File name:

KMZ File.kmz

Full analysis: https://app.any.run/tasks/0c1d7620-ac16-48c3-93c6-effcb1ccc411
Verdict: Malicious activity
Analysis date: December 06, 2023, 10:55:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

D272DE4B8605476344E990C2A8650E8A

SHA1:

FC188BF711AD74E6032A28A8BFBEA3492B13ECAC

SHA256:

00BCA5B964AA331EAEA17DC167A3312880A34F64389C93D08BC0481548AD56C4

SSDEEP:

24576:PcF7jk3QMQ1hCsyiz1fTuNZmI1OZKjfD441Ye5cl+ZMrZ4aw04n5jnU0BhvXbJ5K:PcF7jk3QMQ1hCsyiz1fTuNZmI1OZKjfe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Windows-outbyte-driver-updater.exe (PID: 2972)
      • Windows-outbyte-driver-updater.exe (PID: 2624)
      • Installer.exe (PID: 372)

    • Steals credentials from Web Browsers

      • DriverUpdater.exe (PID: 3084)

    • Actions looks like stealing of personal data

      • DriverUpdater.exe (PID: 3084)
      • CustomDllSurrogate.x32.exe (PID: 3364)
      • DriverUpdater.exe (PID: 3972)

    • Registers / Runs the DLL via REGSVR32.EXE

      • DriverUpdater.exe (PID: 3972)

  • SUSPICIOUS

    • Reads the Internet Settings

      • rundll32.exe (PID: 1864)
      • Windows-outbyte-driver-updater.exe (PID: 2972)
      • Installer.exe (PID: 372)
      • DriverUpdater.exe (PID: 3972)
      • Windows-outbyte-driver-updater.exe (PID: 2624)
      • Installer.exe (PID: 1828)

    • Reads settings of System Certificates

      • Installer.exe (PID: 372)
      • DriverUpdater.exe (PID: 3084)
      • DriverUpdater.exe (PID: 3972)
      • Installer.exe (PID: 1828)

    • Reads the BIOS version

      • Installer.exe (PID: 372)
      • DriverUpdater.exe (PID: 3084)
      • DriverUpdater.exe (PID: 3972)
      • Installer.exe (PID: 1828)

    • Process drops SQLite DLL files

      • Installer.exe (PID: 372)

    • Checks Windows Trust Settings

      • Installer.exe (PID: 372)
      • DriverUpdater.exe (PID: 3084)
      • DriverUpdater.exe (PID: 3972)
      • Installer.exe (PID: 1828)

    • Process drops legitimate windows executable

      • Installer.exe (PID: 372)

    • Reads security settings of Internet Explorer

      • Installer.exe (PID: 372)
      • DriverUpdater.exe (PID: 3084)
      • DriverUpdater.exe (PID: 3972)
      • Installer.exe (PID: 1828)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2240)
      • ServiceHelper.Agent.exe (PID: 2064)

    • Adds/modifies Windows certificates

      • DriverUpdater.exe (PID: 3084)
      • DriverUpdater.exe (PID: 3972)

    • Searches for installed software

      • DriverUpdater.exe (PID: 3084)
      • dllhost.exe (PID: 128)
      • DriverUpdater.exe (PID: 3972)
      • Installer.exe (PID: 1828)

  • INFO

    • Reads the computer name

      • wmpnscfg.exe (PID: 2128)
      • Windows-outbyte-driver-updater.exe (PID: 2972)
      • Installer.exe (PID: 372)
      • ServiceHelper.Agent.exe (PID: 2708)
      • ServiceHelper.Agent.exe (PID: 2064)
      • DriverUpdater.exe (PID: 3084)
      • DriverUpdater.exe (PID: 3972)
      • CustomDllSurrogate.x32.exe (PID: 3364)
      • Windows-outbyte-driver-updater.exe (PID: 2624)
      • Installer.exe (PID: 1828)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 2076)
      • msedge.exe (PID: 1936)

    • The process uses the downloaded file

      • msedge.exe (PID: 2076)
      • msedge.exe (PID: 1888)

    • Process checks computer location settings

      • Windows-outbyte-driver-updater.exe (PID: 2972)
      • Installer.exe (PID: 372)
      • DriverUpdater.exe (PID: 3972)
      • Windows-outbyte-driver-updater.exe (PID: 2624)
      • Installer.exe (PID: 1828)

    • Create files in a temporary directory

      • Windows-outbyte-driver-updater.exe (PID: 2624)
      • Windows-outbyte-driver-updater.exe (PID: 2972)
      • Installer.exe (PID: 372)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2128)

