File name:

Stereo Tool 10.30 Multilingual x64 [FileCR].zip

Full analysis: https://app.any.run/tasks/c207569c-6466-4ea5-9f3f-e226c4b606ef
Verdict: Malicious activity
Analysis date: April 19, 2025, 20:55:01
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
upx
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

CA980D3159FFDB67708995AECE3D316D

SHA1:

CEBADEB26CFE6501BAC39A5BCE126F7868A20C71

SHA256:

280A44E3E55EAF3B2869D3BD8F7B244BEF646CC641714450594784F8380B6AF5

SSDEEP:

98304:ZRLSQ8I4xl54whaHna8DzLQA1xx4Myb1N+V+oUuYxA/XN3+pY1kpuTzZFusn1SDO:LlgY9CaX0GLdDQV0+cGphD9nR4s+Ce

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • stereo_tool_standalone_installer_64.exe (PID: 7732)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • stereo_tool_standalone_installer_64.exe (PID: 7732)

    • Executable content was dropped or overwritten

      • stereo_tool_standalone_installer_64.exe (PID: 7732)

    • Creates a software uninstall entry

      • stereo_tool_standalone_installer_64.exe (PID: 7732)

    • Reads security settings of Internet Explorer

      • stereo_tool_standalone_installer_64.exe (PID: 7732)
      • ShellExperienceHost.exe (PID: 7384)
      • kg.exe (PID: 3020)
      • kg.exe (PID: 208)
      • StereoTool.exe (PID: 2564)

    • There is functionality for taking screenshot (YARA)

      • kg.exe (PID: 3020)

    • Creates file in the systems drive root

      • kg.exe (PID: 3020)
      • kg.exe (PID: 208)

  • INFO

    • Manual execution by a user

      • stereo_tool_standalone_installer_64.exe (PID: 7684)
      • stereo_tool_standalone_installer_64.exe (PID: 7732)
      • msedge.exe (PID: 7248)
      • WinRAR.exe (PID: 4572)
      • kg.exe (PID: 3020)
      • WinRAR.exe (PID: 5228)
      • kg.exe (PID: 208)
      • StereoTool.exe (PID: 2564)

    • Creates files in the program directory

      • stereo_tool_standalone_installer_64.exe (PID: 7732)
      • kg.exe (PID: 208)

    • Reads the computer name

      • stereo_tool_standalone_installer_64.exe (PID: 7732)
      • identity_helper.exe (PID: 3032)
      • ShellExperienceHost.exe (PID: 7384)
      • kg.exe (PID: 3020)
      • StereoTool.exe (PID: 2564)
      • kg.exe (PID: 208)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2284)
      • WinRAR.exe (PID: 4572)
      • msedge.exe (PID: 4776)

    • The sample compiled with english language support

      • stereo_tool_standalone_installer_64.exe (PID: 7732)
      • msedge.exe (PID: 4776)

    • Checks supported languages

      • stereo_tool_standalone_installer_64.exe (PID: 7732)
      • identity_helper.exe (PID: 3032)
      • ShellExperienceHost.exe (PID: 7384)
      • kg.exe (PID: 3020)
      • kg.exe (PID: 208)
      • StereoTool.exe (PID: 2564)

    • Create files in a temporary directory

      • stereo_tool_standalone_installer_64.exe (PID: 7732)

    • Application launched itself

      • msedge.exe (PID: 8016)
      • msedge.exe (PID: 7248)
      • msedge.exe (PID: 6516)

    • Creates files or folders in the user directory

      • stereo_tool_standalone_installer_64.exe (PID: 7732)

    • Reads Environment values

      • identity_helper.exe (PID: 3032)

    • Compiled with Borland Delphi (YARA)

      • SystemSettingsBroker.exe (PID: 7184)
      • slui.exe (PID: 8016)
      • kg.exe (PID: 3020)

    • Reads the software policy settings

      • slui.exe (PID: 6132)
      • slui.exe (PID: 8016)

    • UPX packer has been detected

      • kg.exe (PID: 3020)

