File name:

Stereo Tool 10.30 Multilingual x64 [FileCR].zip

Full analysis: https://app.any.run/tasks/c207569c-6466-4ea5-9f3f-e226c4b606ef
Verdict: Malicious activity
Analysis date: April 19, 2025, 20:55:01
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
upx
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

CA980D3159FFDB67708995AECE3D316D

SHA1:

CEBADEB26CFE6501BAC39A5BCE126F7868A20C71

SHA256:

280A44E3E55EAF3B2869D3BD8F7B244BEF646CC641714450594784F8380B6AF5

SSDEEP:

98304:ZRLSQ8I4xl54whaHna8DzLQA1xx4Myb1N+V+oUuYxA/XN3+pY1kpuTzZFusn1SDO:LlgY9CaX0GLdDQV0+cGphD9nR4s+Ce

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates a software uninstall entry

      • stereo_tool_standalone_installer_64.exe (PID: 7732)

    • The process creates files with name similar to system file names

      • stereo_tool_standalone_installer_64.exe (PID: 7732)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • stereo_tool_standalone_installer_64.exe (PID: 7732)

    • Executable content was dropped or overwritten

      • stereo_tool_standalone_installer_64.exe (PID: 7732)

    • Reads security settings of Internet Explorer

      • ShellExperienceHost.exe (PID: 7384)
      • stereo_tool_standalone_installer_64.exe (PID: 7732)
      • kg.exe (PID: 208)
      • kg.exe (PID: 3020)
      • StereoTool.exe (PID: 2564)

    • There is functionality for taking screenshot (YARA)

      • kg.exe (PID: 3020)

    • Creates file in the systems drive root

      • kg.exe (PID: 208)
      • kg.exe (PID: 3020)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2284)
      • WinRAR.exe (PID: 4572)
      • msedge.exe (PID: 4776)

    • Manual execution by a user

      • stereo_tool_standalone_installer_64.exe (PID: 7684)
      • stereo_tool_standalone_installer_64.exe (PID: 7732)
      • WinRAR.exe (PID: 5228)
      • WinRAR.exe (PID: 4572)
      • msedge.exe (PID: 7248)
      • kg.exe (PID: 3020)
      • kg.exe (PID: 208)
      • StereoTool.exe (PID: 2564)

    • Create files in a temporary directory

      • stereo_tool_standalone_installer_64.exe (PID: 7732)

    • Checks supported languages

      • stereo_tool_standalone_installer_64.exe (PID: 7732)
      • ShellExperienceHost.exe (PID: 7384)
      • identity_helper.exe (PID: 3032)
      • kg.exe (PID: 208)
      • kg.exe (PID: 3020)
      • StereoTool.exe (PID: 2564)

    • The sample compiled with english language support

      • stereo_tool_standalone_installer_64.exe (PID: 7732)
      • msedge.exe (PID: 4776)

    • Reads the computer name

      • stereo_tool_standalone_installer_64.exe (PID: 7732)
      • ShellExperienceHost.exe (PID: 7384)
      • identity_helper.exe (PID: 3032)
      • kg.exe (PID: 208)
      • kg.exe (PID: 3020)
      • StereoTool.exe (PID: 2564)

    • Creates files in the program directory

      • stereo_tool_standalone_installer_64.exe (PID: 7732)
      • kg.exe (PID: 208)

    • Creates files or folders in the user directory

      • stereo_tool_standalone_installer_64.exe (PID: 7732)

    • Reads the software policy settings

      • slui.exe (PID: 6132)
      • slui.exe (PID: 8016)

    • Application launched itself

      • msedge.exe (PID: 8016)
      • msedge.exe (PID: 7248)
      • msedge.exe (PID: 6516)

    • Reads Environment values

      • identity_helper.exe (PID: 3032)

    • Compiled with Borland Delphi (YARA)

      • slui.exe (PID: 8016)
      • kg.exe (PID: 3020)
      • SystemSettingsBroker.exe (PID: 7184)

    • UPX packer has been detected

      • kg.exe (PID: 3020)

