File name:

d0838244e7ebd0b4bd7d7486745346af6b9b3509e9a79b2526dcfea9d83c6b74.bin

Full analysis: https://app.any.run/tasks/5a331e34-c4dd-4edc-a700-30c083ca3a56
Verdict: Malicious activity
Analysis date: July 21, 2025, 15:46:13
OS: Windows 11 Professional (build: 22000, 64 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: ManualFinderApp, Author: ManualFinder, Keywords: Installer, Comments: This installer database contains the logic and data required to install ManualFinderApp., Template: Intel;1033, Revision Number: {75C8F397-00C0-48D9-8F5F-C7AED3D9B33A}, Create Time/Date: Mon Jul 21 08:45:52 2025, Last Saved Time/Date: Mon Jul 21 08:45:52 2025, Number of Pages: 500, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
MD5:

1EFAFFCD54FD2DF44AB55023154BEC9B

SHA1:

D65A929FD272E770E2CD3AE56F182FB6BAC981E7

SHA256:

D0838244E7EBD0B4BD7D7486745346AF6B9B3509E9A79B2526DCFEA9D83C6B74

SSDEEP:

49152:tFi2LILF04rZVGQIEx8nIGo9014NwGcttGJQ9NzsdhKTZue7a61fybK+gNzYqsEY:fL0F0sZbXx8nXo9m9t1yh6Zj7D0S5bs5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • ManualFinderApp.exe (PID: 1804)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 4780)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 6992)
      • msiexec.exe (PID: 2568)
      • ManualFinderApp.exe (PID: 1804)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6992)
      • msiexec.exe (PID: 2568)

    • Reads the Internet Settings

      • msiexec.exe (PID: 6992)
      • msedgewebview2.exe (PID: 1184)

    • Executes as Windows Service

      • VSSVC.exe (PID: 6276)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 2568)

    • The executable file from the user directory is run by the CMD process

      • ManualFinderApp.exe (PID: 1804)

    • Starts CMD.EXE for commands execution

      • msiexec.exe (PID: 2568)

    • Executable content was dropped or overwritten

      • ManualFinderApp.exe (PID: 1804)

    • Reads settings of System Certificates

      • ManualFinderApp.exe (PID: 1804)
      • msedgewebview2.exe (PID: 1184)

    • Application launched itself

      • msedgewebview2.exe (PID: 1184)

    • Reads security settings of Internet Explorer

      • msedgewebview2.exe (PID: 1184)

  • INFO

    • The sample compiled with english language support

      • msiexec.exe (PID: 6992)
      • msiexec.exe (PID: 2568)
      • ManualFinderApp.exe (PID: 1804)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 6992)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 6992)
      • msiexec.exe (PID: 2568)
      • msedgewebview2.exe (PID: 7116)
      • msedgewebview2.exe (PID: 1184)
      • msedgewebview2.exe (PID: 6752)

    • Reads the software policy settings

      • msiexec.exe (PID: 6992)
      • msiexec.exe (PID: 2568)
      • ManualFinderApp.exe (PID: 1804)
      • msedgewebview2.exe (PID: 1184)

    • Reads the computer name

      • msiexec.exe (PID: 2568)
      • msedgewebview2.exe (PID: 1184)
      • ManualFinderApp.exe (PID: 1804)
      • msedgewebview2.exe (PID: 6752)
      • msedgewebview2.exe (PID: 4780)

    • Checks supported languages

      • msiexec.exe (PID: 2568)
      • msedgewebview2.exe (PID: 7116)
      • ManualFinderApp.exe (PID: 1804)
      • msedgewebview2.exe (PID: 2684)
      • msedgewebview2.exe (PID: 6752)
      • msedgewebview2.exe (PID: 4780)
      • msedgewebview2.exe (PID: 2716)
      • msedgewebview2.exe (PID: 3652)
      • msedgewebview2.exe (PID: 1184)

    • Checks proxy server information

      • msiexec.exe (PID: 6992)
      • msedgewebview2.exe (PID: 1184)

