URL:

https://whatsapp.en.download.it

Full analysis: https://app.any.run/tasks/cd7777ad-eb7a-4b86-812b-53093b5bae0a
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 24, 2024, 04:19:51
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
adware
innosetup
stealer
loader
netreactor
miner
Indicators:
MD5:

AAF042D161EDF203112B11D94FF1FBE0

SHA1:

21881E08C7172107CAB315162F1B01B5AFBF5E78

SHA256:

E5D5DBBC8BEA5784D250A6AEEF79B18E837C03B040900F3D7CA32815FE8E9B19

SSDEEP:

3:N8cERWEDuNKWQ:2c4v0lQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • whatsapp_essg-61.exe (PID: 7992)
      • whatsapp_essg-61.exe (PID: 3800)
      • whatsapp_essg-61.tmp (PID: 4292)
      • file_essg-61.exe (PID: 7852)
      • file_essg-61.tmp (PID: 7212)
      • prod0.exe (PID: 3908)
      • whatsapp.exe (PID: 7432)
      • qzlbgnza.exe (PID: 5236)
      • UnifiedStub-installer.exe (PID: 6584)
      • Update.exe (PID: 4512)
      • 7za.exe (PID: 8632)
      • 7za.exe (PID: 8236)
      • 7za.exe (PID: 4512)

    • INNOSETUP has been detected (SURICATA)

      • file_essg-61.tmp (PID: 7212)

    • Actions looks like stealing of personal data

      • UnifiedStub-installer.exe (PID: 6584)
      • rsEngineSvc.exe (PID: 7412)
      • rsVPNSvc.exe (PID: 8668)

    • Changes the autorun value in the registry

      • rundll32.exe (PID: 8424)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • cookie_exporter.exe (PID: 7848)
      • whatsapp_essg-61.tmp (PID: 8032)
      • file_essg-61.tmp (PID: 7212)
      • prod0.exe (PID: 3908)
      • Update.exe (PID: 4512)
      • UnifiedStub-installer.exe (PID: 6584)
      • rsWSC.exe (PID: 6784)
      • rsEngineSvc.exe (PID: 4512)
      • rsEDRSvc.exe (PID: 8212)
      • rsVPNSvc.exe (PID: 1452)

    • Executable content was dropped or overwritten

      • whatsapp_essg-61.exe (PID: 7992)
      • whatsapp_essg-61.exe (PID: 3800)
      • whatsapp_essg-61.tmp (PID: 4292)
      • file_essg-61.exe (PID: 7852)
      • file_essg-61.tmp (PID: 7212)
      • prod0.exe (PID: 3908)
      • whatsapp.exe (PID: 7432)
      • qzlbgnza.exe (PID: 5236)
      • UnifiedStub-installer.exe (PID: 6584)
      • Update.exe (PID: 4512)
      • 7za.exe (PID: 8632)
      • 7za.exe (PID: 8236)
      • 7za.exe (PID: 4512)

    • Reads the date of Windows installation

      • whatsapp_essg-61.tmp (PID: 8032)
      • file_essg-61.tmp (PID: 7212)
      • prod0.exe (PID: 3908)
      • Update.exe (PID: 4512)
      • rsEDRSvc.exe (PID: 4748)

    • Reads the Windows owner or organization settings

      • whatsapp_essg-61.tmp (PID: 4292)
      • file_essg-61.tmp (PID: 7212)

    • Access to an unwanted program domain was detected

      • file_essg-61.tmp (PID: 7212)

    • Potential Corporate Privacy Violation

      • file_essg-61.tmp (PID: 7212)

    • Process requests binary or script from the Internet

      • file_essg-61.tmp (PID: 7212)

    • Drops 7-zip archiver for unpacking

      • qzlbgnza.exe (PID: 5236)
      • 7za.exe (PID: 8236)
      • 7za.exe (PID: 4512)

    • Process drops legitimate windows executable

      • qzlbgnza.exe (PID: 5236)
      • Update.exe (PID: 4512)
      • 7za.exe (PID: 8632)
      • 7za.exe (PID: 8236)
      • UnifiedStub-installer.exe (PID: 6584)
      • 7za.exe (PID: 4512)

    • Executes application which crashes

      • file_essg-61.tmp (PID: 7212)