    • Checks proxy server information

      • slui.exe (PID: 8016)
      • StereoTool.exe (PID: 2564)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.kmz | Google Earth saved working session (60)
.zip | ZIP compressed archive (40)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:04:07 07:36:02
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Stereo Tool 10.30 Multilingual x64/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
214
Monitored processes
75
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe sppextcomobj.exe no specs slui.exe rundll32.exe no specs stereo_tool_standalone_installer_64.exe no specs stereo_tool_standalone_installer_64.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs shellexperiencehost.exe no specs systemsettingsbroker.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe kg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs kg.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs stereotool.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Users\admin\Desktop\Stereo Tool 10.30 Multilingual x64\keygen\kg.exe" C:\Users\admin\Desktop\Stereo Tool 10.30 Multilingual x64\keygen\kg.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\stereo tool 10.30 multilingual x64\keygen\kg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\winmm.dll
856"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3500 --field-trial-handle=2416,i,15321581328432938216,1563686992963069199,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6112 --field-trial-handle=2416,i,15321581328432938216,1563686992963069199,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5268 --field-trial-handle=2304,i,11837373777909051275,6016265471838978628,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1272"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1616 --field-trial-handle=2304,i,11837373777909051275,6016265471838978628,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4776 --field-trial-handle=2304,i,11837373777909051275,6016265471838978628,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1672"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2304,i,11837373777909051275,6016265471838978628,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1676"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2664 --field-trial-handle=2416,i,15321581328432938216,1563686992963069199,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2100"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2416 --field-trial-handle=2424,i,14477046413421884461,8586918541286852030,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2284"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Stereo Tool 10.30 Multilingual x64 [FileCR].zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
27 011
Read events
26 477
Write events
515
Delete events
19

Modification events

(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Stereo Tool 10.30 Multilingual x64 [FileCR].zip
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(2284) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
Executable files
34
Suspicious files
439
Text files
98
Unknown types
0

