URL:

https://skh731.com/install.zip?c=ADre8GWQQwUA51sCAENPFwASAAAAAAAE

Full analysis: https://app.any.run/tasks/a45e7fed-8166-4f75-815d-e4f856ace136
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: March 12, 2024, 23:00:09
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

65314F9C22B2FB05FB17A35768A22A88

SHA1:

191D06A6546A3AFBDCD3AB74BA2D75AF31DB5EC0

SHA256:

98B0BECE6455ED2A812476E5507627E365DDFE1C69E6F9E5FFDFD6EF4ACC6C1A

SSDEEP:

3:N8DAW4DgFrgRphNkWgn:20Ngpz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • MicrosoftEdgeSetup.exe (PID: 1808)
      • MicrosoftEdgeUpdateSetup.exe (PID: 1864)
      • setup.exe (PID: 268)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 4084)

    • Changes the autorun value in the registry

      • setup.exe (PID: 268)

    • Creates a writable file in the system directory

      • MicrosoftEdgeUpdate.exe (PID: 392)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • iexplore.exe (PID: 3720)
      • iexplore.exe (PID: 2160)
      • MicrosoftEdgeSetup.exe (PID: 1808)
      • MicrosoftEdgeUpdateSetup.exe (PID: 1864)
      • MicrosoftEdgeUpdate.exe (PID: 2972)
      • setup.exe (PID: 268)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 4084)

    • Executable content was dropped or overwritten

      • MicrosoftEdgeSetup.exe (PID: 1808)
      • MicrosoftEdgeUpdateSetup.exe (PID: 1864)
      • setup.exe (PID: 268)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 4084)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 1368)
      • MicrosoftEdgeUpdateSetup.exe (PID: 1864)
      • MicrosoftEdgeUpdate.exe (PID: 2972)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 2972)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 2972)

    • Creates a software uninstall entry

      • MicrosoftEdgeUpdate.exe (PID: 2972)
      • setup.exe (PID: 268)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdate.exe (PID: 3800)
      • setup.exe (PID: 268)

    • Executes as Windows Service

      • MicrosoftEdgeUpdate.exe (PID: 2620)

    • Reads settings of System Certificates

      • MicrosoftEdgeUpdate.exe (PID: 3616)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • Checks Windows Trust Settings

      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 2620)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • Reads the Internet Settings

      • MicrosoftEdgeUpdate.exe (PID: 3616)

    • Searches for installed software

      • setup.exe (PID: 268)

    • Application launched itself

      • setup.exe (PID: 268)
      • MicrosoftEdgeUpdate.exe (PID: 2620)

  • INFO

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 3720)
      • iexplore.exe (PID: 2160)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 2160)

    • Application launched itself

      • iexplore.exe (PID: 2160)
      • msedge.exe (PID: 3524)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 2160)
      • iexplore.exe (PID: 3720)

    • Checks supported languages

      • MicrosoftEdgeSetup.exe (PID: 1808)
      • MicrosoftEdgeUpdate.exe (PID: 1368)
      • MicrosoftEdgeUpdate.exe (PID: 3984)
      • MicrosoftEdgeUpdate.exe (PID: 3800)
      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdateSetup.exe (PID: 1864)
      • MicrosoftEdgeUpdate.exe (PID: 2972)
      • MicrosoftEdgeUpdate.exe (PID: 2992)
      • MicrosoftEdgeUpdate.exe (PID: 2620)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 4084)
      • setup.exe (PID: 268)
      • setup.exe (PID: 2028)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • The process uses the downloaded file

      • iexplore.exe (PID: 2160)
      • MicrosoftEdgeSetup.exe (PID: 1808)

    • Create files in a temporary directory

      • MicrosoftEdgeSetup.exe (PID: 1808)
      • MicrosoftEdgeUpdate.exe (PID: 1368)
      • MicrosoftEdgeUpdate.exe (PID: 3616)

    • Reads the computer name

      • MicrosoftEdgeUpdate.exe (PID: 1368)
      • MicrosoftEdgeUpdate.exe (PID: 2972)
      • MicrosoftEdgeUpdate.exe (PID: 3984)
      • MicrosoftEdgeUpdate.exe (PID: 3800)
      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 2992)
      • MicrosoftEdgeUpdate.exe (PID: 2620)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 4084)
      • setup.exe (PID: 2028)
      • setup.exe (PID: 268)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 1368)
      • setup.exe (PID: 268)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • Creates files in the program directory

      • MicrosoftEdgeUpdateSetup.exe (PID: 1864)
      • MicrosoftEdge_X86_109.0.1518.140.exe (PID: 4084)
      • setup.exe (PID: 2028)
      • setup.exe (PID: 268)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 2620)
      • MicrosoftEdgeUpdate.exe (PID: 3616)
      • MicrosoftEdgeUpdate.exe (PID: 392)

