • adobe-flash-player.tmp (PID: 4804)

    • Potential Corporate Privacy Violation

      • downloader.exe (PID: 2456)
      • lite_installer.exe (PID: 5732)
      • adobe-flash-player.tmp (PID: 4804)
      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)

    • Process drops legitimate windows executable

      • downloader.exe (PID: 2456)

    • Checks Windows Trust Settings

      • downloader.exe (PID: 2456)
      • msiexec.exe (PID: 6692)
      • lite_installer.exe (PID: 5732)
      • {CAC81055-7812-47E3-B0D9-707BB7F5D855}.exe (PID: 7712)
      • 360TS_Setup.exe (PID: 4528)

    • Starts a Microsoft application from unusual location

      • YandexPackSetup.exe (PID: 644)

    • Adds/modifies Windows certificates

      • downloader.exe (PID: 2456)

    • Application launched itself

      • downloader.exe (PID: 2456)

    • Reads Mozilla Firefox installation path

      • seederexe.exe (PID: 7216)

    • Changes the Home page of Internet Explorer

      • seederexe.exe (PID: 7216)

    • Changes the title of the Internet Explorer window

      • seederexe.exe (PID: 7216)

    • The process creates files with name similar to system file names

      • Yandex.exe (PID: 7520)

    • Starts itself from another location

      • Yandex.exe (PID: 7520)
      • 360TS_Setup.exe (PID: 3812)

    • Creates a software uninstall entry

      • Yandex.exe (PID: 7520)

    • Creates file in the systems drive root

      • 360TS_Setup.exe (PID: 4528)

    • The process verifies whether the antivirus software is installed

      • 360TS_Setup.exe (PID: 4528)

    • Drops 7-zip archiver for unpacking

      • 360TS_Setup.exe (PID: 4528)

  • INFO

    • Checks supported languages

      • adobe-flash-player.exe (PID: 6188)
      • adobe-flash-player.tmp (PID: 6152)
      • adobe-flash-player.exe (PID: 4976)
      • adobe-flash-player.tmp (PID: 4804)
      • flashplayer32pp_xa_install.exe (PID: 6180)
      • identity_helper.exe (PID: 2032)
      • downloader.exe (PID: 2456)
      • YandexPackSetup.exe (PID: 644)
      • msiexec.exe (PID: 2640)
      • msiexec.exe (PID: 6692)
      • seederexe.exe (PID: 7216)
      • downloader.exe (PID: 7340)
      • lite_installer.exe (PID: 5732)
      • Yandex.exe (PID: 7520)
      • explorer.exe (PID: 7556)
      • sender.exe (PID: 7600)
      • {CAC81055-7812-47E3-B0D9-707BB7F5D855}.exe (PID: 7712)
      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)
      • 360TS_Setup.exe (PID: 4528)
      • 360TS_Setup.exe (PID: 3812)

    • Create files in a temporary directory

      • adobe-flash-player.exe (PID: 6188)
      • adobe-flash-player.exe (PID: 4976)
      • adobe-flash-player.tmp (PID: 4804)
      • flashplayer32pp_xa_install.exe (PID: 6180)
      • downloader.exe (PID: 2456)
      • msiexec.exe (PID: 2640)
      • YandexPackSetup.exe (PID: 644)
      • seederexe.exe (PID: 7216)
      • lite_installer.exe (PID: 5732)
      • downloader.exe (PID: 7340)
      • Yandex.exe (PID: 7520)
      • sender.exe (PID: 7600)
      • {CAC81055-7812-47E3-B0D9-707BB7F5D855}.exe (PID: 7712)
      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)
      • 360TS_Setup.exe (PID: 4528)
      • 360TS_Setup.exe (PID: 3812)

    • Reads the computer name

      • adobe-flash-player.tmp (PID: 6152)
      • adobe-flash-player.tmp (PID: 4804)
      • flashplayer32pp_xa_install.exe (PID: 6180)
      • identity_helper.exe (PID: 2032)
      • downloader.exe (PID: 2456)
      • msiexec.exe (PID: 2640)
      • msiexec.exe (PID: 6692)
      • YandexPackSetup.exe (PID: 644)
      • seederexe.exe (PID: 7216)
      • lite_installer.exe (PID: 5732)
      • downloader.exe (PID: 7340)
      • Yandex.exe (PID: 7520)
      • explorer.exe (PID: 7556)
      • sender.exe (PID: 7600)
      • {CAC81055-7812-47E3-B0D9-707BB7F5D855}.exe (PID: 7712)
      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)
      • 360TS_Setup.exe (PID: 3812)
      • 360TS_Setup.exe (PID: 4528)