Dropped files

PID
Process
Filename
Type
7732stereo_tool_standalone_installer_64.exeC:\Program Files\Stereo Tool\StereoTool.exe
MD5:
SHA256:
7732stereo_tool_standalone_installer_64.exeC:\Users\admin\AppData\Local\Temp\nsj33B1.tmp\System.dllexecutable
MD5:B0C77267F13B2F87C084FD86EF51CCFC
SHA256:A0CAC4CF4852895619BC7743EBEB89F9E4927CCDB9E66B1BCD92A4136D0F9C77
2284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2284.43223\Stereo Tool 10.30 Multilingual x64\keygen.zipcompressed
MD5:E46F666FD8D7C30049630CDC2A03EDAE
SHA256:6509636580CD87623B599523B63DEE26C692A02E5E923E550EE32AFCB127A4C2
2284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2284.43223\Stereo Tool 10.30 Multilingual x64\stereo_tool_standalone_installer_64.exeexecutable
MD5:A59AD203324D909673318424C3BAF059
SHA256:46A32DE43F151B2E9E6CAB368AC7F18D6B0D68B1C8D1EE5D01A87812F6870D98
7732stereo_tool_standalone_installer_64.exeC:\Program Files\Stereo Tool\libsndfile-1.dllexecutable
MD5:8C72F7D2B7772E9000C1E6B1E4AE6288
SHA256:A08D202D4B1C5056DBBF6E98D07FCE1C56ADB0C14A7E80DA493A1188A7C147C0
7732stereo_tool_standalone_installer_64.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stereo Tool\Stereo Tool.lnkbinary
MD5:25ADD871601A7CDAFFF7DF56A54EC05D
SHA256:C50A0EF8A98CBE8EBCCE2698D7150E3607F02B78D862AF99DA55E7D45EB5C957
7732stereo_tool_standalone_installer_64.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stereo Tool\Uninstall.lnkbinary
MD5:D6DA37097786BCC0592A8979CED3EC2D
SHA256:7486501371866D057665883C4A8F0BD8A9071AB8EEE8707747EEEC34823EB0F4
7732stereo_tool_standalone_installer_64.exeC:\Program Files\Stereo Tool\lame_enc_3_100.dllexecutable
MD5:6C44D19C7123D581C856CF54DA7626D4
SHA256:3BAFF7FC22B3F914B435C8FD3E186BB06B9E14D4CEB548122D099A10F423012C
8016msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Versiontext
MD5:C7E2197BAE099B13BBB3ADEB1433487D
SHA256:3460EEAF45D581DD43A6E4E17AF8102DDAFF5AEAA88B10099527CF85211629E9
7248msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF11509e.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
53
TCP/UDP connections
78
DNS requests
85
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.216.77.22:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7768
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1676
msedge.exe
GET
302
198.54.126.120:80
http://installed.stereotool.com/10.30-sa/
unknown
unknown
7768
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1276
svchost.exe
HEAD
200
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4a14e89f-4126-4b0a-8347-8c40c8e643a4?P1=1745625009&P2=404&P3=2&P4=Q3UooLw3uJe4%2b7yBlpltYivTfjtmRg31r1DtI9RxY6Nq9uQEqwFqj7zG0dbJeRs%2bZ8gdf%2bbpoEwIyoJcPcw%2b7Q%3d%3d
unknown
whitelisted
1276
svchost.exe
GET
206
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4a14e89f-4126-4b0a-8347-8c40c8e643a4?P1=1745625009&P2=404&P3=2&P4=Q3UooLw3uJe4%2b7yBlpltYivTfjtmRg31r1DtI9RxY6Nq9uQEqwFqj7zG0dbJeRs%2bZ8gdf%2bbpoEwIyoJcPcw%2b7Q%3d%3d
unknown
whitelisted
1276
svchost.exe
GET
206
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4a14e89f-4126-4b0a-8347-8c40c8e643a4?P1=1745625009&P2=404&P3=2&P4=Q3UooLw3uJe4%2b7yBlpltYivTfjtmRg31r1DtI9RxY6Nq9uQEqwFqj7zG0dbJeRs%2bZ8gdf%2bbpoEwIyoJcPcw%2b7Q%3d%3d
unknown
whitelisted
1276
svchost.exe
GET
206
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4a14e89f-4126-4b0a-8347-8c40c8e643a4?P1=1745625009&P2=404&P3=2&P4=Q3UooLw3uJe4%2b7yBlpltYivTfjtmRg31r1DtI9RxY6Nq9uQEqwFqj7zG0dbJeRs%2bZ8gdf%2bbpoEwIyoJcPcw%2b7Q%3d%3d
unknown
whitelisted
1276
svchost.exe
GET
206
2.22.242.227:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4a14e89f-4126-4b0a-8347-8c40c8e643a4?P1=1745625009&P2=404&P3=2&P4=Q3UooLw3uJe4%2b7yBlpltYivTfjtmRg31r1DtI9RxY6Nq9uQEqwFqj7zG0dbJeRs%2bZ8gdf%2bbpoEwIyoJcPcw%2b7Q%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.216.77.22:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
4
System
192.168.100.255:137
whitelisted
6544
svchost.exe
40.126.31.1:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7768
SIHClient.exe
4.245.163.56:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7768
SIHClient.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.206
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.216.77.22
  • 23.216.77.20
  • 23.216.77.21
  • 23.216.77.18
  • 23.216.77.8
  • 23.216.77.13
  • 23.216.77.15
  • 23.216.77.6
  • 23.216.77.19
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.31.1
  • 20.190.159.130
  • 20.190.159.2
  • 20.190.159.129
  • 40.126.31.128
  • 40.126.31.69
  • 20.190.159.23
  • 40.126.31.67
  • 20.190.159.73
  • 40.126.31.129
  • 40.126.31.0
  • 20.190.159.128
  • 20.190.159.68
  • 20.190.159.71
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
www.microsoft.com
  • 2.23.181.156
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Stereo Tool 10.30 Multilingual x64 [FileCR].zip