URL:

https://skh731.com/install.zip?c=ADre8GWQQwUA51sCAENPFwASAAAAAAAE

Full analysis: https://app.any.run/tasks/a45e7fed-8166-4f75-815d-e4f856ace136
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: March 12, 2024, 23:00:09
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

65314F9C22B2FB05FB17A35768A22A88

SHA1:

191D06A6546A3AFBDCD3AB74BA2D75AF31DB5EC0

SHA256:

98B0BECE6455ED2A812476E5507627E365DDFE1C69E6F9E5FFDFD6EF4ACC6C1A

SSDEEP:

3:N8DAW4DgFrgRphNkWgn:20Ngpz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • MicrosoftEdgeUpdateSetup.exe (PID: 1864)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 4084)
      • setup.exe (PID: 268)
      • MicrosoftEdgeSetup.exe (PID: 1808)

    • Changes the autorun value in the registry

      • setup.exe (PID: 268)

    • Creates a writable file in the system directory

      • MicrosoftEdgeUpdate.exe (PID: 392)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 1368)
      • MicrosoftEdgeUpdateSetup.exe (PID: 1864)
      • MicrosoftEdgeUpdate.exe (PID: 2972)

    • Process drops legitimate windows executable

      • iexplore.exe (PID: 3720)
      • iexplore.exe (PID: 2160)
      • MicrosoftEdgeSetup.exe (PID: 1808)
      • MicrosoftEdgeUpdateSetup.exe (PID: 1864)
      • MicrosoftEdgeUpdate.exe (PID: 2972)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 4084)
      • setup.exe (PID: 268)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 2972)

    • Executable content was dropped or overwritten

      • MicrosoftEdgeUpdateSetup.exe (PID: 1864)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 4084)
      • MicrosoftEdgeSetup.exe (PID: 1808)
      • setup.exe (PID: 268)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 2972)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdate.exe (PID: 3800)
      • setup.exe (PID: 268)

    • Creates a software uninstall entry

      • MicrosoftEdgeUpdate.exe (PID: 2972)
      • setup.exe (PID: 268)

    • Reads the Internet Settings

      • MicrosoftEdgeUpdate.exe (PID: 3616)

    • Executes as Windows Service

      • MicrosoftEdgeUpdate.exe (PID: 2620)

    • Reads settings of System Certificates

      • MicrosoftEdgeUpdate.exe (PID: 3616)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • Checks Windows Trust Settings

      • MicrosoftEdgeUpdate.exe (PID: 2620)
      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • Application launched itself

      • setup.exe (PID: 268)
      • MicrosoftEdgeUpdate.exe (PID: 2620)

    • Searches for installed software

      • setup.exe (PID: 268)

  • INFO

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3720)
      • iexplore.exe (PID: 2160)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 3720)
      • iexplore.exe (PID: 2160)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 2160)

    • The process uses the downloaded file

      • iexplore.exe (PID: 2160)
      • MicrosoftEdgeSetup.exe (PID: 1808)

    • Checks supported languages

      • MicrosoftEdgeSetup.exe (PID: 1808)
      • MicrosoftEdgeUpdateSetup.exe (PID: 1864)
      • MicrosoftEdgeUpdate.exe (PID: 3984)
      • MicrosoftEdgeUpdate.exe (PID: 3800)
      • MicrosoftEdgeUpdate.exe (PID: 2972)
      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 2992)
      • MicrosoftEdgeUpdate.exe (PID: 2620)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 4084)
      • setup.exe (PID: 268)
      • setup.exe (PID: 2028)
      • MicrosoftEdgeUpdate.exe (PID: 1368)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • Application launched itself

      • iexplore.exe (PID: 2160)
      • msedge.exe (PID: 3524)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 1368)
      • setup.exe (PID: 268)

    • Create files in a temporary directory

      • MicrosoftEdgeUpdate.exe (PID: 1368)
      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeSetup.exe (PID: 1808)

    • Creates files in the program directory

      • MicrosoftEdgeUpdateSetup.exe (PID: 1864)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 4084)
      • setup.exe (PID: 2028)
      • setup.exe (PID: 268)

    • Reads the computer name

      • MicrosoftEdgeUpdate.exe (PID: 2972)
      • MicrosoftEdgeUpdate.exe (PID: 3984)
      • MicrosoftEdgeUpdate.exe (PID: 3800)
      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 2992)
      • MicrosoftEdgeUpdate.exe (PID: 2620)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 4084)
      • setup.exe (PID: 268)
      • setup.exe (PID: 2028)
      • MicrosoftEdgeUpdate.exe (PID: 392)
      • MicrosoftEdgeUpdate.exe (PID: 1368)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 2620)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • Manual execution by a user

