URL:

https://keyupdate.monster/index9.php?flow_id=109&cid=171522222310000TPHTV62001R4451R8481R8800Rcd11Rc330R75eaRb89c6Vee&zone=7585458-3775522587-4269441498&keyword=YourFileIsReady&time=1715222223&lang=en&country=PH&campaign=381389820

Full analysis: https://app.any.run/tasks/67fb0a1e-9396-47f6-a7fb-ff3678014033
Verdict: Malicious activity
Analysis date: May 09, 2024, 02:37:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

296F4F5EDCD53FF534A7BC4815C5F409

SHA1:

B7A649349272FD7ACE9DCDFD58B30A861F4329F8

SHA256:

E5A8BC80E59E99200B2148CD19EB2BE64B6F9DF6B626417B186AE1321E8E8902

SSDEEP:

6:2VfMZJxVx8B3Trn7VEXuG6qt2PQ8Epm31xTtE/:2JMV23vZEej/E8FhtE/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 1136)
      • MentalMentor.exe (PID: 1900)
      • MentalMentor.exe (PID: 2944)
      • MentalMentor.tmp (PID: 1248)
      • 7z.exe (PID: 2400)
      • 7z.exe (PID: 3564)
      • 7z.exe (PID: 2844)
      • luminati.exe (PID: 3228)
      • net_updater32.exe (PID: 2376)
      • luminati.exe (PID: 368)
      • av360_inst.exe (PID: 1596)
      • luminati.exe (PID: 1644)
      • luminati.exe (PID: 2272)

    • Creates a writable file in the system directory

      • net_updater32.exe (PID: 2376)

    • Changes the autorun value in the registry

      • mentalmentor.exe (PID: 1864)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 3812)
      • WinRAR.exe (PID: 3916)
      • luminati.exe (PID: 3228)
      • av360_inst.exe (PID: 1596)

    • Application launched itself

      • WinRAR.exe (PID: 3812)

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 3916)
      • 7z.exe (PID: 2400)
      • luminati.exe (PID: 3228)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 1136)
      • MentalMentor.tmp (PID: 1248)

    • Executable content was dropped or overwritten

      • MentalMentor.exe (PID: 1900)
      • MentalMentor.exe (PID: 2944)
      • MentalMentor.tmp (PID: 1248)
      • 7z.exe (PID: 2400)
      • 7z.exe (PID: 3564)
      • 7z.exe (PID: 2844)
      • luminati.exe (PID: 3228)
      • net_updater32.exe (PID: 2376)
      • luminati.exe (PID: 368)
      • av360_inst.exe (PID: 1596)
      • luminati.exe (PID: 1644)
      • luminati.exe (PID: 2272)

    • Drops 7-zip archiver for unpacking

      • MentalMentor.tmp (PID: 1248)

    • The process drops C-runtime libraries

      • 7z.exe (PID: 2400)
      • luminati.exe (PID: 3228)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • MentalMentor.tmp (PID: 1248)

    • Searches for installed software

      • MentalMentor.tmp (PID: 1248)

    • Detected use of alternative data streams (AltDS)

      • luminati.exe (PID: 3228)
      • net_updater32.exe (PID: 2376)
      • luminati.exe (PID: 368)
      • luminati.exe (PID: 1644)

    • Reads settings of System Certificates

      • luminati.exe (PID: 3228)
      • net_updater32.exe (PID: 2952)
      • mentalmentor.exe (PID: 1864)
      • QtWebEngineProcess.exe (PID: 1696)

    • Adds/modifies Windows certificates

      • luminati.exe (PID: 3228)
      • QtWebEngineProcess.exe (PID: 1696)

    • Executes as Windows Service

      • net_updater32.exe (PID: 2376)

    • Checks Windows Trust Settings

      • net_updater32.exe (PID: 2376)

    • Reads the Internet Settings

      • luminati.exe (PID: 3228)
      • mentalmentor.exe (PID: 1864)
      • QtWebEngineProcess.exe (PID: 1696)
      • av360_inst.exe (PID: 1596)
      • luminati.exe (PID: 1644)

    • Potential Corporate Privacy Violation

      • net_updater32.exe (PID: 2376)
      • av360_inst.exe (PID: 1596)