    • Searches for installed software

      • UnifiedStub-installer.exe (PID: 6584)
      • Update.exe (PID: 4512)
      • rsVPNSvc.exe (PID: 8668)

    • Creates a software uninstall entry

      • UnifiedStub-installer.exe (PID: 6584)
      • Update.exe (PID: 4512)

    • Executes as Windows Service

      • rsSyncSvc.exe (PID: 4704)
      • rsClientSvc.exe (PID: 9080)
      • rsWSC.exe (PID: 8328)
      • rsEngineSvc.exe (PID: 7412)
      • rsEDRSvc.exe (PID: 4748)
      • rsVPNClientSvc.exe (PID: 7960)
      • rsVPNSvc.exe (PID: 8668)
      • WmiApSrv.exe (PID: 9056)

    • Application launched itself

      • WhatsApp.exe (PID: 8292)
      • WhatsApp.exe (PID: 8864)

    • Uses REG/REGEDIT.EXE to modify registry

      • WhatsApp.exe (PID: 8292)

    • Drops a system driver (possible attempt to evade defenses)

      • 7za.exe (PID: 8236)
      • UnifiedStub-installer.exe (PID: 6584)
      • 7za.exe (PID: 4512)

    • The process creates files with name similar to system file names

      • 7za.exe (PID: 8236)
      • 7za.exe (PID: 4512)

    • The process drops C-runtime libraries

      • 7za.exe (PID: 8236)
      • UnifiedStub-installer.exe (PID: 6584)

    • Creates or modifies Windows services

      • UnifiedStub-installer.exe (PID: 6584)
      • rundll32.exe (PID: 8424)

    • Creates files in the driver directory

      • UnifiedStub-installer.exe (PID: 6584)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • UnifiedStub-installer.exe (PID: 6584)

    • Checks Windows Trust Settings

      • rsWSC.exe (PID: 6784)
      • rsEngineSvc.exe (PID: 4512)
      • rsEDRSvc.exe (PID: 8212)
      • rsWSC.exe (PID: 8328)
      • rsEngineSvc.exe (PID: 7412)
      • rsEDRSvc.exe (PID: 4748)
      • rsVPNSvc.exe (PID: 1452)

    • Adds/modifies Windows certificates

      • rsWSC.exe (PID: 6784)
      • rsEngineSvc.exe (PID: 4512)
      • rsEDRSvc.exe (PID: 4748)

    • Uses RUNDLL32.EXE to load library

      • UnifiedStub-installer.exe (PID: 6584)

    • Dropped object may contain URLs of mainers pools

      • rsEngineSvc.exe (PID: 7412)

    • Reads the BIOS version

      • rsEDRSvc.exe (PID: 4748)

    • Process checks is Powershell's Script Block Logging on

      • rsEDRSvc.exe (PID: 4748)

    • The process checks if it is being run in the virtual environment

      • rsVPNSvc.exe (PID: 8668)

  • INFO

    • Checks proxy server information

      • slui.exe (PID: 4880)
      • cookie_exporter.exe (PID: 7848)
      • whatsapp_essg-61.tmp (PID: 4292)
      • file_essg-61.tmp (PID: 7212)
      • prod0.exe (PID: 3908)
      • UnifiedStub-installer.exe (PID: 6584)
      • WerFault.exe (PID: 7332)
      • WerFault.exe (PID: 3048)
      • Update.exe (PID: 4512)
      • WhatsApp.exe (PID: 8864)
      • Update.exe (PID: 8532)
      • Update.exe (PID: 8724)
      • Update.exe (PID: 8544)
      • Update.exe (PID: 8468)
      • Update.exe (PID: 8968)
      • Update.exe (PID: 9104)
      • Update.exe (PID: 9192)
      • Update.exe (PID: 7160)
      • Update.exe (PID: 7236)
      • rsWSC.exe (PID: 6784)
      • rsEngineSvc.exe (PID: 4512)
      • rsVPNSvc.exe (PID: 1452)

