URL:

https://mega.nz/file/QbJRyA4Z#wLciHpokf1s9u2r5lnKvueRFGvqu112kF7TNGMOXv2s

Full analysis: https://app.any.run/tasks/e78f2d2c-ba78-44c5-9358-bda61755c835
Verdict: Malicious activity
Analysis date: December 20, 2025, 05:27:59
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
possible-phishing
phish-url
Indicators:
MD5:

A9D3317DF6C025836013CF0B56B9A00A

SHA1:

98C912F1FECAFAF7B4DA8A4019027D3667EF6CC4

SHA256:

E075050B91D94C4B66CCD0AAD62E667550FB4C9F87BB268CF8F9CE9F8B7A7DBB

SSDEEP:

3:N8X/i2kfpG0K108YV3jwaan:2cfvV3i

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8824)

  • SUSPICIOUS

    • Possibly a phishing URL contains email has been detected

      • msedge.exe (PID: 7524)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 1172)

    • Reads security settings of Internet Explorer

      • HandBrake.exe (PID: 2364)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8116)
      • HandBrake.exe (PID: 8388)

    • Process drops legitimate windows executable

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8540)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8116)
      • msiexec.exe (PID: 1172)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8824)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8540)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8116)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8824)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8116)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8824)

    • Searches for installed software

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8116)

    • Starts itself from another location

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8116)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 1172)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 1172)

  • INFO

    • Reads the computer name

      • msiexec.exe (PID: 1172)
      • msiexec.exe (PID: 8344)
      • identity_helper.exe (PID: 8124)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8116)
      • HandBrake.exe (PID: 2364)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8824)
      • msiexec.exe (PID: 8964)
      • msiexec.exe (PID: 2748)
      • msiexec.exe (PID: 2488)
      • HandBrake.exe (PID: 8388)
      • msiexec.exe (PID: 8928)

    • Manual execution by a user

      • WinRAR.exe (PID: 8220)
      • msiexec.exe (PID: 7268)
      • HandBrake.exe (PID: 2364)
      • HandBrake.exe (PID: 8388)

    • Checks supported languages

      • msiexec.exe (PID: 1172)
      • identity_helper.exe (PID: 8124)
      • msiexec.exe (PID: 8344)
      • HandBrake.exe (PID: 2364)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8540)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8116)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8824)
      • msiexec.exe (PID: 8964)
      • msiexec.exe (PID: 2748)
      • msiexec.exe (PID: 8928)
      • msiexec.exe (PID: 2488)
      • HandBrake.exe (PID: 8388)

    • Reads Environment values

      • identity_helper.exe (PID: 8124)
      • msiexec.exe (PID: 8344)

    • The sample compiled with english language support

      • msiexec.exe (PID: 1172)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8540)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8116)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8824)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 1172)
      • msedge.exe (PID: 7524)

    • Application launched itself

      • msedge.exe (PID: 7524)
      • msedge.exe (PID: 144)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 1172)
      • HandBrake.exe (PID: 8388)

    • Checks proxy server information

      • slui.exe (PID: 5612)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 1172)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8824)

    • Create files in a temporary directory

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8540)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8116)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8824)

    • Process checks computer location settings

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8116)
      • HandBrake.exe (PID: 8388)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8824)
      • msiexec.exe (PID: 1172)
      • HandBrake.exe (PID: 8388)

    • Launching a file from a Registry key

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8824)

    • Creates files in the program directory

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 8824)
      • HandBrake.exe (PID: 8388)

    • Reads CPU info

      • HandBrake.exe (PID: 8388)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
210
Monitored processes
57
Malicious processes
1
Suspicious processes
3

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs slui.exe msiexec.exe no specs msiexec.exe msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs handbrake.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-6.0.36-win-x64.exe windowsdesktop-runtime-6.0.36-win-x64.exe msedge.exe no specs windowsdesktop-runtime-6.0.36-win-x64.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs handbrake.exe