    • Checks proxy server information

      • slui.exe (PID: 8016)
      • StereoTool.exe (PID: 2564)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.kmz | Google Earth saved working session (60)
.zip | ZIP compressed archive (40)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:04:07 07:36:02
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Stereo Tool 10.30 Multilingual x64/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
214
Monitored processes
75
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe sppextcomobj.exe no specs slui.exe rundll32.exe no specs stereo_tool_standalone_installer_64.exe no specs stereo_tool_standalone_installer_64.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs shellexperiencehost.exe no specs systemsettingsbroker.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe kg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs kg.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs stereotool.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Users\admin\Desktop\Stereo Tool 10.30 Multilingual x64\keygen\kg.exe" C:\Users\admin\Desktop\Stereo Tool 10.30 Multilingual x64\keygen\kg.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\stereo tool 10.30 multilingual x64\keygen\kg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\winmm.dll
856"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3500 --field-trial-handle=2416,i,15321581328432938216,1563686992963069199,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6112 --field-trial-handle=2416,i,15321581328432938216,1563686992963069199,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5268 --field-trial-handle=2304,i,11837373777909051275,6016265471838978628,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1272"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1616 --field-trial-handle=2304,i,11837373777909051275,6016265471838978628,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4776 --field-trial-handle=2304,i,11837373777909051275,6016265471838978628,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1672"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2304,i,11837373777909051275,6016265471838978628,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1676"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2664 --field-trial-handle=2416,i,15321581328432938216,1563686992963069199,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2100"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2416 --field-trial-handle=2424,i,14477046413421884461,8586918541286852030,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2284"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Stereo Tool 10.30 Multilingual x64 [FileCR].zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
27 011
Read events
26 477
Write events
515
Delete events
19

Modification events

(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Stereo Tool 10.30 Multilingual x64 [FileCR].zip
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
Executable files
34
Suspicious files
439
Text files
98
Unknown types
0