    • Checks supported languages

      • identity_helper.exe (PID: 7508)
      • cookie_exporter.exe (PID: 7848)
      • whatsapp_essg-61.exe (PID: 7992)
      • whatsapp_essg-61.tmp (PID: 8032)
      • whatsapp_essg-61.exe (PID: 3800)
      • whatsapp_essg-61.tmp (PID: 4292)
      • TextInputHost.exe (PID: 6620)
      • file_essg-61.exe (PID: 7852)
      • file_essg-61.tmp (PID: 7212)
      • prod0.exe (PID: 3908)
      • whatsapp.exe (PID: 4384)
      • qzlbgnza.exe (PID: 5236)
      • whatsapp.exe (PID: 7432)
      • UnifiedStub-installer.exe (PID: 6584)
      • Update.exe (PID: 4512)
      • rsSyncSvc.exe (PID: 4704)
      • squirrel.exe (PID: 8260)
      • WhatsApp.exe (PID: 8360)
      • rsSyncSvc.exe (PID: 4384)
      • WhatsApp.exe (PID: 8292)
      • WhatsApp.exe (PID: 8864)
      • WhatsApp.exe (PID: 8708)
      • WhatsApp.exe (PID: 8932)
      • WhatsApp.exe (PID: 9028)
      • WhatsApp.exe (PID: 8508)
      • Update.exe (PID: 8544)
      • WhatsApp.exe (PID: 9172)
      • WhatsApp.exe (PID: 9180)
      • WhatsApp.exe (PID: 3396)
      • Update.exe (PID: 8532)
      • Update.exe (PID: 8724)
      • Update.exe (PID: 8544)
      • Update.exe (PID: 8468)
      • Update.exe (PID: 8968)
      • Update.exe (PID: 9104)
      • Update.exe (PID: 9192)
      • Update.exe (PID: 7160)
      • 7za.exe (PID: 8632)
      • Update.exe (PID: 7236)
      • 7za.exe (PID: 8236)
      • rsWSC.exe (PID: 6784)
      • rsClientSvc.exe (PID: 8708)
      • rsClientSvc.exe (PID: 9080)
      • rsWSC.exe (PID: 8328)
      • rsEngineSvc.exe (PID: 4512)
      • rsEngineSvc.exe (PID: 7412)
      • rsEDRSvc.exe (PID: 8212)
      • rsEDRSvc.exe (PID: 4748)
      • rsHelper.exe (PID: 8540)
      • rsVPNClientSvc.exe (PID: 2152)
      • rsVPNClientSvc.exe (PID: 7960)
      • rsVPNSvc.exe (PID: 1452)
      • 7za.exe (PID: 4512)
      • rsVPNSvc.exe (PID: 8668)
      • VPN.exe (PID: 8344)
      • rsAppUI.exe (PID: 3308)
      • rsAppUI.exe (PID: 8588)
      • EPP.exe (PID: 4144)

    • Reads the software policy settings

      • slui.exe (PID: 4880)
      • whatsapp_essg-61.tmp (PID: 4292)
      • file_essg-61.tmp (PID: 7212)
      • prod0.exe (PID: 3908)
      • UnifiedStub-installer.exe (PID: 6584)
      • WerFault.exe (PID: 7332)
      • WerFault.exe (PID: 3048)
      • Update.exe (PID: 4512)
      • Update.exe (PID: 8532)
      • Update.exe (PID: 8724)
      • WhatsApp.exe (PID: 8864)
      • Update.exe (PID: 8544)
      • Update.exe (PID: 8468)
      • Update.exe (PID: 8968)
      • Update.exe (PID: 9104)
      • Update.exe (PID: 7160)
      • Update.exe (PID: 7236)
      • Update.exe (PID: 9192)
      • rsWSC.exe (PID: 6784)
      • rsEDRSvc.exe (PID: 8212)
      • rsEngineSvc.exe (PID: 4512)
      • rsEDRSvc.exe (PID: 4748)
      • rsWSC.exe (PID: 8328)
      • rsEngineSvc.exe (PID: 7412)
      • rsVPNSvc.exe (PID: 1452)
      • rsVPNSvc.exe (PID: 8668)

    • Reads Environment values

      • identity_helper.exe (PID: 7508)
      • cookie_exporter.exe (PID: 7848)
      • prod0.exe (PID: 3908)
      • UnifiedStub-installer.exe (PID: 6584)
      • Update.exe (PID: 4512)
      • Update.exe (PID: 8532)
      • Update.exe (PID: 8724)
      • Update.exe (PID: 8544)
      • Update.exe (PID: 8468)
      • Update.exe (PID: 8968)
      • Update.exe (PID: 9104)
      • Update.exe (PID: 9192)
      • Update.exe (PID: 7236)
      • Update.exe (PID: 7160)
      • rsEDRSvc.exe (PID: 4748)
      • rsEngineSvc.exe (PID: 7412)
      • rsVPNSvc.exe (PID: 8668)
      • rsAppUI.exe (PID: 3308)
      • rsAppUI.exe (PID: 8588)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 1112)
      • file_essg-61.tmp (PID: 7212)