    • Manages system restore points

      • SrTasks.exe (PID: 2304)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 2568)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 2568)
      • msedgewebview2.exe (PID: 1184)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2568)

    • Create files in a temporary directory

      • msedgewebview2.exe (PID: 1184)
      • ManualFinderApp.exe (PID: 1804)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: ManualFinderApp
Author: ManualFinder
Keywords: Installer
Comments: This installer database contains the logic and data required to install ManualFinderApp.
Template: Intel;1033
RevisionNumber: {75C8F397-00C0-48D9-8F5F-C7AED3D9B33A}
CreateDate: 2025:07:21 08:45:52
ModifyDate: 2025:07:21 08:45:52
Pages: 500
Words: 10
Software: Windows Installer XML Toolset (3.14.1.8722)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
133
Monitored processes
17
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs manualfinderapp.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1032cmd.exe /c start "" "C:\Users\admin\AppData\Local\ManualFinder\ManualFinderApp.exe"C:\Windows\System32\cmd.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\apphelp.dll
1184"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=ManualFinderApp.exe --user-data-dir="C:\Users\admin\AppData\Local\ManualFinder\webview_data\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=1804.5828.6324645755674236927C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe
ManualFinderApp.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
103.0.1264.77
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\telclient.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\oneds.dll
c:\windows\system32\windows.networking.connectivity.dll
c:\windows\system32\diagnosticdataquery.dll
c:\windows\system32\windows.system.diagnostics.telemetry.platformtelemetryclient.dll
c:\windows\system32\bitsproxy.dll
c:\windows\system32\coremessaging.dll
c:\windows\system32\coreuicomponents.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedgewebview2.exe
c:\windows\system32\ntdll.dll
1804"C:\Users\admin\AppData\Local\ManualFinder\ManualFinderApp.exe" C:\Users\admin\AppData\Local\ManualFinder\ManualFinderApp.exe
cmd.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\appdata\local\manualfinder\manualfinderapp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
2140\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
2304C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:15C:\Windows\System32\SrTasks.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
2568C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2684"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ManualFinder\webview_data\EBWebView" --webview-exe-name=ManualFinderApp.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2280 --field-trial-handle=1720,i,11359458052859969708,16650719116270711408,131072 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:8C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
103.0.1264.77
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
2716"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ManualFinder\webview_data\EBWebView" --webview-exe-name=ManualFinderApp.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --autoplay-policy=no-user-gesture-required --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1720,i,11359458052859969708,16650719116270711408,131072 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:1C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
103.0.1264.77
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
3636"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ManualFinder\webview_data\EBWebView" --webview-exe-name=ManualFinderApp.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2636 --field-trial-handle=1720,i,11359458052859969708,16650719116270711408,131072 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:8C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
103.0.1264.77
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
3652"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=entity_extraction --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ManualFinder\webview_data\EBWebView" --webview-exe-name=ManualFinderApp.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=4032 --field-trial-handle=1720,i,11359458052859969708,16650719116270711408,131072 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:8C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
103.0.1264.77
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
Total events
15 136
Read events
14 851
Write events
271
Delete events
14

Modification events

(PID) Process:(2568) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4800000000000000530A4A9956FADB01080A00003C060000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2568) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000530A4A9956FADB01080A00003C060000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2568) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
15
(PID) Process:(6276) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Leave)
Value:
480000000000000029D4FC9956FADB0184180000180F0000E80300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2568) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000DE709D9956FADB01080A00003C060000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2568) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000DE709D9956FADB01080A00003C060000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2568) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000DE709D9956FADB01080A00003C060000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2568) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
48000000000000004AD59F9956FADB01080A00003C060000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2568) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
4800000000000000AFA9F59956FADB01080A00003C060000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2568) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000AFA9F59956FADB01080A0000B41B0000E80300000100000000000000000000005360FAF4C8150547BE1386FB43BD6A6800000000000000000000000000000000
Executable files
7
Suspicious files
86
Text files
28
Unknown types
31