    • Process checks computer location settings

      • adobe-flash-player.tmp (PID: 6152)
      • downloader.exe (PID: 2456)
      • msiexec.exe (PID: 2640)
      • Yandex.exe (PID: 7520)
      • explorer.exe (PID: 7556)
      • 360TS_Setup.exe (PID: 4528)
      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)

    • Reads the software policy settings

      • adobe-flash-player.tmp (PID: 4804)
      • flashplayer32pp_xa_install.exe (PID: 6180)
      • downloader.exe (PID: 2456)
      • msiexec.exe (PID: 6692)
      • lite_installer.exe (PID: 5732)
      • {CAC81055-7812-47E3-B0D9-707BB7F5D855}.exe (PID: 7712)
      • 360TS_Setup.exe (PID: 4528)

    • Reads the machine GUID from the registry

      • adobe-flash-player.tmp (PID: 4804)
      • flashplayer32pp_xa_install.exe (PID: 6180)
      • downloader.exe (PID: 2456)
      • msiexec.exe (PID: 6692)
      • seederexe.exe (PID: 7216)
      • lite_installer.exe (PID: 5732)
      • {CAC81055-7812-47E3-B0D9-707BB7F5D855}.exe (PID: 7712)
      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)
      • 360TS_Setup.exe (PID: 4528)

    • The process uses the downloaded file

      • flashplayer32pp_xa_install.exe (PID: 6180)
      • downloader.exe (PID: 2456)
      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)

    • Checks proxy server information

      • flashplayer32pp_xa_install.exe (PID: 6180)
      • downloader.exe (PID: 2456)
      • lite_installer.exe (PID: 5732)
      • adobe-flash-player.tmp (PID: 4804)
      • {CAC81055-7812-47E3-B0D9-707BB7F5D855}.exe (PID: 7712)
      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)
      • 360TS_Setup.exe (PID: 4528)

    • Application launched itself

      • msedge.exe (PID: 1124)
      • msedge.exe (PID: 6716)

    • Manual execution by a user

      • msedge.exe (PID: 6716)
      • {CAC81055-7812-47E3-B0D9-707BB7F5D855}.exe (PID: 7712)

    • Reads Environment values

      • identity_helper.exe (PID: 2032)

    • Creates a software uninstall entry

      • adobe-flash-player.tmp (PID: 4804)

    • Creates files or folders in the user directory

      • flashplayer32pp_xa_install.exe (PID: 6180)
      • downloader.exe (PID: 2456)
      • msiexec.exe (PID: 2640)
      • msiexec.exe (PID: 6692)
      • lite_installer.exe (PID: 5732)
      • seederexe.exe (PID: 7216)
      • adobe-flash-player.tmp (PID: 4804)
      • Yandex.exe (PID: 7520)
      • explorer.exe (PID: 7556)
      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)
      • 360TS_Setup.exe (PID: 4528)

    • Sends debugging messages

      • YandexPackSetup.exe (PID: 644)
      • msiexec.exe (PID: 2640)
      • downloader.exe (PID: 7340)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6692)
      • msiexec.exe (PID: 2640)

    • Disables trace logs

      • 360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe (PID: 7732)

    • Creates files in the program directory

      • 360TS_Setup.exe (PID: 3812)
      • 360TS_Setup.exe (PID: 4528)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:14 16:10:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 122880
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: qTG0pcPn7agQqotl9Mo2409101700
FileVersion:
LegalCopyright:
OriginalFileName:
ProductName: Adobe Flash Player
ProductVersion:
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
192
Monitored processes
65
Malicious processes
12
Suspicious processes
2

Behavior graph

Click at the process to see the details
start adobe-flash-player.exe adobe-flash-player.tmp no specs adobe-flash-player.exe adobe-flash-player.tmp flashplayer32pp_xa_install.exe msedge.exe no specs explorer.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs downloader.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs yandexpacksetup.exe msiexec.exe msiexec.exe msedge.exe no specs lite_installer.exe msedge.exe no specs seederexe.exe downloader.exe msedge.exe no specs yandex.exe explorer.exe no specs sender.exe {cac81055-7812-47e3-b0d9-707bb7f5d855}.exe 360ts_setup_mini_ww_coin_cpi202201_6.6.0.1054.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs 360ts_setup.exe msedge.exe no specs 360ts_setup.exe