    • Reads the computer name

      • identity_helper.exe (PID: 7508)
      • cookie_exporter.exe (PID: 7848)
      • whatsapp_essg-61.tmp (PID: 8032)
      • whatsapp_essg-61.tmp (PID: 4292)
      • TextInputHost.exe (PID: 6620)
      • file_essg-61.tmp (PID: 7212)
      • prod0.exe (PID: 3908)
      • whatsapp.exe (PID: 4384)
      • UnifiedStub-installer.exe (PID: 6584)
      • Update.exe (PID: 4512)
      • rsSyncSvc.exe (PID: 4384)
      • rsSyncSvc.exe (PID: 4704)
      • squirrel.exe (PID: 8260)
      • WhatsApp.exe (PID: 8292)
      • WhatsApp.exe (PID: 8360)
      • WhatsApp.exe (PID: 8932)
      • WhatsApp.exe (PID: 8508)
      • WhatsApp.exe (PID: 8708)
      • WhatsApp.exe (PID: 8864)
      • Update.exe (PID: 8544)
      • WhatsApp.exe (PID: 9028)
      • WhatsApp.exe (PID: 9172)
      • WhatsApp.exe (PID: 3396)
      • WhatsApp.exe (PID: 9180)
      • Update.exe (PID: 8724)
      • Update.exe (PID: 8544)
      • Update.exe (PID: 8532)
      • Update.exe (PID: 8468)
      • Update.exe (PID: 8968)
      • Update.exe (PID: 9104)
      • Update.exe (PID: 9192)
      • Update.exe (PID: 7160)
      • Update.exe (PID: 7236)
      • 7za.exe (PID: 8632)
      • 7za.exe (PID: 8236)
      • rsWSC.exe (PID: 6784)
      • rsClientSvc.exe (PID: 8708)
      • rsClientSvc.exe (PID: 9080)
      • rsEngineSvc.exe (PID: 4512)
      • rsWSC.exe (PID: 8328)
      • rsEngineSvc.exe (PID: 7412)
      • rsEDRSvc.exe (PID: 8212)
      • rsEDRSvc.exe (PID: 4748)
      • rsHelper.exe (PID: 8540)
      • 7za.exe (PID: 4512)
      • rsVPNClientSvc.exe (PID: 2152)
      • rsVPNSvc.exe (PID: 1452)
      • rsVPNClientSvc.exe (PID: 7960)
      • rsVPNSvc.exe (PID: 8668)
      • rsAppUI.exe (PID: 3308)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 1112)
      • msedge.exe (PID: 6624)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 1112)
      • msedge.exe (PID: 6624)

    • Application launched itself

      • msedge.exe (PID: 1112)

    • The process uses the downloaded file

      • msedge.exe (PID: 7344)
      • msedge.exe (PID: 1112)

    • Create files in a temporary directory

      • whatsapp_essg-61.exe (PID: 7992)
      • whatsapp_essg-61.exe (PID: 3800)
      • whatsapp_essg-61.tmp (PID: 4292)
      • file_essg-61.exe (PID: 7852)
      • file_essg-61.tmp (PID: 7212)
      • prod0.exe (PID: 3908)
      • qzlbgnza.exe (PID: 5236)
      • Update.exe (PID: 4512)
      • Update.exe (PID: 8724)
      • Update.exe (PID: 8532)
      • Update.exe (PID: 8544)
      • Update.exe (PID: 8468)
      • Update.exe (PID: 8968)
      • Update.exe (PID: 9104)
      • Update.exe (PID: 9192)
      • Update.exe (PID: 7236)
      • Update.exe (PID: 7160)
      • UnifiedStub-installer.exe (PID: 6584)

    • Process checks computer location settings

      • whatsapp_essg-61.tmp (PID: 8032)
      • file_essg-61.tmp (PID: 7212)
      • prod0.exe (PID: 3908)
      • Update.exe (PID: 4512)
      • WhatsApp.exe (PID: 9180)
      • rsVPNSvc.exe (PID: 8668)

