| File name: | cFosSpeed 12.50.2525.exe |
| Full analysis: | https://app.any.run/tasks/99d5fee3-954d-4e23-b1dd-9787dc406922 |
| Verdict: | Malicious activity |
| Threats: | A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. |
| Analysis date: | May 29, 2024, 01:26:20 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5: | 79D4E2F1E160EAA72EB950BEC277D31B |
| SHA1: | 133A2173B799EAA2F112278647571E700845CF58 |
| SHA256: | FEC1505233F99008EB531C76782AD3B67F92FDFFA2CD2ABA8083F8F198AFC774 |
| SSDEEP: | 98304:Fv5nriRyXVUnqmtdRT5rjxI9T4X6N4EYeOMhu+MzoKA9wsi47+h2eta2h+KdMGLb:qs/TgYAoDc8rs2y |
MALICIOUS
Drops the executable file immediately after the start
- cFosSpeed 12.50.2525.exe (PID: 4068)
- cFosSpeed 12.50.2525.tmp (PID: 4084)
- setup.exe (PID: 2040)
- MicrosoftEdgeWebview2Setup.exe (PID: 1664)
SUSPICIOUS
Executable content was dropped or overwritten
- cFosSpeed 12.50.2525.exe (PID: 4068)
- cFosSpeed 12.50.2525.tmp (PID: 4084)
- setup.exe (PID: 2040)
- MicrosoftEdgeWebview2Setup.exe (PID: 1664)
Reads the Windows owner or organization settings
- cFosSpeed 12.50.2525.tmp (PID: 4084)
- setup.exe (PID: 2040)
Drops a system driver (possible attempt to evade defenses)
- cFosSpeed 12.50.2525.tmp (PID: 4084)
- setup.exe (PID: 2040)
Creates file in the systems drive root
- setup.exe (PID: 2040)
Suspicious use of NETSH.EXE
- setup.exe (PID: 2040)
Reads settings of System Certificates
- setup.exe (PID: 2040)
- MicrosoftEdgeUpdate.exe (PID: 1816)
Reads the Internet Settings
- setup.exe (PID: 2040)
- MicrosoftEdgeUpdate.exe (PID: 1816)
Starts a Microsoft application from unusual location
- MicrosoftEdgeWebview2Setup.exe (PID: 1664)
- MicrosoftEdgeUpdate.exe (PID: 1660)
Process drops legitimate windows executable
- setup.exe (PID: 2040)
- MicrosoftEdgeWebview2Setup.exe (PID: 1664)
- MicrosoftEdgeUpdate.exe (PID: 1660)
- cFosSpeed 12.50.2525.tmp (PID: 4084)
Starts itself from another location
- MicrosoftEdgeUpdate.exe (PID: 1660)
Disables SEHOP
- MicrosoftEdgeUpdate.exe (PID: 1660)
Creates/Modifies COM task schedule object
- MicrosoftEdgeUpdate.exe (PID: 1132)
Creates a software uninstall entry
- MicrosoftEdgeUpdate.exe (PID: 1660)
Executes as Windows Service
- MicrosoftEdgeUpdate.exe (PID: 2240)
Reads security settings of Internet Explorer
- MicrosoftEdgeUpdate.exe (PID: 1816)
Potential Corporate Privacy Violation
- setup.exe (PID: 2040)
Checks Windows Trust Settings
- MicrosoftEdgeUpdate.exe (PID: 1816)
INFO
Checks supported languages
- cFosSpeed 12.50.2525.exe (PID: 4068)
- cFosSpeed 12.50.2525.tmp (PID: 4084)
- setdrv.exe (PID: 2032)
- setup.exe (PID: 2040)
- wmpnscfg.exe (PID: 1864)
- MicrosoftEdgeWebview2Setup.exe (PID: 1664)
- MicrosoftEdgeUpdate.exe (PID: 1660)
- MicrosoftEdgeUpdate.exe (PID: 1588)
- MicrosoftEdgeUpdate.exe (PID: 1132)
- MicrosoftEdgeUpdate.exe (PID: 1816)
- MicrosoftEdgeUpdate.exe (PID: 1852)
- MicrosoftEdgeUpdate.exe (PID: 2240)
Reads the computer name
- cFosSpeed 12.50.2525.tmp (PID: 4084)
- setdrv.exe (PID: 2032)
- setup.exe (PID: 2040)
- wmpnscfg.exe (PID: 1864)
- MicrosoftEdgeUpdate.exe (PID: 1660)
- MicrosoftEdgeUpdate.exe (PID: 1588)
- MicrosoftEdgeUpdate.exe (PID: 1132)
- MicrosoftEdgeUpdate.exe (PID: 1852)
- MicrosoftEdgeUpdate.exe (PID: 2240)
- MicrosoftEdgeUpdate.exe (PID: 1816)
Create files in a temporary directory
- cFosSpeed 12.50.2525.exe (PID: 4068)
- setup.exe (PID: 2040)
- cFosSpeed 12.50.2525.tmp (PID: 4084)
- MicrosoftEdgeUpdate.exe (PID: 1816)
Creates files in the program directory
- cFosSpeed 12.50.2525.tmp (PID: 4084)
- setup.exe (PID: 2040)
- MicrosoftEdgeWebview2Setup.exe (PID: 1664)
Reads mouse settings
- setdrv.exe (PID: 2032)
Reads product name
- setup.exe (PID: 2040)
Reads the machine GUID from the registry
- setup.exe (PID: 2040)
Reads Windows Product ID
- setup.exe (PID: 2040)
Process checks computer location settings
- setup.exe (PID: 2040)
Disables trace logs
- setup.exe (PID: 2040)
Reads the software policy settings
- setup.exe (PID: 2040)
- MicrosoftEdgeUpdate.exe (PID: 1816)
- MicrosoftEdgeUpdate.exe (PID: 2240)
Manual execution by a user
- wmpnscfg.exe (PID: 1864)
Reads Environment values