Process information

PID
CMD
Path
Indicators
Parent process
644"C:\Users\admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y VID=165"C:\Users\admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
downloader.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Software Installer
Exit code:
0
Version:
3.0.5419.0
Modules
Images
c:\users\admin\appdata\local\temp\7f4987fb1a6e43d69e3e94b29eb75926\yandexpacksetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\psapi.dll
788"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x290,0x294,0x298,0x288,0x2a0,0x7fffd38d5fd8,0x7fffd38d5fe4,0x7fffd38d5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
888"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5656 --field-trial-handle=2280,i,10616966346011304897,1137120413579984964,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
940"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5252 --field-trial-handle=2280,i,10616966346011304897,1137120413579984964,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
964"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6776 --field-trial-handle=2280,i,10616966346011304897,1137120413579984964,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
964"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3084 --field-trial-handle=2280,i,10616966346011304897,1137120413579984964,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1060"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3424 --field-trial-handle=2280,i,10616966346011304897,1137120413579984964,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1124"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://get.adobe.com/flashplayer/C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeflashplayer32pp_xa_install.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1184"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6804 --field-trial-handle=2280,i,10616966346011304897,1137120413579984964,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1496"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x310,0x314,0x318,0x308,0x320,0x7fffd38d5fd8,0x7fffd38d5fe4,0x7fffd38d5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
38 774
Read events
38 575
Write events
170
Delete events
29

Modification events

(PID) Process:(6180) flashplayer32pp_xa_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6180) flashplayer32pp_xa_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6180) flashplayer32pp_xa_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6180) flashplayer32pp_xa_install.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\DirectDraw\MostRecentApplication
Operation:writeName:Name
Value:
flashplayer32pp_xa_install.exe
(PID) Process:(6180) flashplayer32pp_xa_install.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\DirectDraw\MostRecentApplication
Operation:writeName:ID
Value:
(PID) Process:(6180) flashplayer32pp_xa_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(1124) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1124) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1124) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6180) flashplayer32pp_xa_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFavoritesInitialSelection
Value:
Executable files
197
Suspicious files
778
Text files
412
Unknown types
14