    • Reads the machine GUID from the registry

      • file_essg-61.tmp (PID: 7212)
      • prod0.exe (PID: 3908)
      • UnifiedStub-installer.exe (PID: 6584)
      • Update.exe (PID: 4512)
      • squirrel.exe (PID: 8260)
      • Update.exe (PID: 8544)
      • Update.exe (PID: 8532)
      • Update.exe (PID: 8724)
      • WhatsApp.exe (PID: 8864)
      • Update.exe (PID: 8468)
      • Update.exe (PID: 8968)
      • Update.exe (PID: 8544)
      • Update.exe (PID: 9104)
      • Update.exe (PID: 9192)
      • Update.exe (PID: 7236)
      • Update.exe (PID: 7160)
      • rsWSC.exe (PID: 6784)
      • rsEngineSvc.exe (PID: 4512)
      • rsWSC.exe (PID: 8328)
      • rsEngineSvc.exe (PID: 7412)
      • rsEDRSvc.exe (PID: 8212)
      • rsEDRSvc.exe (PID: 4748)
      • rsHelper.exe (PID: 8540)
      • rsVPNSvc.exe (PID: 1452)
      • rsVPNSvc.exe (PID: 8668)
      • rsAppUI.exe (PID: 3308)

    • Disables trace logs

      • prod0.exe (PID: 3908)
      • UnifiedStub-installer.exe (PID: 6584)
      • Update.exe (PID: 4512)
      • Update.exe (PID: 8724)
      • Update.exe (PID: 8532)
      • Update.exe (PID: 8468)
      • Update.exe (PID: 8968)
      • Update.exe (PID: 8544)
      • Update.exe (PID: 9104)
      • Update.exe (PID: 9192)
      • Update.exe (PID: 7236)
      • Update.exe (PID: 7160)
      • rsEDRSvc.exe (PID: 4748)
      • rsEngineSvc.exe (PID: 7412)
      • rsVPNSvc.exe (PID: 8668)

    • Manual execution by a user

      • whatsapp.exe (PID: 7432)

    • Creates files or folders in the user directory

      • whatsapp.exe (PID: 7432)
      • Update.exe (PID: 4512)
      • WerFault.exe (PID: 7332)
      • WerFault.exe (PID: 3048)
      • squirrel.exe (PID: 8260)
      • WhatsApp.exe (PID: 8292)
      • WhatsApp.exe (PID: 8864)
      • Update.exe (PID: 8544)
      • Update.exe (PID: 8532)
      • rsWSC.exe (PID: 6784)
      • rsEngineSvc.exe (PID: 4512)
      • rsVPNSvc.exe (PID: 1452)
      • rsVPNSvc.exe (PID: 8668)
      • rsEngineSvc.exe (PID: 7412)

    • Creates files in the program directory

      • UnifiedStub-installer.exe (PID: 6584)
      • 7za.exe (PID: 8632)
      • 7za.exe (PID: 8236)
      • rsWSC.exe (PID: 6784)
      • rsEngineSvc.exe (PID: 4512)
      • rsEDRSvc.exe (PID: 8212)
      • rsEngineSvc.exe (PID: 7412)
      • rsEDRSvc.exe (PID: 4748)
      • 7za.exe (PID: 4512)
      • rsVPNSvc.exe (PID: 8668)
      • rsVPNSvc.exe (PID: 1452)

    • Reads the time zone

      • WhatsApp.exe (PID: 9180)
      • runonce.exe (PID: 8448)
      • rsEDRSvc.exe (PID: 4748)
      • rsVPNSvc.exe (PID: 8668)

    • .NET Reactor protector has been detected

      • UnifiedStub-installer.exe (PID: 6584)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 8448)

    • Reads product name

      • rsEDRSvc.exe (PID: 4748)
      • rsAppUI.exe (PID: 3308)
      • rsAppUI.exe (PID: 8588)

    • Reads CPU info

      • rsEDRSvc.exe (PID: 4748)
      • rsVPNSvc.exe (PID: 8668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
296
Monitored processes
152
Malicious processes
17
Suspicious processes
3