    • Process requests binary or script from the Internet

      • av360_inst.exe (PID: 1596)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 3960)
      • msiexec.exe (PID: 1136)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1132)
      • msiexec.exe (PID: 1136)
      • msiexec.exe (PID: 2368)
      • MentalMentor.tmp (PID: 1856)
      • MentalMentor.tmp (PID: 1248)
      • test_wpf.exe (PID: 3376)
      • luminati.exe (PID: 3228)
      • net_updater32.exe (PID: 2952)
      • net_updater32.exe (PID: 2376)
      • test_wpf.exe (PID: 3656)
      • idle_report.exe (PID: 2876)
      • brightdata.exe (PID: 1520)
      • mentalmentor.exe (PID: 1864)
      • test_wpf.exe (PID: 3924)
      • QtWebEngineProcess.exe (PID: 1696)
      • luminati.exe (PID: 368)
      • QtWebEngineProcess.exe (PID: 3272)
      • av360_inst.exe (PID: 1596)
      • test_wpf.exe (PID: 3032)
      • luminati.exe (PID: 1644)
      • luminati.exe (PID: 2272)
      • test_wpf.exe (PID: 600)

    • Checks supported languages

      • wmpnscfg.exe (PID: 1132)
      • msiexec.exe (PID: 1136)
      • msiexec.exe (PID: 2368)
      • MentalMentor.exe (PID: 1900)
      • MentalMentor.tmp (PID: 1856)
      • MentalMentor.exe (PID: 2944)
      • MentalMentor.tmp (PID: 1248)
      • 7z.exe (PID: 2400)
      • 7z.exe (PID: 3564)
      • 7z.exe (PID: 2844)
      • 7z.exe (PID: 1820)
      • luminati.exe (PID: 3228)
      • test_wpf.exe (PID: 3376)
      • net_updater32.exe (PID: 2952)
      • net_updater32.exe (PID: 2376)
      • test_wpf.exe (PID: 3656)
      • idle_report.exe (PID: 2876)
      • brightdata.exe (PID: 1520)
      • mentalmentor.exe (PID: 1864)
      • mentalmentor_crashpad_handler.exe (PID: 1876)
      • luminati.exe (PID: 368)
      • QtWebEngineProcess.exe (PID: 860)
      • QtWebEngineProcess.exe (PID: 1696)
      • test_wpf.exe (PID: 3924)
      • av360_inst.exe (PID: 1596)
      • QtWebEngineProcess.exe (PID: 3272)
      • luminati.exe (PID: 1644)
      • test_wpf.exe (PID: 3032)
      • luminati.exe (PID: 2272)
      • test_wpf.exe (PID: 600)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1132)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 3812)
      • msedge.exe (PID: 3272)
      • msedge.exe (PID: 3960)
      • msedge.exe (PID: 2792)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 1064)
      • WinRAR.exe (PID: 3916)
      • msedge.exe (PID: 3960)
      • msiexec.exe (PID: 1136)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3916)
      • msedge.exe (PID: 3960)
      • msedge.exe (PID: 1064)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 1136)
      • msiexec.exe (PID: 2368)
      • MentalMentor.tmp (PID: 1248)
      • luminati.exe (PID: 3228)
      • test_wpf.exe (PID: 3376)
      • net_updater32.exe (PID: 2952)
      • net_updater32.exe (PID: 2376)
      • test_wpf.exe (PID: 3656)
      • mentalmentor.exe (PID: 1864)
      • idle_report.exe (PID: 2876)
      • brightdata.exe (PID: 1520)
      • luminati.exe (PID: 368)
      • test_wpf.exe (PID: 3924)
      • av360_inst.exe (PID: 1596)
      • QtWebEngineProcess.exe (PID: 1696)
      • luminati.exe (PID: 1644)
      • test_wpf.exe (PID: 3032)
      • luminati.exe (PID: 2272)
      • test_wpf.exe (PID: 600)

    • Create files in a temporary directory

      • msiexec.exe (PID: 1944)
      • MentalMentor.exe (PID: 1900)
      • MentalMentor.exe (PID: 2944)
      • MentalMentor.tmp (PID: 1248)
      • av360_inst.exe (PID: 1596)

