File name:

msi-app-player-5.9.300.6315-installer_w-0WOC1.exe

Full analysis: https://app.any.run/tasks/a952d89c-ea82-4cd9-9b97-23b518d71a2f
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 02, 2024, 02:09:22
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

C9DB32520878A90F367B284F5F765AB7

SHA1:

E59B03E0DFE13054A30EB68A04B0CD7CC0456E1A

SHA256:

5DC9EAFB99E68C0EF77D151EA645736D19393FFFC3E01D9DBB073584893B99A4

SSDEEP:

49152:r7HecD4dnbibBlrnCWFc7qThZwqN8EUPbWNffESuuZuLOxUqK/W5NVxYe8VmsSnm:X+cD4dn2DGGhqKUTWBEStZ3x/K/QVxJU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msi-app-player-5.9.300.6315-installer_w-0WOC1.exe (PID: 2620)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.exe (PID: 5428)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 4720)
      • component0.exe (PID: 6276)
      • RAVEndPointProtection-installer.exe (PID: 3196)
      • 44u2z43z.exe (PID: 6992)
      • saBSI.exe (PID: 4628)
      • installer.exe (PID: 5292)
      • installer.exe (PID: 3628)

    • Actions looks like stealing of personal data

      • RAVEndPointProtection-installer.exe (PID: 3196)
      • uihost.exe (PID: 2164)
      • servicehost.exe (PID: 6736)

    • Registers / Runs the DLL via REGSVR32.EXE

      • installer.exe (PID: 3628)

    • Steals credentials from Web Browsers

      • servicehost.exe (PID: 6736)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 1720)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 4720)
      • component0.exe (PID: 6276)
      • saBSI.exe (PID: 4628)
      • installer.exe (PID: 3628)
      • uihost.exe (PID: 2164)

    • Executable content was dropped or overwritten

      • msi-app-player-5.9.300.6315-installer_w-0WOC1.exe (PID: 2620)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.exe (PID: 5428)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 4720)
      • component0.exe (PID: 6276)
      • 44u2z43z.exe (PID: 6992)
      • RAVEndPointProtection-installer.exe (PID: 3196)
      • saBSI.exe (PID: 4628)
      • installer.exe (PID: 5292)
      • installer.exe (PID: 3628)

    • Reads the date of Windows installation

      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 1720)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 4720)
      • component0.exe (PID: 6276)

    • Reads the Windows owner or organization settings

      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 4720)

    • The process creates files with name similar to system file names

      • 44u2z43z.exe (PID: 6992)
      • installer.exe (PID: 3628)

    • Process drops legitimate windows executable

      • 44u2z43z.exe (PID: 6992)
      • RAVEndPointProtection-installer.exe (PID: 3196)
      • installer.exe (PID: 3628)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • 44u2z43z.exe (PID: 6992)

    • Searches for installed software

      • RAVEndPointProtection-installer.exe (PID: 3196)

    • Creates a software uninstall entry

      • RAVEndPointProtection-installer.exe (PID: 3196)
      • installer.exe (PID: 3628)
      • servicehost.exe (PID: 6736)

    • Executes as Windows Service

      • rsSyncSvc.exe (PID: 6724)
      • servicehost.exe (PID: 6736)

    • The process verifies whether the antivirus software is installed

      • saBSI.exe (PID: 4628)
      • installer.exe (PID: 5292)
      • regsvr32.exe (PID: 4612)
      • installer.exe (PID: 3628)
      • regsvr32.exe (PID: 6084)
      • regsvr32.exe (PID: 6100)
      • regsvr32.exe (PID: 5812)
      • regsvr32.exe (PID: 5536)
      • regsvr32.exe (PID: 2788)
      • uihost.exe (PID: 2164)
      • cmd.exe (PID: 7444)
      • servicehost.exe (PID: 6736)

    • Adds/modifies Windows certificates

      • saBSI.exe (PID: 4628)
      • servicehost.exe (PID: 6736)