    • Manual execution by a user

      • msedge.exe (PID: 3524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
68
Monitored processes
24
Malicious processes
9
Suspicious processes
2

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe microsoftedgesetup.exe microsoftedgeupdate.exe no specs microsoftedgeupdatesetup.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x86_109.0.1518.140.exe setup.exe setup.exe no specs microsoftedgeupdate.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
268"C:\Program Files\Microsoft\EdgeUpdate\Install\{39DED9F4-02A5-4043-AA59-12EF16692951}\EDGEMITMP_FC462.tmp\setup.exe" --install-archive="C:\Program Files\Microsoft\EdgeUpdate\Install\{39DED9F4-02A5-4043-AA59-12EF16692951}\MicrosoftEdge_X86_109.0.1518.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stableC:\Program Files\Microsoft\EdgeUpdate\Install\{39DED9F4-02A5-4043-AA59-12EF16692951}\EDGEMITMP_FC462.tmp\setup.exe
MicrosoftEdge_X86_109.0.1518.140.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Installer
Exit code:
0
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edgeupdate\install\{39ded9f4-02a5-4043-aa59-12ef16692951}\edgemitmp_fc462.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
392"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0JDODg5OTktRjczNy00RUFFLUI4QzktMDc1N0M3M0NBMUIyfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezZEMjIwNDZDLTQ3QzktNEEwMy1CQjExLTgxOURCOEE0QzlGQ30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI0IiBwaHlzbWVtb3J5PSIzIiBkaXNrX3R5cGU9IjAiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjI0NTQ2IiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing4NiIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMDkuMC4xNTE4LjE0MCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjI1MCIgaW5zdGFsbGRhdGU9IjYwMjciIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM0NzEwMDIxOTA4ODg2NzAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY3OTczMjQyMTgiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjc5NzMyNDIxOCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3NjU3OTQ5MjE4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9kODdhM2JiZC03ZmU1LTRlYzMtYjgwNi0yOTNjY2E3OGIzNjM_UDE9MTcxMDg4OTMyNiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1YWU9haWJsRXhFU3ZuR0hEQlJlSHpxRVFIQXFqOUpOSnVlT2ZUU1N4JTJmNEhSQmNKVnZ0cHZkJTJidEJWamFvZzgyNGpVdTBtaDhOWnRBTldIaGE5VVEzTkElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxMjg1MTI5NjgiIHRvdGFsPSIxMjg1MTI5NjgiIGRvd25sb2FkX3RpbWVfbXM9Ijc5ODI4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTc2NTg1NzQyMTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzY5MzQxNzk2OCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjYwOCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTgwMDQzNTU0NjgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMTI1IiBkb3dubG9hZF90aW1lX21zPSI4NjExMCIgZG93bmxvYWRlZD0iMTI4NTEyOTY4IiB0b3RhbD0iMTI4NTEyOTY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIzMDk2OCIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.185.21
Modules
Images
c:\program files\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
996"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1068 --field-trial-handle=1052,i,12538878330694553815,17325431286869797945,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.140\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1368C:\Users\admin\AppData\Local\Temp\EU8D04.tmp\MicrosoftEdgeUpdate.exe /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0"C:\Users\admin\AppData\Local\Temp\EU8D04.tmp\MicrosoftEdgeUpdate.exeMicrosoftEdgeSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.185.21
Modules
Images
c:\users\admin\appdata\local\temp\eu8d04.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1388"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1324 --field-trial-handle=1052,i,12538878330694553815,17325431286869797945,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.140\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1808"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MicrosoftEdgeSetup.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\MicrosoftEdgeSetup.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.185.21
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\po2hn1x2\microsoftedgesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1864"C:\Users\admin\AppData\Local\Temp\EU8D04.tmp\MicrosoftEdgeUpdateSetup.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0" /installelevated /nomitagC:\Users\admin\AppData\Local\Temp\EU8D04.tmp\MicrosoftEdgeUpdateSetup.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.185.21
Modules
Images
c:\users\admin\appdata\local\temp\eu8d04.tmp\microsoftedgeupdatesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
2016"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2196 --field-trial-handle=1052,i,12538878330694553815,17325431286869797945,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.140\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2028"C:\Program Files\Microsoft\EdgeUpdate\Install\{39DED9F4-02A5-4043-AA59-12EF16692951}\EDGEMITMP_FC462.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1C:\Program Files\Microsoft\EdgeUpdate\Install\{39DED9F4-02A5-4043-AA59-12EF16692951}\EDGEMITMP_FC462.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Installer
Exit code:
99
Version:
109.0.1518.140
Modules
Images
c:\program files\microsoft\edgeupdate\install\{39ded9f4-02a5-4043-aa59-12ef16692951}\edgemitmp_fc462.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
2160"C:\Program Files\Internet Explorer\iexplore.exe" "https://skh731.com/install.zip?c=ADre8GWQQwUA51sCAENPFwASAAAAAAAE"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
62 250
Read events
58 242
Write events
3 764
Delete events
244