Dropped files

PID
Process
Filename
Type
6752msedgewebview2.exeC:\Users\admin\AppData\Local\ManualFinder\webview_data\EBWebView\Default\Network\Network Persistent Statebinary
MD5:9E0969AA80829EFA8A80DD7B4F2D2EF5
SHA256:7657F1818EB39184BA0AD0D20EE75A160AB826C1C73DB0047545ED89038C4758
4236msedgewebview2.exeC:\Users\admin\AppData\Local\Temp\1184_957523545\Part-ESbinary
MD5:4BD0EC01B325A901CA95D03DCB3D0B78
SHA256:F47F8980472678DD2CAF6C728411EA4A2611C2EED99938CCF4A158296C0A0830
1184msedgewebview2.exeC:\Users\admin\AppData\Local\ManualFinder\webview_data\EBWebView\Default\Preferencesbinary
MD5:EF46348654962BB8E1D06004597900BC
SHA256:9420E8215C47BBFA30CCFFFB93EC3BD1F93A53370C0A751450D8E101A7E8430D
1184msedgewebview2.exeC:\Users\admin\AppData\Local\ManualFinder\webview_data\EBWebView\Subresource Filter\Indexed Rules\35\10.34.0.80\Indexing in Progress
MD5:
SHA256:
6752msedgewebview2.exeC:\Users\admin\AppData\Local\ManualFinder\webview_data\EBWebView\Default\Network\Network Persistent State~RF17377b.TMPbinary
MD5:2800881C775077E1C4B6E06BF4676DE4
SHA256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
4236msedgewebview2.exeC:\Users\admin\AppData\Local\Temp\1184_957523545\adblock_snippet.jsbinary
MD5:F5C93C471485F4B9AB45260518C30267
SHA256:9AA899E0BF660EE8F894B97C28F05DB06CC486915953B7F3B2FF9902FA8DA690
1184msedgewebview2.exeC:\Users\admin\AppData\Local\ManualFinder\webview_data\EBWebView\819cc6d1-3420-4028-957b-92fef3976611.tmpbinary
MD5:F48DF5356AE9FEB1A3B25072C53DC707
SHA256:85875A4970BD8784D3FA2D7AAE6BE98BB2D130E4D3F73E5D8CBC7B2E793F5304
4236msedgewebview2.exeC:\Users\admin\AppData\Local\Temp\1184_957523545\manifest.jsonbinary
MD5:A4EDF901D950A9758FFE578FF1B03212
SHA256:AACA603FA9D65FEFEAA198A93D03F2511DE66B6398CC34DDE6233EAB492EEBFD
4236msedgewebview2.exeC:\Users\admin\AppData\Local\Temp\1184_957523545\Part-DEbinary
MD5:68A6F5D3E851F477B99C00E716B9640B
SHA256:CBAB2692330B73E6DAB4705E0BA5D9BC7829912B7C09EAF5C5F8E6C5E219E2DD
1184msedgewebview2.exeC:\Users\admin\AppData\Local\ManualFinder\webview_data\EBWebView\Local State~RF1735c5.TMPbinary
MD5:EAF6D9FECD84608899A6C0D71DE9BF89
SHA256:FFB80096D0874A02DBF6808D7AB3DB9F1E189315D700A102E6D1300282038DD5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
34
DNS requests
28
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2092
firefox.exe
POST
200
2.17.190.73:80
http://ocsp.digicert.com/
unknown
whitelisted
6992
msiexec.exe
GET
200
65.9.95.54:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQg3SSkKA74hABkhmlBtJTz8w3hlAQU%2BWC71OPVNPa49QaAJadz20ZpqJ4CEEJLalPOx2YUHCpjsaUcQQQ%3D
unknown
whitelisted
6992
msiexec.exe
GET
304
208.89.74.29:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4ec41a6facd0570f
unknown
whitelisted
4516
MoUsoCoreWorker.exe
GET
304
208.89.74.29:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1718daec733cff94
unknown
whitelisted
5268