Dropped files

PID
Process
Filename
Type
4804adobe-flash-player.tmpC:\Users\admin\AppData\Local\Temp\is-1J4OQ.tmp\botva2.dllexecutable
MD5:EF899FA243C07B7B82B3A45F6EC36771
SHA256:DA7D0368712EE419952EB2640A65A7F24E39FB7872442ED4D2EE847EC4CFDE77
4976adobe-flash-player.exeC:\Users\admin\AppData\Local\Temp\is-AC6HI.tmp\adobe-flash-player.tmpexecutable
MD5:E6901EE29DB2D883E449AF97E715720B
SHA256:4EAA0F24CAB443561BD8CABE3E51EC65B87AEE5FBD5B5768793747C848B6F7A0
4804adobe-flash-player.tmpC:\Users\admin\AppData\Local\Temp\is-1J4OQ.tmp\Owm4pd5OLsee5yiHY9Hz\downloader.exeexecutable
MD5:B9314504E592D42CB36534415A62B3AF
SHA256:C60C3A7D20B575FDEEB723E12A11C2602E73329DC413FC6D88F72E6F87E38B49
4804adobe-flash-player.tmpC:\Users\admin\AppData\Local\Temp\is-1J4OQ.tmp\CallbackCtrl.dllexecutable
MD5:F07E819BA2E46A897CFABF816D7557B2
SHA256:68F42A7823ED7EE88A5C59020AC52D4BBCADF1036611E96E470D986C8FAA172D
4804adobe-flash-player.tmpC:\Users\admin\AppData\Local\Temp\is-1J4OQ.tmp\Owm4pd5OLsee5yiHY9Hz\Background_100.pngimage
MD5:A9F6B5D49F632DF311713F427EB5867A
SHA256:A23C7BC0E48B90ED586D57DFEB1938EC8E0802492C6AAAB92DDE30DC39693884
6188adobe-flash-player.exeC:\Users\admin\AppData\Local\Temp\is-EUPDL.tmp\adobe-flash-player.tmpexecutable
MD5:E6901EE29DB2D883E449AF97E715720B
SHA256:4EAA0F24CAB443561BD8CABE3E51EC65B87AEE5FBD5B5768793747C848B6F7A0
4804adobe-flash-player.tmpC:\Users\admin\AppData\Local\Temp\is-1J4OQ.tmp\Owm4pd5OLsee5yiHY9Hz\Accept_buttons_125.pngimage
MD5:6F60AC8D87538CCFBF77B44DE07D695C
SHA256:91D0C34184342AE204BFACA0662FC02F2CC8638F94D67B28A0BA363DA1DBCC95
4804adobe-flash-player.tmpC:\Users\admin\AppData\Local\Temp\is-1J4OQ.tmp\Owm4pd5OLsee5yiHY9Hz\Background_150.pngimage
MD5:BFD053A59574ACE80724644A25770583
SHA256:9D78AB3AECA0DC560A2A34673709F932CE3F7355A85EB048641FC261AF0569E2
4804adobe-flash-player.tmpC:\Users\admin\AppData\Local\Temp\is-1J4OQ.tmp\Owm4pd5OLsee5yiHY9Hz\Checkboxes_100.pngimage
MD5:09EB161A9DD933C90684CFC669A2A599
SHA256:75D6EEE452F8F120B0FA922E8BEA6FA8DD6A8FBD9E73D48262117F0CACC6C133
4804adobe-flash-player.tmpC:\Users\admin\AppData\Local\Temp\is-1J4OQ.tmp\D7TlKIMZiyRR.dllexecutable
MD5:D6F1BA0EEF05A82D2F3EF55DD3AE45B0
SHA256:727B06710120B371183D68EF1C2D205E8C2968ADE93F8466DDEA4824B212B035
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
85
TCP/UDP connections
288
DNS requests
236
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
23.213.164.167:443
https://dlmping2.adobe.com/dlm/fp.gif?admErrorCode=www.adobe.com&admErrorFunction=CertificateNotMatching_01&admErrorReason=Application%20Initialization%20Error%3A%20CallBack_03_-4&currentFilename=flashplayer32pp_xa_install.exe&os_ver=10.0.0&type=install
unknown
GET
204.79.197.239:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
2456
downloader.exe
GET
200
139.45.200.26:80
http://ext-cachev2-kiv-1514-2.cdn.yandex.net/download.yandex.ru/yandex-pack/downloader/info.rss?lid=1514
unknown
whitelisted
2456
downloader.exe
GET
302
5.45.205.241:80
http://download.yandex.ru/yandex-pack/downloader/info.rss
unknown
whitelisted
5612
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2456
downloader.exe
GET
302
5.45.205.241:80
http://downloader.yandex.net/yandex-pack/631081/YandexPackSetup.exe
unknown
whitelisted
2456
downloader.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
whitelisted
2456
downloader.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDG8SbJzCh95FjOiQ9g%3D%3D
unknown
whitelisted
5732
lite_installer.exe
GET
200
87.250.250.14:80
http://clck.yandex.ru/click/dtype=stred/pid=198/cid=73002/path=0.winapi_download/ui=5aee9957-3C0F-4751-9D20-546C52151cc0/clid1=9103221-165/dt=0/ds=0/bits=7_8_19041_3636/bver=0_0_0_0/prod_version=1_0_1_9/result=ok/*
unknown
whitelisted
POST
200
34.88.137.133:443
https://req.datarcv.ru/analitics/
unknown
binary
17 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6652
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5612
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5612
RUXIMICS.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4804
adobe-flash-player.tmp
34.88.137.133:443
cfg.datarcv.ru
GOOGLE-CLOUD-PLATFORM
FI
unknown
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
6652
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4324
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
whitelisted
google.com
  • 142.250.186.46
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
cfg.datarcv.ru
  • 34.88.137.133
unknown
req.datarcv.ru
  • 34.88.137.133
unknown
get.adobe.com
  • 23.36.162.197
  • 23.36.162.203
whitelisted
www.adobe.com
  • 193.108.153.9
  • 193.108.153.12
whitelisted
dlmping2.adobe.com
  • 23.213.164.167
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
2456
downloader.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
5732
lite_installer.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
5732
lite_installer.exe
Misc activity
ET INFO EXE - Served Attached HTTP
4804
adobe-flash-player.tmp
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4804
adobe-flash-player.tmp
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
7732
360TS_Setup_Mini_WW_Coin_CPI202201_6.6.0.1054.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1 ETPRO signatures available at the full report
Process
Message
YandexPackSetup.exe
IsAlreadyRun() In
YandexPackSetup.exe
IsAlreadyRun() Out : ret (BOOL) = 0
YandexPackSetup.exe
IsMSISrvFree() In
YandexPackSetup.exe
IsMSISrvFree() : OpenMutex() err ret = 2
YandexPackSetup.exe
IsMSISrvFree() Out ret = 1
YandexPackSetup.exe
GetLoggedCreds_WTSSessionInfo(): szUserName = admin, szDomain = DESKTOP-JGLLJLD, dwSessionId = 1
YandexPackSetup.exe
GetSidFromEnumSess(): i = 1 : szUserName = ANONYMOUS LOGON, szDomain = NT AUTHORITY, dwSessionId = 0
YandexPackSetup.exe
GetSidFromEnumSess(): ProfileImagePath(2) = C:\Users\admin
YandexPackSetup.exe
GetSidFromEnumSess(): LsaEnumerateLogonSessions() lpszSid = S-1-5-21-1693682860-607145093-2874071422-1001
YandexPackSetup.exe
GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = DESKTOP-JGLLJLD, dwSessionId = 0
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
adobe-flash-player.exe