    • Checks Windows Trust Settings

      • saBSI.exe (PID: 4628)
      • installer.exe (PID: 3628)
      • servicehost.exe (PID: 6736)
      • uihost.exe (PID: 2164)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 5812)
      • regsvr32.exe (PID: 6084)
      • regsvr32.exe (PID: 5536)
      • regsvr32.exe (PID: 2788)

    • Reads Mozilla Firefox installation path

      • servicehost.exe (PID: 6736)
      • uihost.exe (PID: 2164)

    • Hides command output

      • cmd.exe (PID: 7444)

    • Starts CMD.EXE for commands execution

      • servicehost.exe (PID: 6736)

  • INFO

    • Checks supported languages

      • msi-app-player-5.9.300.6315-installer_w-0WOC1.exe (PID: 2620)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 1720)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.exe (PID: 5428)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 4720)
      • identity_helper.exe (PID: 6648)
      • component0.exe (PID: 6276)
      • 44u2z43z.exe (PID: 6992)
      • saBSI.exe (PID: 4628)
      • RAVEndPointProtection-installer.exe (PID: 3196)
      • rsSyncSvc.exe (PID: 6724)
      • rsSyncSvc.exe (PID: 6416)
      • installer.exe (PID: 3628)
      • installer.exe (PID: 5292)
      • servicehost.exe (PID: 6736)
      • uihost.exe (PID: 2164)

    • Reads the computer name

      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 1720)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 4720)
      • identity_helper.exe (PID: 6648)
      • component0.exe (PID: 6276)
      • saBSI.exe (PID: 4628)
      • RAVEndPointProtection-installer.exe (PID: 3196)
      • rsSyncSvc.exe (PID: 6416)
      • rsSyncSvc.exe (PID: 6724)
      • installer.exe (PID: 3628)
      • servicehost.exe (PID: 6736)
      • uihost.exe (PID: 2164)

    • Create files in a temporary directory

      • msi-app-player-5.9.300.6315-installer_w-0WOC1.exe (PID: 2620)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.exe (PID: 5428)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 4720)
      • component0.exe (PID: 6276)
      • 44u2z43z.exe (PID: 6992)
      • saBSI.exe (PID: 4628)
      • installer.exe (PID: 3628)
      • RAVEndPointProtection-installer.exe (PID: 3196)

    • Process checks computer location settings

      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 1720)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 4720)
      • component0.exe (PID: 6276)
      • servicehost.exe (PID: 6736)

    • Reads the software policy settings

      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 4720)
      • component0.exe (PID: 6276)
      • saBSI.exe (PID: 4628)
      • RAVEndPointProtection-installer.exe (PID: 3196)
      • installer.exe (PID: 3628)
      • servicehost.exe (PID: 6736)
      • uihost.exe (PID: 2164)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 4704)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 1720)

    • Application launched itself

      • msedge.exe (PID: 4704)

    • Disables trace logs

      • component0.exe (PID: 6276)
      • RAVEndPointProtection-installer.exe (PID: 3196)

    • Reads the machine GUID from the registry

      • component0.exe (PID: 6276)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 4720)
      • saBSI.exe (PID: 4628)
      • RAVEndPointProtection-installer.exe (PID: 3196)
      • installer.exe (PID: 3628)
      • servicehost.exe (PID: 6736)
      • uihost.exe (PID: 2164)

    • Reads Environment values

      • component0.exe (PID: 6276)
      • RAVEndPointProtection-installer.exe (PID: 3196)
      • servicehost.exe (PID: 6736)

    • Checks proxy server information

      • component0.exe (PID: 6276)
      • msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp (PID: 4720)
      • RAVEndPointProtection-installer.exe (PID: 3196)
      • saBSI.exe (PID: 4628)