      • msedge.exe (PID: 3524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
68
Monitored processes
24
Malicious processes
9
Suspicious processes
2

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe microsoftedgesetup.exe microsoftedgeupdate.exe no specs microsoftedgeupdatesetup.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x86_109.0.1518.140.exe setup.exe setup.exe no specs microsoftedgeupdate.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
268"C:\Program Files\Microsoft\EdgeUpdate\Install\{39DED9F4-02A5-4043-AA59-12EF16692951}\EDGEMITMP_FC462.tmp\setup.exe" --install-archive="C:\Program Files\Microsoft\EdgeUpdate\Install\{39DED9F4-02A5-4043-AA59-12EF16692951}\MicrosoftEdge_X86_109.0.1518.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stableC:\Program Files\Microsoft\EdgeUpdate\Install\{39DED9F4-02A5-4043-AA59-12EF16692951}\EDGEMITMP_FC462.tmp\setup.exe
MicrosoftEdge_X86_109.0.1518.140.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Installer
Exit code:
0
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edgeupdate\install\{39ded9f4-02a5-4043-aa59-12ef16692951}\edgemitmp_fc462.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
392"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0JDODg5OTktRjczNy00RUFFLUI4QzktMDc1N0M3M0NBMUIyfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezZEMjIwNDZDLTQ3QzktNEEwMy1CQjExLTgxOURCOEE0QzlGQ30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI0IiBwaHlzbWVtb3J5PSIzIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjI0NTQ2IiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing4NiIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMDkuMC4xNTE4LjE0MCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjI1MCIgaW5zdGFsbGRhdGU9IjYwMjciIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM0NzEwMDIxOTA4ODg2NzAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY3OTczMjQyMTgiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjc5NzMyNDIxOCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3NjU3OTQ5MjE4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9kODdhM2JiZC03ZmU1LTRlYzMtYjgwNi0yOTNjY2E3OGIzNjM_UDE9MTcxMDg4OTMyNiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1YWU9haWJsRXhFU3ZuR0hEQlJlSHpxRVFIQXFqOUpOSnVlT2ZUU1N4JTJmNEhSQmNKVnZ0cHZkJTJidEJWamFvZzgyNGpVdTBtaDhOWnRBTldIaGE5VVEzTkElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxMjg1MTI5NjgiIHRvdGFsPSIxMjg1MTI5NjgiIGRvd25sb2FkX3RpbWVfbXM9Ijc5ODI4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTc2NTg1NzQyMTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzY5MzQxNzk2OCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjYwOCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTgwMDQzNTU0NjgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMTI1IiBkb3dubG9hZF90aW1lX21zPSI4NjExMCIgZG93bmxvYWRlZD0iMTI4NTEyOTY4IiB0b3RhbD0iMTI4NTEyOTY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIzMDk2OCIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.185.21
Modules
Images
c:\program files\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
996"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1068 --field-trial-handle=1052,i,12538878330694553815,17325431286869797945,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.140\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1368C:\Users\admin\AppData\Local\Temp\EU8D04.tmp\MicrosoftEdgeUpdate.exe /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0"C:\Users\admin\AppData\Local\Temp\EU8D04.tmp\MicrosoftEdgeUpdate.exeMicrosoftEdgeSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.185.21
Modules
Images
c:\users\admin\appdata\local\temp\eu8d04.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1388"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1324 --field-trial-handle=1052,i,12538878330694553815,17325431286869797945,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.140\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1808"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MicrosoftEdgeSetup.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MicrosoftEdgeSetup.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.185.21
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\po2hn1x2\microsoftedgesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1864"C:\Users\admin\AppData\Local\Temp\EU8D04.tmp\MicrosoftEdgeUpdateSetup.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0" /installelevated /nomitagC:\Users\admin\AppData\Local\Temp\EU8D04.tmp\MicrosoftEdgeUpdateSetup.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.185.21
Modules
Images
c:\users\admin\appdata\local\temp\eu8d04.tmp\microsoftedgeupdatesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
2016"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2196 --field-trial-handle=1052,i,12538878330694553815,17325431286869797945,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.140\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2028"C:\Program Files\Microsoft\EdgeUpdate\Install\{39DED9F4-02A5-4043-AA59-12EF16692951}\EDGEMITMP_FC462.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1C:\Program Files\Microsoft\EdgeUpdate\Install\{39DED9F4-02A5-4043-AA59-12EF16692951}\EDGEMITMP_FC462.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Installer
Exit code:
99
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edgeupdate\install\{39ded9f4-02a5-4043-aa59-12ef16692951}\edgemitmp_fc462.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
2160"C:\Program Files\Internet Explorer\iexplore.exe" "https://skh731.com/install.zip?c=ADre8GWQQwUA51sCAENPFwASAAAAAAAE"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
62 250
Read events
58 242
Write events
3 764
Delete events
244