Behavior graph

Click at the process to see the details
start iexplore.exe no specs msedge.exe slui.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cookie_exporter.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs whatsapp_essg-61.exe whatsapp_essg-61.tmp no specs whatsapp_essg-61.exe whatsapp_essg-61.tmp msedge.exe no specs textinputhost.exe no specs file_essg-61.exe #INNOSETUP file_essg-61.tmp msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs prod0.exe whatsapp.exe no specs qzlbgnza.exe whatsapp.exe msedge.exe no specs msedge.exe no specs THREAT unifiedstub-installer.exe update.exe msedge.exe no specs werfault.exe msedge.exe no specs rssyncsvc.exe no specs conhost.exe no specs rssyncsvc.exe no specs werfault.exe squirrel.exe no specs whatsapp.exe no specs whatsapp.exe reg.exe no specs conhost.exe no specs whatsapp.exe no specs reg.exe no specs update.exe no specs conhost.exe no specs whatsapp.exe no specs whatsapp.exe whatsapp.exe whatsapp.exe no specs whatsapp.exe no specs whatsapp.exe no specs whatsapp.exe update.exe update.exe update.exe update.exe update.exe update.exe update.exe update.exe update.exe msedge.exe no specs 7za.exe conhost.exe no specs msedge.exe no specs 7za.exe conhost.exe no specs rundll32.exe runonce.exe no specs grpconv.exe no specs wevtutil.exe no specs conhost.exe no specs fltmc.exe no specs conhost.exe no specs wevtutil.exe no specs conhost.exe no specs rswsc.exe rswsc.exe no specs rsclientsvc.exe no specs conhost.exe no specs rsclientsvc.exe no specs rsenginesvc.exe rsenginesvc.exe rsedrsvc.exe no specs rsedrsvc.exe rshelper.exe no specs 7za.exe conhost.exe no specs rsvpnclientsvc.exe no specs conhost.exe no specs rsvpnclientsvc.exe no specs rsvpnsvc.exe rsvpnsvc.exe vpn.exe no specs rsappui.exe no specs wmiapsrv.exe no specs epp.exe no specs rsappui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
256"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8432 --field-trial-handle=2408,i,7104229253663757358,2741955551486578904,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
320"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5688 --field-trial-handle=2408,i,7104229253663757358,2741955551486578904,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
636"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8612 --field-trial-handle=2408,i,7104229253663757358,2741955551486578904,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
700"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4196 --field-trial-handle=2408,i,7104229253663757358,2741955551486578904,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1112"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=8 -- "https://whatsapp.en.download.it/"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x1e0,0x220,0x298,0x1e8,0x2a0,0x7fff01a85fd8,0x7fff01a85fe4,0x7fff01a85ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=8524 --field-trial-handle=2408,i,7104229253663757358,2741955551486578904,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1428"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6164 --field-trial-handle=2408,i,7104229253663757358,2741955551486578904,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1452"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe" -i -iC:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe
UnifiedStub-installer.exe
User:
admin
Company:
Reason Software Company Inc.
Integrity Level:
HIGH
Description:
rsVPNSvc
Exit code:
0
Version:
2.18.0.0
Modules
Images
c:\program files\reasonlabs\vpn\rsvpnsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1716"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4904 --field-trial-handle=2408,i,7104229253663757358,2741955551486578904,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
135 771
Read events
134 989
Write events
666
Delete events
116

Modification events

(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:L1WatermarkLowPart
Value:
0
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:L1WatermarkHighPart
Value:
0
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
0
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
0
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31120768
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3384) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
Executable files
741
Suspicious files
990
Text files
295
Unknown types
42