    • Creates a software uninstall entry

      • MentalMentor.tmp (PID: 1248)

    • Creates files in the program directory

      • luminati.exe (PID: 3228)
      • net_updater32.exe (PID: 2952)
      • net_updater32.exe (PID: 2376)
      • brightdata.exe (PID: 1520)
      • luminati.exe (PID: 368)
      • luminati.exe (PID: 1644)
      • luminati.exe (PID: 2272)

    • Reads the software policy settings

      • luminati.exe (PID: 3228)
      • net_updater32.exe (PID: 2952)
      • net_updater32.exe (PID: 2376)
      • QtWebEngineProcess.exe (PID: 1696)

    • Reads Environment values

      • luminati.exe (PID: 3228)
      • net_updater32.exe (PID: 2376)
      • brightdata.exe (PID: 1520)
      • luminati.exe (PID: 368)
      • luminati.exe (PID: 1644)
      • luminati.exe (PID: 2272)

    • Process checks computer location settings

      • luminati.exe (PID: 3228)
      • net_updater32.exe (PID: 2376)
      • QtWebEngineProcess.exe (PID: 860)
      • luminati.exe (PID: 368)
      • luminati.exe (PID: 1644)
      • luminati.exe (PID: 2272)

    • Creates files or folders in the user directory

      • luminati.exe (PID: 3228)
      • QtWebEngineProcess.exe (PID: 1696)
      • av360_inst.exe (PID: 1596)

    • Checks proxy server information

      • luminati.exe (PID: 3228)
      • av360_inst.exe (PID: 1596)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
122
Monitored processes
73
Malicious processes
14
Suspicious processes
5

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs PhotoViewer.dll no specs winrar.exe msiexec.exe no specs msiexec.exe msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs mentalmentor.exe mentalmentor.tmp no specs mentalmentor.exe mentalmentor.tmp msedge.exe no specs msedge.exe no specs 7z.exe 7z.exe 7z.exe 7z.exe no specs netsh.exe no specs netsh.exe no specs luminati.exe test_wpf.exe no specs net_updater32.exe net_updater32.exe msedge.exe no specs test_wpf.exe no specs idle_report.exe no specs brightdata.exe no specs mentalmentor.exe mentalmentor_crashpad_handler.exe no specs opera_inst.exe no specs luminati.exe qtwebengineprocess.exe qtwebengineprocess.exe no specs test_wpf.exe no specs av360_inst.exe qtwebengineprocess.exe no specs luminati.exe test_wpf.exe no specs luminati.exe test_wpf.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
112"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1640 --field-trial-handle=1356,i,14423893273207465292,14362824855513432262,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
304"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1356,i,14423893273207465292,14362824855513432262,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
324"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1356,i,14423893273207465292,14362824855513432262,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
368C:\Users\admin\mentalmentor\luminati\luminati.exe is_switch_onC:\Users\admin\mentalmentor\luminati\luminati.exe
mentalmentor.exe
User:
admin
Integrity Level:
HIGH
Exit code:
101
Modules
Images
c:\users\admin\mentalmentor\luminati\luminati.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\mentalmentor\luminati\lum_sdk32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
552"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1356,i,14423893273207465292,14362824855513432262,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
600C:\ProgramData\BrightData\1c38ac4e31598c50e45dd311c7d362929c5fedd9\test_wpf.exeC:\ProgramData\BrightData\1c38ac4e31598c50e45dd311c7d362929c5fedd9\test_wpf.exeluminati.exe
User:
admin
Company:
BrightData Ltd.
Integrity Level:
HIGH
Description:
test_wpf
Exit code:
0
Version:
1.429.308
Modules
Images
c:\programdata\brightdata\1c38ac4e31598c50e45dd311c7d362929c5fedd9\test_wpf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
736"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3376 --field-trial-handle=1356,i,14423893273207465292,14362824855513432262,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
748"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1356,i,14423893273207465292,14362824855513432262,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
860"C:\Users\admin\mentalmentor\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-gpu-compositing --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=2120 /prefetch:1C:\Users\admin\mentalmentor\QtWebEngineProcess.exementalmentor.exe
User:
admin
Company:
The Qt Company Ltd.
Integrity Level:
LOW
Description:
C++ Application Development Framework
Version:
5.15.2.0
Modules
Images
c:\users\admin\mentalmentor\qtwebengineprocess.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\mentalmentor\qt5core.dll
c:\windows\system32\mpr.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\profapi.dll
936"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3928 --field-trial-handle=1356,i,14423893273207465292,14362824855513432262,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
83 977
Read events
83 407
Write events
511
Delete events
59