Modification events

(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
245182176
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31093969
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
545338426
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31093969
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
311
Suspicious files
95
Text files
274
Unknown types
167

Dropped files

PID
Process
Filename
Type
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:95703F1C45F8F377857ED0AE750331F3
SHA256:346886546649A9BA85846BA12A55CBCFB0D74841BC50F0A971F383DC687524C3
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464der
MD5:8202A1CD02E7D69597995CABBE881A12
SHA256:58F381C3A0A0ACE6321DA22E40BD44A597BD98B9C9390AB9258426B5CF75A7A5
3720iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\email-decode.min[1].jshtml
MD5:9E8F56E8E1806253BA01A95CFC3D392C
SHA256:2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
2160iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:66B81647933D2D0B4F3F9E185E56F680
SHA256:11FE0D746FB541F81756ADB87EAC8737054E362D6AC8C3F879144C778969E6E2
3720iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\install[1].htmhtml
MD5:3832A9F8E796A3E08A630647506AFF9E
SHA256:E6C60E563C9E6392A55DC68837182185BDC4CF8F0BAEEE35A3413D3A91AE5248
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:88AE914902319B364517EF2AC0F7507C
SHA256:3A9AD61E4C0E852BE51F29E2EA2046F8994BA490088FC61F5E7956B47FCFEBC3
2160iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:C652355745C62EFCCF599AE77847D14F
SHA256:E1F482F1432E311C39FB3105E786DC023EC1946AB5699C831D22992E66E68969
2160iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Ader
MD5:16D4A0DC403B6006EDB4B06FCAD506E2
SHA256:464BA1031E74588F441187B5BECC8FD51365DEC42DAB619C05DE54226EA69E71
2160iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[2].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
116
DNS requests
90
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3720
iexplore.exe
GET
304
2.20.71.143:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c70275e956f241e7
unknown
unknown
3720
iexplore.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
unknown
binary
724 b
unknown
3720
iexplore.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
2160
iexplore.exe
GET
304
2.20.71.143:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4dd617501e33218a
unknown
unknown
2160
iexplore.exe
GET
304
2.20.71.143:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?93077e6bb0397963
unknown
unknown
2160
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
312 b
unknown
3720
iexplore.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
3720
iexplore.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEH6FWuT3fbHwEAPEHSB2q%2B0%3D
unknown
binary
471 b
unknown
1080
svchost.exe
GET
200
2.20.71.143:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6776476d79efed94
unknown
compressed
67.5 Kb
unknown
2160
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown
3720
iexplore.exe
172.67.141.43:443
skh731.com
CLOUDFLARENET
US
unknown
2160
iexplore.exe
23.204.95.80:443
www.bing.com
Akamai International B.V.
CL
unknown
3720
iexplore.exe
2.20.71.143:80
ctldl.windowsupdate.com
Akamai International B.V.
NL
unknown
3720
iexplore.exe
172.217.16.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2160
iexplore.exe
2.20.71.143:80
ctldl.windowsupdate.com
Akamai International B.V.
NL
unknown
2160
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3720
iexplore.exe
216.58.206.74:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
skh731.com
  • 172.67.141.43
  • 104.21.33.45
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 23.204.95.80
  • 23.204.95.114
  • 23.204.95.106
  • 23.204.95.105
  • 23.204.95.98
  • 23.204.95.88
  • 23.204.95.81
  • 23.204.95.96
  • 23.204.95.97
  • 23.204.95.107
  • 23.204.95.113
  • 23.204.95.104
  • 23.204.95.112
whitelisted
ctldl.windowsupdate.com
  • 2.20.71.143
  • 2.20.71.234
whitelisted
ocsp.pki.goog
  • 172.217.16.131
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
fonts.googleapis.com
  • 216.58.206.74
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ieonline.microsoft.com
  • 204.79.197.200
whitelisted

Threats

PID
Process
Class
Message
856
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://skh731.com/install.zip?c=ADre8GWQQwUA51sCAENPFwASAAAAAAAE