    • Creates files in the program directory

      • saBSI.exe (PID: 4628)
      • RAVEndPointProtection-installer.exe (PID: 3196)
      • installer.exe (PID: 5292)
      • installer.exe (PID: 3628)
      • servicehost.exe (PID: 6736)
      • uihost.exe (PID: 2164)

    • Reads product name

      • servicehost.exe (PID: 6736)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 89600
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 423.56.98.8907
ProductVersionNumber: 423.56.98.8907
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Softonic ??????nternational SA
FileVersion: 423.56.98.8907
LegalCopyright: ©2023 Softonic ??????nternational SA
OriginalFileName:
ProductName: Softonic ??????nternational SA
ProductVersion: 3.1.5.7
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
191
Monitored processes
68
Malicious processes
12
Suspicious processes
7

Behavior graph

Click at the process to see the details
start msi-app-player-5.9.300.6315-installer_w-0woc1.exe msi-app-player-5.9.300.6315-installer_w-0woc1.tmp no specs msi-app-player-5.9.300.6315-installer_w-0woc1.exe msi-app-player-5.9.300.6315-installer_w-0woc1.tmp msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs component0.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs 44u2z43z.exe sabsi.exe ravendpointprotection-installer.exe rssyncsvc.exe no specs conhost.exe no specs rssyncsvc.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs installer.exe msedge.exe no specs installer.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs regsvr32.exe no specs servicehost.exe regsvr32.exe no specs regsvr32.exe no specs uihost.exe cmd.exe no specs conhost.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
32"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3512 --field-trial-handle=2504,i,110647256287277535,8350244016342865385,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
928"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2496 --field-trial-handle=2504,i,110647256287277535,8350244016342865385,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1204"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6464 --field-trial-handle=2504,i,110647256287277535,8350244016342865385,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1628"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6036 --field-trial-handle=2504,i,110647256287277535,8350244016342865385,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1720"C:\Users\admin\AppData\Local\Temp\is-8UKCS.tmp\msi-app-player-5.9.300.6315-installer_w-0WOC1.tmp" /SL5="$401DE,837551,832512,C:\Users\admin\Desktop\msi-app-player-5.9.300.6315-installer_w-0WOC1.exe" C:\Users\admin\AppData\Local\Temp\is-8UKCS.tmp\msi-app-player-5.9.300.6315-installer_w-0WOC1.tmpmsi-app-player-5.9.300.6315-installer_w-0WOC1.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-8ukcs.tmp\msi-app-player-5.9.300.6315-installer_w-0woc1.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
1724"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3676 --field-trial-handle=2504,i,110647256287277535,8350244016342865385,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1792"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5324 --field-trial-handle=2504,i,110647256287277535,8350244016342865385,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2164"C:\Program Files\McAfee\WebAdvisor\UIHost.exe" C:\Program Files\McAfee\WebAdvisor\uihost.exe
servicehost.exe
User:
admin
Company:
McAfee, LLC
Integrity Level:
MEDIUM
Description:
McAfee WebAdvisor(user level process)
Version:
4,1,1,898
Modules
Images
c:\program files\mcafee\webadvisor\uihost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2580"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3728 --field-trial-handle=2504,i,110647256287277535,8350244016342865385,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2620"C:\Users\admin\Desktop\msi-app-player-5.9.300.6315-installer_w-0WOC1.exe" C:\Users\admin\Desktop\msi-app-player-5.9.300.6315-installer_w-0WOC1.exe
explorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Softonic 𐌠nternational SA
Version:
423.56.98.8907
Modules
Images
c:\users\admin\desktop\msi-app-player-5.9.300.6315-installer_w-0woc1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
Total events
54 159
Read events
53 700
Write events
425
Delete events
34