Dropped files

PID
Process
Filename
Type
7732stereo_tool_standalone_installer_64.exeC:\Program Files\Stereo Tool\StereoTool.exe
MD5:
SHA256:
2284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2284.43223\Stereo Tool 10.30 Multilingual x64\Readme.txttext
MD5:8E188AF9D329FC2C933A3216990A5610
SHA256:B43538FE7A602E13C82AF920D953292DC2B034DB5E1A655F3DB924B3FF582CB4
2284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2284.43223\Stereo Tool 10.30 Multilingual x64\stereo_tool_standalone_installer_64.exeexecutable
MD5:A59AD203324D909673318424C3BAF059
SHA256:46A32DE43F151B2E9E6CAB368AC7F18D6B0D68B1C8D1EE5D01A87812F6870D98
7732stereo_tool_standalone_installer_64.exeC:\Program Files\Stereo Tool\libssl-3.dllexecutable
MD5:D57017424C0833438ECB84915C77ED57
SHA256:7C8857CA3AC6DB4984B52B2A98B57593F9C3A7651DFB4DC39E6EC657F2059EEC
2284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2284.43223\Stereo Tool 10.30 Multilingual x64\keygen.zipcompressed
MD5:E46F666FD8D7C30049630CDC2A03EDAE
SHA256:6509636580CD87623B599523B63DEE26C692A02E5E923E550EE32AFCB127A4C2
7732stereo_tool_standalone_installer_64.exeC:\Program Files\Stereo Tool\lame_enc_3_100.dllexecutable
MD5:6C44D19C7123D581C856CF54DA7626D4
SHA256:3BAFF7FC22B3F914B435C8FD3E186BB06B9E14D4CEB548122D099A10F423012C
7732stereo_tool_standalone_installer_64.exeC:\Program Files\Stereo Tool\lame_enc.dllexecutable
MD5:9ADD29686249308B3ED28D73AE651810
SHA256:44AA8F5831A53F80A38CA37F22C9FA4D134EEC104F569E74B1F28C45D4798DCC
7732stereo_tool_standalone_installer_64.exeC:\Program Files\Stereo Tool\uninst.exeexecutable
MD5:02101B0589DFE3D4FFFE1ABEFA61F180
SHA256:866808B3DE93DC64C525E67E08380BB9E4B8240A1601CA7AC021F2498B761106
7732stereo_tool_standalone_installer_64.exeC:\Program Files\Stereo Tool\libcrypto-3.dllexecutable
MD5:1A1EF544F9DF97D2E651B2AD315418F8
SHA256:1BA7FBFBEF3CE9E27A7B3E457D08D84979E4599436D6905503CE749D35F3F265
7248msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF11509e.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
53
TCP/UDP connections
78
DNS requests
85
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.216.77.22:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7768
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7768
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1276
svchost.exe
HEAD
200
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4a14e89f-4126-4b0a-8347-8c40c8e643a4?P1=1745625009&P2=404&P3=2&P4=Q3UooLw3uJe4%2b7yBlpltYivTfjtmRg31r1DtI9RxY6Nq9uQEqwFqj7zG0dbJeRs%2bZ8gdf%2bbpoEwIyoJcPcw%2b7Q%3d%3d
unknown
whitelisted
1676
msedge.exe
GET
302
198.54.126.120:80
http://installed.stereotool.com/10.30-sa/
unknown
unknown
1276
svchost.exe
GET
206
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4a14e89f-4126-4b0a-8347-8c40c8e643a4?P1=1745625009&P2=404&P3=2&P4=Q3UooLw3uJe4%2b7yBlpltYivTfjtmRg31r1DtI9RxY6Nq9uQEqwFqj7zG0dbJeRs%2bZ8gdf%2bbpoEwIyoJcPcw%2b7Q%3d%3d
unknown
whitelisted
1276
svchost.exe
GET
206
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4a14e89f-4126-4b0a-8347-8c40c8e643a4?P1=1745625009&P2=404&P3=2&P4=Q3UooLw3uJe4%2b7yBlpltYivTfjtmRg31r1DtI9RxY6Nq9uQEqwFqj7zG0dbJeRs%2bZ8gdf%2bbpoEwIyoJcPcw%2b7Q%3d%3d
unknown
whitelisted
1276
svchost.exe
GET
206
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4a14e89f-4126-4b0a-8347-8c40c8e643a4?P1=1745625009&P2=404&P3=2&P4=Q3UooLw3uJe4%2b7yBlpltYivTfjtmRg31r1DtI9RxY6Nq9uQEqwFqj7zG0dbJeRs%2bZ8gdf%2bbpoEwIyoJcPcw%2b7Q%3d%3d
unknown
whitelisted
1276
svchost.exe
GET
206
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4a14e89f-4126-4b0a-8347-8c40c8e643a4?P1=1745625009&P2=404&P3=2&P4=Q3UooLw3uJe4%2b7yBlpltYivTfjtmRg31r1DtI9RxY6Nq9uQEqwFqj7zG0dbJeRs%2bZ8gdf%2bbpoEwIyoJcPcw%2b7Q%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.216.77.22:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
4
System
192.168.100.255:137
whitelisted
6544
svchost.exe
40.126.31.1:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7768
SIHClient.exe
4.245.163.56:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7768
SIHClient.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.206
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.216.77.22
  • 23.216.77.20
  • 23.216.77.21
  • 23.216.77.18
  • 23.216.77.8
  • 23.216.77.13
  • 23.216.77.15
  • 23.216.77.6
  • 23.216.77.19
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.31.1
  • 20.190.159.130
  • 20.190.159.2
  • 20.190.159.129
  • 40.126.31.128
  • 40.126.31.69
  • 20.190.159.23
  • 40.126.31.67
  • 20.190.159.73
  • 40.126.31.129
  • 40.126.31.0
  • 20.190.159.128
  • 20.190.159.68
  • 20.190.159.71
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
www.microsoft.com
  • 2.23.181.156
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Stereo Tool 10.30 Multilingual x64 [FileCR].zip