Process information

PID
CMD
Path
Indicators
Parent process
144"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.25&gui=trueC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeHandBrake.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1172C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1236"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5576,i,3794253049859466099,764603301253912273,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
1568"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6664,i,3794253049859466099,764603301253912273,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1956"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7248,i,3794253049859466099,764603301253912273,262144 --variations-seed-version --mojo-platform-channel-handle=5796 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2016"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5764,i,3794253049859466099,764603301253912273,262144 --variations-seed-version --mojo-platform-channel-handle=7952 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2364"C:\Users\admin\AppData\Roaming\Munqu Solaps\Handbrake Tp\HandBrake.exe" C:\Users\admin\AppData\Roaming\Munqu Solaps\Handbrake Tp\HandBrake.exe
explorer.exe
User:
admin
Company:
HandBrake Team
Integrity Level:
MEDIUM
Description:
HandBrake
Exit code:
2147516547
Version:
1.7.2.0
Modules
Images
c:\users\admin\appdata\roaming\munqu solaps\handbrake tp\handbrake.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2488C:\Windows\syswow64\MsiExec.exe -Embedding C1EBA12201C8768B6265A6557D7D10A9C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2748C:\Windows\syswow64\MsiExec.exe -Embedding F7A247AC631B0B3250778629653285CFC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3464"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7852,i,3794253049859466099,764603301253912273,262144 --variations-seed-version --mojo-platform-channel-handle=7220 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
19 890
Read events
18 829
Write events
1 008
Delete events
53

Modification events

(PID) Process:(8220) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(8220) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(8220) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(8220) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\Hand_brake.zip
(PID) Process:(8220) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(8220) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(8220) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(8220) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1172) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
94040000F5E2508A7171DC01
(PID) Process:(1172) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
F5154D09327E4D33CC17C7FE638739C76086A7123D5CDD42C7D26B08872503EE
Executable files
534
Suspicious files
185
Text files
373
Unknown types
2

Dropped files

PID
Process
Filename
Type
7524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFfe7c7.TMP
MD5:
SHA256:
7524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFfe7e6.TMP
MD5:
SHA256:
7524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFfe7e6.TMP
MD5:
SHA256:
7524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFfe7e6.TMP
MD5:
SHA256:
7524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
7524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFfe7f5.TMP
MD5:
SHA256:
7524msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RFfe805.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
219
TCP/UDP connections
127
DNS requests
115
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7844
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=65&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1741678270&lafgdate=0
unknown
text
768 b
unknown
7844
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
text
462 b
whitelisted
7844
msedge.exe
GET
200
104.18.22.222:443
https://copilot.microsoft.com/c/api/user/eligibility
unknown
25 b
whitelisted
7844
msedge.exe
GET
200
31.216.145.5:443
https://mega.nz/secureboot.js?r=1765430884
unknown
128 Kb
unknown
7844
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:8PJ53rRjHC-VsIz1ykuhe7DjfaKz3w81qq3dU-5sGj4&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
7844
msedge.exe
GET
200
31.216.145.5:443
https://mega.nz/loading-sprite_light.png
unknown
8.41 Kb
unknown
7844
msedge.exe
GET
200
31.216.145.5:443
https://mega.nz/favicon.ico?v=3
unknown
6.37 Kb
unknown
7844
msedge.exe
GET
200
31.216.145.5:443
https://mega.nz/file/QbJRyA4Z
unknown
html
2.05 Kb
unknown
7844
msedge.exe
GET
200
2.16.241.201:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
128 Kb
whitelisted
7844
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/autofillservice/core/page/3466826862580339107/8057364779146646335?CIdAlgoVersion=2
unknown
text
5.41 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
1188
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2452
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
3412
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7844
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7844
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7844
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7844
msedge.exe
31.216.145.5:443
mega.nz
MEGA-LIMITED-AS Mega Limited
LU
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.46
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
mega.nz
  • 31.216.145.5
  • 31.216.144.5
whitelisted
copilot.microsoft.com
  • 104.18.22.222
  • 104.18.23.222
whitelisted
www.bing.com
  • 2.16.241.201
  • 2.16.241.218
  • 2.16.241.205
whitelisted
eu.static.mega.co.nz
  • 66.203.127.13
  • 66.203.127.11
  • 66.203.124.37
  • 89.44.169.134
whitelisted
xpaywalletcdn.azureedge.net
  • 13.107.246.45
  • 13.107.213.45
whitelisted
g.api.mega.co.nz
  • 66.203.125.11
  • 66.203.125.12
  • 66.203.125.14
  • 66.203.125.15
  • 66.203.125.13
whitelisted

Threats

No threats detected
Process
Message
HandBrake.exe
You must install .NET to run this application. App: C:\Users\admin\AppData\Roaming\Munqu Solaps\Handbrake Tp\HandBrake.exe Architecture: x64 App host version: 6.0.25 .NET location: Not found Learn about runtime installation: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.25
HandBrake.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 8388. Message ID: [0x2509].
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://mega.nz/file/QbJRyA4Z#wLciHpokf1s9u2r5lnKvueRFGvqu112kF7TNGMOXv2s