Modification events

(PID) Process:(4720) msi-app-player-5.9.300.6315-installer_w-0WOC1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
701200002323F1E991B4DA01
(PID) Process:(4720) msi-app-player-5.9.300.6315-installer_w-0WOC1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
5F04471A16FD075C5F781ABB01FE5304064080C155F593C2FDD720E50B26DD41
(PID) Process:(4720) msi-app-player-5.9.300.6315-installer_w-0WOC1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(1720) msi-app-player-5.9.300.6315-installer_w-0WOC1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(1720) msi-app-player-5.9.300.6315-installer_w-0WOC1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1720) msi-app-player-5.9.300.6315-installer_w-0WOC1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1720) msi-app-player-5.9.300.6315-installer_w-0WOC1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4704) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4704) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4704) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
Executable files
99
Suspicious files
473
Text files
955
Unknown types
23

Dropped files

PID
Process
Filename
Type
2620msi-app-player-5.9.300.6315-installer_w-0WOC1.exeC:\Users\admin\AppData\Local\Temp\is-8UKCS.tmp\msi-app-player-5.9.300.6315-installer_w-0WOC1.tmpexecutable
MD5:053B158842578C53DB20AD6835B8658B
SHA256:FBB3B174E158168DB58855286AA1CF9537DE8084070EE5751DD3B252E9B7DACA
4720msi-app-player-5.9.300.6315-installer_w-0WOC1.tmpC:\Users\admin\AppData\Local\Temp\is-LP7AH.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
4704msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF118f9b.TMPtext
MD5:E91615207F6B10089DAF9578D998B3E9
SHA256:B201D5713B35A7D6767927E8C5A12B16F072D73473A60E1074EADF1043B8DC8D
4720msi-app-player-5.9.300.6315-installer_w-0WOC1.tmpC:\Users\admin\AppData\Local\Temp\is-LP7AH.tmp\x.pngimage
MD5:0BD639D161C88F6B8C31EB55478841F9
SHA256:CA825FAB9A9746DAC2AC63EF48722154A1A56A457DA6AB7D80D34FCACF0B010E
4704msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Versiontext
MD5:C7E2197BAE099B13BBB3ADEB1433487D
SHA256:3460EEAF45D581DD43A6E4E17AF8102DDAFF5AEAA88B10099527CF85211629E9
4704msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF118faa.TMP
MD5:
SHA256:
4704msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF118fba.TMP
MD5:
SHA256:
4704msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
4704msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
4704msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF118faa.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
223
TCP/UDP connections
168
DNS requests
144
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
301
null:443
https://gsf-fl.softonic.com/e8f/45e/855f9e6c3137f57e8fe1a0cc661eccb89a/MSI_APP_Player.exe?Expires=1717138773&Signature=370e74d4f78d17ff9ed4d2a012f2bb6500a80f5b&url=https://msi-app-player.softonic.com&Filename=MSI_APP_Player.exe
unknown
GET
301
23.67.131.82:443
https://www.mcafee.com/consumer/en-us/policy/legal.html
unknown
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
2384
RUXIMICS.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
2392
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
2384
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
2392
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=27&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
1.15 Kb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2392
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2384
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5140
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4364
svchost.exe
239.255.255.250:1900
unknown
2384
RUXIMICS.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2392
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5140
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5140
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
2384
RUXIMICS.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
2392
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
d2dbdb0phbn9qb.cloudfront.net
  • 54.239.192.118
  • 54.239.192.71
  • 54.239.192.78
  • 54.239.192.229
unknown
images.sftcdn.net
  • 23.67.132.99
whitelisted
gsf-fl.softonic.com
  • 199.232.198.133
  • 199.232.194.133
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.mcafee.com
  • 23.67.131.82
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.43
unknown

Threats

No threats detected
Process
Message
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-LP7AH.tmp\component1_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-LP7AH.tmp\component1_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-LP7AH.tmp\component1_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-LP7AH.tmp\component1_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe
NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-LP7AH.tmp\component1_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-LP7AH.tmp\component1_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
msi-app-player-5.9.300.6315-installer_w-0WOC1.exe