    • Checks supported languages

      • Windows-outbyte-driver-updater.exe (PID: 2972)
      • wmpnscfg.exe (PID: 2128)
      • Windows-outbyte-driver-updater.exe (PID: 2624)
      • ServiceHelper.Agent.exe (PID: 2064)
      • ServiceHelper.Agent.exe (PID: 2708)
      • DriverUpdater.exe (PID: 3084)
      • Installer.exe (PID: 372)
      • DriverUpdater.exe (PID: 3972)
      • CustomDllSurrogate.x32.exe (PID: 3364)
      • Installer.exe (PID: 1828)

    • Application launched itself

      • msedge.exe (PID: 2076)

    • Checks proxy server information

      • Windows-outbyte-driver-updater.exe (PID: 2972)
      • Installer.exe (PID: 372)
      • DriverUpdater.exe (PID: 3972)
      • Windows-outbyte-driver-updater.exe (PID: 2624)
      • Installer.exe (PID: 1828)

    • Reads the machine GUID from the registry

      • Installer.exe (PID: 372)
      • DriverUpdater.exe (PID: 3084)
      • DriverUpdater.exe (PID: 3972)
      • CustomDllSurrogate.x32.exe (PID: 3364)
      • Installer.exe (PID: 1828)

    • Creates files in the program directory

      • Installer.exe (PID: 372)
      • DriverUpdater.exe (PID: 3084)
      • DriverUpdater.exe (PID: 3972)
      • CustomDllSurrogate.x32.exe (PID: 3364)

    • Creates files or folders in the user directory

      • Installer.exe (PID: 372)
      • DriverUpdater.exe (PID: 3972)

    • Reads Windows Product ID

      • DriverUpdater.exe (PID: 3084)
      • DriverUpdater.exe (PID: 3972)
      • Installer.exe (PID: 372)
      • Installer.exe (PID: 1828)

    • Reads Microsoft Office registry keys

      • DriverUpdater.exe (PID: 3972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.kmz | Google Earth saved working session (60)
.zip | ZIP compressed archive (40)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0002
ZipCompression: Deflated
ZipModifyDate: 2023:07:05 13:03:28
ZipCRC: 0x849ecba0
ZipCompressedSize: 595698
ZipUncompressedSize: 8287855
ZipFileName: doc.kml
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
97
Monitored processes
50
Malicious processes
10
Suspicious processes
0

Behavior graph

Click at the process to see the details
start rundll32.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windows-outbyte-driver-updater.exe no specs windows-outbyte-driver-updater.exe no specs windows-outbyte-driver-updater.exe windows-outbyte-driver-updater.exe installer.exe servicehelper.agent.exe no specs servicehelper.agent.exe no specs driverupdater.exe SPPSurrogate no specs vssvc.exe no specs driverupdater.exe regsvr32.exe no specs customdllsurrogate.x32.exe installer.exe

Process information

PID
CMD
Path
Indicators
Parent process
128C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
372"C:\Users\admin\AppData\Local\Temp\is-2056620.tmp\Installer.exe" /spid:2972 /splha:19408960C:\Users\admin\AppData\Local\Temp\is-2056620.tmp\Installer.exe
Windows-outbyte-driver-updater.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
Installer
Exit code:
0
Version:
2.3.1.25150
Modules
Images
c:\users\admin\appdata\local\temp\is-2056620.tmp\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\users\admin\appdata\local\temp\is-2056620.tmp\axcomponentsvcl.bpl
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
756"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4048 --field-trial-handle=1352,i,9799545003475875555,7472303349557844172,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1380"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2348 --field-trial-handle=1352,i,9799545003475875555,7472303349557844172,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1432"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1352,i,9799545003475875555,7472303349557844172,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1436"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1484 --field-trial-handle=1352,i,9799545003475875555,7472303349557844172,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1444"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4392 --field-trial-handle=1352,i,9799545003475875555,7472303349557844172,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1496"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3396 --field-trial-handle=1352,i,9799545003475875555,7472303349557844172,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1600"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4200 --field-trial-handle=1352,i,9799545003475875555,7472303349557844172,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1608"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1660 --field-trial-handle=1352,i,9799545003475875555,7472303349557844172,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
61 997
Read events
61 750
Write events
244
Delete events
3

Modification events

(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
(PID) Process:(2076) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
8A1A1F2B695E2F00
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
(PID) Process:(2076) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:usagestats
Value:
1
(PID) Process:(2076) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:urlstats
Value:
1
Executable files
123
Suspicious files
333
Text files
49
Unknown types
0