Modification events

(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
245182176
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31093969
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
545338426
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31093969
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2160) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
311
Suspicious files
95
Text files
274
Unknown types
167

Dropped files

PID
Process
Filename
Type
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:1BAB3D657CEE7A4CE1CF1C95C3A5752F
SHA256:18B89CEE6DD772E29BE36906CD0D2F8BAF6D667BE63D3B8B48307D12CDD90C6D
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:66B81647933D2D0B4F3F9E185E56F680
SHA256:11FE0D746FB541F81756ADB87EAC8737054E362D6AC8C3F879144C778969E6E2
2160iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Ader
MD5:16D4A0DC403B6006EDB4B06FCAD506E2
SHA256:464BA1031E74588F441187B5BECC8FD51365DEC42DAB619C05DE54226EA69E71
2160iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Abinary
MD5:C652355745C62EFCCF599AE77847D14F
SHA256:E1F482F1432E311C39FB3105E786DC023EC1946AB5699C831D22992E66E68969
2160iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
2160iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3720iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:95703F1C45F8F377857ED0AE750331F3
SHA256:346886546649A9BA85846BA12A55CBCFB0D74841BC50F0A971F383DC687524C3
3720iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\education-online-books[1].htmtext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
3720iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\pretty-blonde-woman[1].htmtext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
3720iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\portrait-beautiful-young-woman-standing-grey-wall[1].htmtext
MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
116
DNS requests
90
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2160
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D
unknown
binary
471 b
unknown
2160
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D
unknown
binary
471 b
unknown
3720
iexplore.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEmjnEcAcBIRCdkf7NhadAI%3D
unknown
binary
471 b
unknown
3720
iexplore.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCRd4hKrA6aBAnnS3UYBsso
unknown
binary
472 b
unknown
3720
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
binary
471 b
unknown
3720
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
binary
471 b
unknown
856
svchost.exe
HEAD
200
152.199.19.161:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d87a3bbd-7fe5-4ec3-b806-293cca78b363?P1=1710889326&P2=404&P3=2&P4=XYOaiblExESvnGHDBReHzqEQHAqj9JNJueOfTSSx%2f4HRBcJVvtpvd%2btBVjaog824jUu0mh8NZtANWHha9UQ3NA%3d%3d
unknown
unknown
856
svchost.exe
GET
200
152.199.19.161:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d87a3bbd-7fe5-4ec3-b806-293cca78b363?P1=1710889326&P2=404&P3=2&P4=XYOaiblExESvnGHDBReHzqEQHAqj9JNJueOfTSSx%2f4HRBcJVvtpvd%2btBVjaog824jUu0mh8NZtANWHha9UQ3NA%3d%3d
unknown
executable
122 Mb
unknown
3720
iexplore.exe
GET
304
2.20.71.143:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?927e0d673a39dd41
unknown
unknown
3720
iexplore.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown
3720
iexplore.exe
172.67.141.43:443
skh731.com
CLOUDFLARENET
US
unknown
2160
iexplore.exe
23.204.95.80:443
www.bing.com
Akamai International B.V.
CL
unknown
3720
iexplore.exe
2.20.71.143:80
ctldl.windowsupdate.com
Akamai International B.V.
NL
unknown
3720
iexplore.exe
172.217.16.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2160
iexplore.exe
2.20.71.143:80
ctldl.windowsupdate.com
Akamai International B.V.
NL
unknown
2160
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3720
iexplore.exe
216.58.206.74:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
skh731.com
  • 172.67.141.43
  • 104.21.33.45
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 23.204.95.80
  • 23.204.95.114
  • 23.204.95.106
  • 23.204.95.105
  • 23.204.95.98
  • 23.204.95.88
  • 23.204.95.81
  • 23.204.95.96
  • 23.204.95.97
  • 23.204.95.107
  • 23.204.95.113
  • 23.204.95.104
  • 23.204.95.112
whitelisted
ctldl.windowsupdate.com
  • 2.20.71.143
  • 2.20.71.234
whitelisted
ocsp.pki.goog
  • 172.217.16.131
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
fonts.googleapis.com
  • 216.58.206.74
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
ieonline.microsoft.com
  • 204.79.197.200
whitelisted

Threats

PID
Process
Class
Message
856
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://skh731.com/install.zip?c=ADre8GWQQwUA51sCAENPFwASAAAAAAAE