Modification events

(PID) Process:(3960) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3960) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3960) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3960) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3960) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3960) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(3960) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(3960) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
3F20EF9692762F00
(PID) Process:(3960) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\FirstNotDefault
Operation:delete valueName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
(PID) Process:(3960) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
Executable files
74
Suspicious files
305
Text files
80
Unknown types
4

Dropped files

PID
Process
Filename
Type
3960msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\f87bace7-0cff-4180-bf9c-63c8162420d1.tmp
MD5:
SHA256:
3960msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF103990.TMP
MD5:
SHA256:
3960msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3960msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF1039bf.TMP
MD5:
SHA256:
3960msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3960msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF103ab9.TMP
MD5:
SHA256:
3960msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
3984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pmabinary
MD5:C612E96CBFAC63232FC2062E15600FB1
SHA256:DB3C05D5EC0B6719A73E7F0BE84BCE9342772DA70567E7CE08CF6573480B38FF
3960msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:A6EBC0D32A7B9304824D19DB63B4E37A
SHA256:E991057C2B1718A151C5FD06E1C153F57130D195454A1F94C8C4C20971697093
3984msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pma~RF102caf.TMPbinary
MD5:886E82F2CA62ECCCE64601B30592078A
SHA256:E5E13D53601100FF3D6BB71514CBCCC4C73FE9B7EF5E930100E644187B42948E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
199
DNS requests
125
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1696
QtWebEngineProcess.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/rootr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHUeP1PjGFkz6V8I7O6tApc%3D
unknown
unknown
2376
net_updater32.exe
GET
304
92.122.225.235:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0421d54cc71012cf
unknown
unknown
2376
net_updater32.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
unknown
2376
net_updater32.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA4SYN8HbX1atPqRDi932Tc%3D
unknown
unknown
2376
net_updater32.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
unknown
1696
QtWebEngineProcess.exe
GET
200
104.91.65.26:80
http://x1.c.lencr.org/
unknown
unknown
1596
av360_inst.exe
GET
200
52.29.179.141:80
http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.Mediaget.CPI202403&os=6.1&mid=b8c075ec50c0ffb37ec9c97cc27794fb&state=153
unknown
unknown
1596
av360_inst.exe
GET
200
52.29.179.141:80
http://s.360safe.com/safei18n/query_env.htm?v611=DgY0MAEI%2BbaDvwABAABJi9CbDyxjYazYHlYzhxcKDxkCGuDQbEUjVeqhP4ej58LDYeG8kBXPPyp%2F87LDF9XKkrrJt87vjP0GNVVI4Ch7uyicAowdXvtK%2F0%2FQmglopbOWn0VMDk1kjEI1%2FM1gKIp8mCC3VDjt3Jj1jFZ5TqkEn5g%2BZm61v%2B54qkXEXPZru6Zq0F9IorMZniT73osp%2Fb410IoEf9Cv7sQtJwyl%2Bf4DoFCSWTTBSzpkp0NM6tO9RgITZGjbSKxihhEbx9YnqpkFG4pl8RhsEbYgIozeTen4g0DpjZIsJGsYOGJvOxj59MeynFfD%2B69i50Jchqy0hxLMZv%2B2mN3fXxSPkeQZeh6wQgjDwkF1yvxtTNiBrNJ9qSScGFiFwg10Ze7HRUfVY34knBhYhcINdGXux0VH1WN%2BJqscYy27vNoI3vrZvCLSNMQk5%2FZyGZHcm%2BPkFMlKq%2FsQQPV88vdByiZ31CMFIsw4zesAJZ0jnBXKkRah8W86GQ%3D%3D
unknown
unknown
1696
QtWebEngineProcess.exe
GET
200
92.123.48.139:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPuBCWJ4Ldll3mzZbNrkV6nRw%3D%3D
unknown
unknown
1596
av360_inst.exe
GET
200
151.236.71.147:80
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
3960
msedge.exe
239.255.255.250:1900
unknown
1064
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1064
msedge.exe
172.67.170.80:443
keyupdate.monster
CLOUDFLARENET
US
unknown
1064
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1064
msedge.exe
142.250.186.106:443
fonts.googleapis.com
GOOGLE
US
whitelisted
1064
msedge.exe
142.250.186.99:443
fonts.gstatic.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
keyupdate.monster
  • 172.67.170.80
  • 104.21.71.93
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
fonts.googleapis.com
  • 142.250.186.106
whitelisted
fonts.gstatic.com
  • 142.250.186.99
whitelisted
coffecoffe.com
  • 188.114.96.3
  • 188.114.97.3
unknown
www.bing.com
  • 79.140.80.51
  • 79.140.80.56
  • 92.122.225.130
  • 79.140.80.48
  • 92.122.225.139
  • 92.122.225.145
  • 92.122.225.147
  • 79.140.80.50
  • 79.140.80.65
  • 92.122.225.107
  • 92.122.225.121
  • 92.122.225.112
  • 79.140.80.73
  • 92.122.225.96
  • 92.122.225.97
  • 79.140.80.66
  • 92.122.225.83
  • 92.122.225.113
  • 92.122.225.122
  • 92.122.225.115
  • 79.140.80.72
  • 79.140.80.81
  • 79.140.80.80
  • 92.122.225.137
  • 79.140.80.74
whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 79.140.80.9
  • 79.140.80.27
whitelisted
drive.google.com
  • 142.250.185.78
shared
www.gstatic.com
  • 142.250.186.163
whitelisted