Dropped files

PID
Process
Filename
Type
1112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFe1c8c.TMP
MD5:
SHA256:
1112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
1112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFe1c9c.TMP
MD5:
SHA256:
1112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
1112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFe1c9c.TMP
MD5:
SHA256:
1112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
1112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFe1cab.TMP
MD5:
SHA256:
1112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
1112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RFe1cf9.TMP
MD5:
SHA256:
1112msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
82
TCP/UDP connections
371
DNS requests
320
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1688
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
1704
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
1112
msedge.exe
GET
200
52.6.97.148:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMDtATfnJO6JAXDQoHl8pAaJdhTQQU3QQJB6L1en1SUxKSle44gCUNplkCEFt%2FVDgl5BqhKt4hQ5zf5m8%3D
unknown
whitelisted
1112
msedge.exe
GET
200
2.17.100.200:80
http://sslcom.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEQDkJwSV9oyR1tDse0lOpN8c
unknown
whitelisted
1112
msedge.exe
GET
200
52.6.97.148:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMDtATfnJO6JAXDQoHl8pAaJdhTQQU3QQJB6L1en1SUxKSle44gCUNplkCEFt%2FVDgl5BqhKt4hQ5zf5m8%3D
unknown
whitelisted
1112
msedge.exe
GET
200
18.244.18.54:80
http://crls.ssl.com/ssl.com-rsa-RootCA.crl
unknown
whitelisted
1112
msedge.exe
GET
200
52.6.97.148:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS0UJ9%2FZn2kc3RfVu9A%2FfyFSdQVAwQURPou5oAhpEaXDmroM7xTEWZNqbkCEF4bdHMJUrH6Pg1KnFCo2r4%3D
unknown
whitelisted
7212
file_essg-61.tmp
GET
200
95.168.168.24:80
http://dl.jalecdn.com/US/whatsapp.exe
unknown
malicious
6624
msedge.exe
GET
304
23.192.153.142:80
http://x1.i.lencr.org/
unknown
whitelisted
6548
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6e6d05a2-47e8-42b8-85a0-e8b7ee48333a?P1=1722300395&P2=404&P3=2&P4=cxOc%2fKQnBA901dNJy9lueXbdasa7KzYdqgteeL4TfqMpElQKm8gDe5lfCrz0GnBGv%2bsOTpBhTVm5vNKZY8iLWg%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6012
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4292
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3108
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4.209.32.198:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1996
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4880
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6624
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6624
msedge.exe
104.22.57.224:443
whatsapp.en.download.it
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
whitelisted
google.com
  • 142.250.186.174
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
whatsapp.en.download.it
  • 104.22.57.224
  • 104.22.56.224
  • 172.67.26.92
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
cdn.download.it
  • 104.22.56.224
  • 104.22.57.224
  • 172.67.26.92
whitelisted
fonts.googleapis.com
  • 172.217.23.106
  • 142.250.186.106
whitelisted

Threats

PID
Process
Class
Message
6624
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
6624
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
7212
file_essg-61.tmp
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
7212
file_essg-61.tmp
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
Process
Message
WhatsApp.exe
[8360:8364:0724/042229.654:VERBOSE1:crash_service_main.cc(81)] Session start. cmdline is [--reporter-url=https://crashlogs.whatsapp.net/wa_clb_data?access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af --application-name=WhatsApp "--crashes-directory=C:\Users\admin\AppData\Local\Temp\WhatsApp Crashes" --v=1]
WhatsApp.exe
[8360:8364:0724/042229.663:VERBOSE1:crash_service.cc(147)] window handle is 0000000000080118
WhatsApp.exe
[8360:8364:0724/042229.664:VERBOSE1:crash_service.cc(275)] pipe name is \\.\pipe\WhatsApp Crash Service dumps at C:\Users\admin\AppData\Local\Temp\WhatsApp Crashes
WhatsApp.exe
[8360:8364:0724/042229.664:VERBOSE1:crash_service.cc(279)] checkpoint is C:\Users\admin\AppData\Local\Temp\WhatsApp Crashes\crash_checkpoint.txt server is https://crashlogs.whatsapp.net/wa_clb_data?access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af maximum 128 reports/day reporter is electron-crash-service
WhatsApp.exe
[8360:8364:0724/042229.664:VERBOSE1:crash_service_main.cc(95)] Ready to process crash requests
WhatsApp.exe
[8360:8392:0724/042229.665:VERBOSE1:crash_service.cc(309)] client start. pid = 8292
WhatsApp.exe
[8360:8388:0724/042230.361:VERBOSE1:crash_service.cc(318)] client end. pid = 8292
WhatsApp.exe
[8360:8388:0724/042231.370:VERBOSE1:crash_service.cc(339)] zero clients. exiting
WhatsApp.exe
[8360:8364:0724/042231.372:VERBOSE1:crash_service.cc(473)] session ending..
WhatsApp.exe
[8360:8364:0724/042231.372:VERBOSE1:crash_service.cc(478)] clients connected :1 clients terminated :1 dumps serviced :0 dumps reported :0
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://whatsapp.en.download.it