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9530bc3d-28ec-4dca-8d8d-874a68b1b861?P1=1753184040&P2=404&P3=2&P4=BSlWPXXEzvrRJEKbCQH8OUuxcDgeR8CILc3DHe03og%2f4614H1yfHaz54Hem6dfShKRx8mmuiX0Kz7MpMu0j1Ng%3d%3d
unknown
whitelisted
1524
svchost.exe
GET
200
2.18.64.212:80
http://www.msftconnecttest.com/connecttest.txt
unknown
whitelisted
2840
svchost.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?eaae09f3d09b7550
unknown
whitelisted
5268
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9530bc3d-28ec-4dca-8d8d-874a68b1b861?P1=1753184040&P2=404&P3=2&P4=BSlWPXXEzvrRJEKbCQH8OUuxcDgeR8CILc3DHe03og%2f4614H1yfHaz54Hem6dfShKRx8mmuiX0Kz7MpMu0j1Ng%3d%3d
unknown
whitelisted
5268
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9530bc3d-28ec-4dca-8d8d-874a68b1b861?P1=1753184040&P2=404&P3=2&P4=BSlWPXXEzvrRJEKbCQH8OUuxcDgeR8CILc3DHe03og%2f4614H1yfHaz54Hem6dfShKRx8mmuiX0Kz7MpMu0j1Ng%3d%3d
unknown
whitelisted
5268
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9530bc3d-28ec-4dca-8d8d-874a68b1b861?P1=1753184040&P2=404&P3=2&P4=BSlWPXXEzvrRJEKbCQH8OUuxcDgeR8CILc3DHe03og%2f4614H1yfHaz54Hem6dfShKRx8mmuiX0Kz7MpMu0j1Ng%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2516
rundll32.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
52.109.32.97:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
6476
OfficeC2RClient.exe
52.109.32.97:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
1524
svchost.exe
2.18.64.200:80
Administracion Nacional de Telecomunicaciones
UY
unknown
6768
pingsender.exe
34.120.208.123:443
incoming.telemetry.mozilla.org
GOOGLE-CLOUD-PLATFORM
US
whitelisted
34.120.208.123:443
incoming.telemetry.mozilla.org
GOOGLE-CLOUD-PLATFORM
US
whitelisted
2092
firefox.exe
34.120.208.123:443
incoming.telemetry.mozilla.org
GOOGLE-CLOUD-PLATFORM
US
whitelisted
2092
firefox.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
6992
msiexec.exe
208.89.74.29:80
ctldl.windowsupdate.com
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
officeclient.microsoft.com
  • 52.109.32.97
whitelisted
incoming.telemetry.mozilla.org
  • 34.120.208.123
whitelisted
telemetry-incoming.r53-2.services.mozilla.com
  • 34.120.208.123
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
e3913.cd.akamaiedge.net
  • 2.17.190.73
unknown
google.com
  • 142.250.186.110
whitelisted
ctldl.windowsupdate.com
  • 208.89.74.29
  • 208.89.74.19
  • 208.89.74.21
  • 208.89.74.31
  • 208.89.74.23
  • 208.89.74.17
  • 208.89.74.27
  • 199.232.214.172
  • 199.232.210.172
whitelisted
ocsps.ssl.com
  • 65.9.95.54
  • 65.9.95.107
  • 65.9.95.93
  • 65.9.95.81
whitelisted
login.live.com
  • 40.126.31.69
  • 40.126.31.67
  • 20.190.159.128
  • 40.126.31.128
  • 40.126.31.130
  • 20.190.159.129
  • 20.190.159.130
  • 40.126.31.73
whitelisted

Threats

PID
Process
Class
Message
1524
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\ManualFinder\webview_data directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
d0838244e7ebd0b4bd7d7486745346af6b9b3509e9a79b2526dcfea9d83c6b74.bin