Threats

PID
Process
Class
Message
1064
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
1088
svchost.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .biz TLD
2376
net_updater32.exe
Potential Corporate Privacy Violation
ET POLICY Dropbox.com Offsite File Backup in Use
1596
av360_inst.exe
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)
1596
av360_inst.exe
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false)
1596
av360_inst.exe
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true)
1596
av360_inst.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1696
QtWebEngineProcess.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
1696
QtWebEngineProcess.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
1696
QtWebEngineProcess.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
Process
Message
msedge.exe
[0509/034016.761:ERROR:process_info.cc(617)] range at 0x0, size 0x18 fully unreadable
msedge.exe
[0509/034016.785:ERROR:process_info.cc(617)] range at 0x0, size 0x18 fully unreadable
msedge.exe
[0509/034018.519:ERROR:filesystem_win.cc(130)] GetFileAttributes C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\attachments\f12a5627-458a-4a5d-82d6-9a099a9f35f7: The system cannot find the file specified. (0x2)
msedge.exe
[0509/034018.520:ERROR:filesystem_win.cc(130)] GetFileAttributes C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\attachments\f12a5627-458a-4a5d-82d6-9a099a9f35f7: The system cannot find the file specified. (0x2)
msedge.exe
[0509/034022.794:ERROR:filesystem_win.cc(130)] GetFileAttributes C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\attachments\f12a5627-458a-4a5d-82d6-9a099a9f35f7: The system cannot find the file specified. (0x2)
msedge.exe
[0509/034022.794:ERROR:filesystem_win.cc(130)] GetFileAttributes C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\attachments\f12a5627-458a-4a5d-82d6-9a099a9f35f7: The system cannot find the file specified. (0x2)
mentalmentor.exe
QWindowsEGLStaticContext::create: When using ANGLE, check if d3dcompiler_4x.dll is available
mentalmentor.exe
QWindowsEGLStaticContext::create: Could not initialize EGL display: error 0x3001
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://keyupdate.monster/index9.php?flow_id=109&cid=171522222310000TPHTV62001R4451R8481R8800Rcd11Rc330R75eaRb89c6Vee&zone=7585458-3775522587-4269441498&keyword=YourFileIsReady&time=1715222223&lang=en&country=PH&campaign=381389820