Dropped files

PID
Process
Filename
Type
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF21183a.TMP
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF211869.TMP
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF2118a8.TMP
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:961E3604F228B0D10541EBF921500C86
SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State~RF2117bd.TMPbinary
MD5:3B724992C6EFD0987FCBB5A9465F7072
SHA256:E1E95234896410D16CA9EB13B7AF08A004FB231307E17D619C7015A3DACD889A
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Versiontext
MD5:61FE7896F9494DCDF53480A325F4FB85
SHA256:ACFD3CD36E0DFCF1DCB67C7F31F2A5B9BA0815528A0C604D4330DFAA9E683E51
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old~RF211982.TMPtext
MD5:1ACE5204383743042AB80E38A960248E
SHA256:382B569F16AAAF1CC7FD69E9C4830D7A37BA8DE07B325918AB482A0C9B1C06C0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
192
DNS requests
203
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
372
Installer.exe
GET
200
192.229.221.95:80
http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJiUKgT2m88fZ4nxc1Lu6M%2FjvkagQUDNtsgkkPSmcKuBTuesRIUojrVjgCEAOiOjjuz1GXFL4ZZIGXed8%3D
unknown
binary
471 b
unknown
1936
msedge.exe
GET
302
23.43.62.58:80
http://go.microsoft.com/fwlink/?LinkId=57426&Ext=kmz%22
unknown
unknown
1936
msedge.exe
GET
200
192.229.221.95:80
http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt
unknown
binary
1.19 Kb
unknown
1936
msedge.exe
GET
301
2.16.164.123:80
http://shell.windows.com/fileassoc/fileassoc.asp?Ext=kmz%22
unknown
unknown
372
Installer.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCZXmpIP%2Bo%2BHhJmodADfw%2Fc
unknown
binary
472 b
unknown
372
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAsllCLO2YEqFaBOmVKKDvo%3D
unknown
binary
471 b
unknown
372
Installer.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9770c075165a7ee2
unknown
compressed
4.66 Kb
unknown
3972
DriverUpdater.exe
GET
200
23.37.41.57:80
http://x1.c.lencr.org/
unknown
binary
717 b
unknown
372
Installer.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
372
Installer.exe
GET
200
142.250.74.195:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
2076
msedge.exe
239.255.255.250:1900
whitelisted
1936
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1936
msedge.exe
23.43.62.58:80
go.microsoft.com
Akamai International B.V.
US
unknown
1936
msedge.exe
51.104.176.40:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1936
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1936
msedge.exe
2.16.164.123:80
shell.windows.com
Akamai International B.V.
NL
unknown

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
go.microsoft.com
  • 23.43.62.58
whitelisted
nav-edge.smartscreen.microsoft.com
  • 51.104.176.40
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
shell.windows.com
  • 2.16.164.123
  • 2.16.164.16
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.103.180.120
whitelisted
www.bing.com
  • 23.15.178.194
  • 23.15.178.234
  • 23.15.178.218
  • 23.15.178.217
  • 23.15.178.211
  • 23.15.178.210
  • 23.15.178.241
  • 23.15.178.200
  • 23.15.178.248
  • 2.16.100.33
  • 2.16.100.27
  • 2.16.100.51
  • 2.16.100.49
  • 2.16.100.25
  • 2.16.100.24
  • 2.16.101.123
  • 2.16.100.42
  • 2.16.100.34
  • 23.212.110.161
  • 23.212.110.147
  • 23.212.110.152
  • 23.212.110.155
  • 23.212.110.154
  • 23.212.110.146
  • 23.212.110.160
  • 23.212.110.145
  • 23.212.110.153
whitelisted
r.bing.com
  • 2.19.96.97
  • 2.19.96.104
  • 2.19.96.99
  • 2.19.96.88
  • 2.19.96.80
  • 2.19.96.107
  • 2.19.96.90
  • 2.19.96.83
  • 2.19.96.98
  • 2.23.209.149
  • 2.23.209.130
  • 2.23.209.176
  • 2.23.209.182
  • 2.23.209.179
  • 2.23.209.165
  • 2.23.209.185
  • 2.23.209.189
  • 2.23.209.133
whitelisted
th.bing.com
  • 2.23.209.149
  • 2.23.209.130
  • 2.23.209.176
  • 2.23.209.182
  • 2.23.209.179
  • 2.23.209.165
  • 2.23.209.185
  • 2.23.209.189
  • 2.23.209.133
whitelisted
login.microsoftonline.com
  • 40.126.32.140
  • 20.190.160.14
  • 40.126.32.76
  • 40.126.32.133
  • 40.126.32.74
  • 20.190.160.20
  • 40.126.32.134
  • 20.190.160.22
whitelisted

Threats

PID
Process
Class
Message
1936
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code.jquery .com)
1936
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
KMZ File.kmz