- setup.exe (PID: 2040)
- MicrosoftEdgeUpdate.exe (PID: 1816)
Checks proxy server information
- MicrosoftEdgeUpdate.exe (PID: 1816)
Creates files or folders in the user directory
- MicrosoftEdgeUpdate.exe (PID: 1816)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Inno Setup installer (77.7) |
|---|---|---|
| .exe | | | Win32 Executable Delphi generic (10) |
| .dll | | | Win32 Dynamic Link Library (generic) (4.6) |
| .exe | | | Win32 Executable (generic) (3.1) |
| .exe | | | Win16/32 Executable Delphi generic (1.4) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 1992:06:19 22:22:17+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi |
| PEType: | PE32 |
| LinkerVersion: | 2.25 |
| CodeSize: | 37888 |
| InitializedDataSize: | 25600 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x9c14 |
| OSVersion: | 1 |
| ImageVersion: | 6 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 12.50.2525.0 |
| ProductVersionNumber: | 12.50.2525.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Neutral |
| CharacterSet: | Unicode |
| Comments: | This installation was built with Inno Setup. |
| CompanyName: | lrepacks.net |
| FileDescription: | cFosSpeed Setup |
| FileVersion: | 12.50.2525.0 |
| LegalCopyright: | Copyright 2007-2022 LRepacks |
| ProductName: | cFosSpeed |
| ProductVersion: | 12.50.2525 |
Total processes
51
Monitored processes
14
Malicious processes
6
Suspicious processes
1
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 328 | netsh int tcp show global | C:\Windows\System32\netsh.exe | — | setup.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Network Command Shell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1132 | "C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver | C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Exit code: 0 Version: 1.3.187.39 Modules
| |||||||||||||||
| 1588 | "C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc | C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Exit code: 0 Version: 1.3.187.39 Modules
| |||||||||||||||
| 1660 | "C:\Program Files\Microsoft\Temp\EUCCB3.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" | C:\Program Files\Microsoft\Temp\EUCCB3.tmp\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeWebview2Setup.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Version: 1.3.187.39 Modules
| |||||||||||||||
| 1664 | C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /install | C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | setup.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Setup Version: 1.3.187.39 Modules
| |||||||||||||||
| 1816 | "C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTVFMjgwMUEtOUMyNS00QzhDLTg1MzAtN0IyN0JERTM2RkFBfSIgdXNlcmlkPSJ7NEQ1RjZBQTEtOEYyNS00RDZBLUI1MzAtMjI1NjhFOEM0RkNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0M0U2N0UwQS1DRUMzLTRCRUMtQjAwRC04NUIwNTZENjk5MzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iMyIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4yNDU0NiIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRFTEwiIHByb2R1Y3RfbmFtZT0iREVMTCIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3NS4yOSIgbmV4dHZlcnNpb249IjEuMy4xODcuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNjgyODkwNjI1IiBpbnN0YWxsX3RpbWVfbXM9Ijg5MSIvPjwvYXBwPjwvcmVxdWVzdD4 | C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | MicrosoftEdgeUpdate.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Exit code: 0 Version: 1.3.187.39 Modules
| |||||||||||||||
| 1852 | "C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{E5E2801A-9C25-4C8C-8530-7B27BDE36FAA}" /silent | C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Update Version: 1.3.187.39 Modules
| |||||||||||||||
| 1864 | "C:\Program Files\Windows Media Player\wmpnscfg.exe" | C:\Program Files\Windows Media Player\wmpnscfg.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Media Player Network Sharing Service Configuration Application Exit code: 0 Version: 12.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 2032 | "C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\setdrv.exe" | C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\setdrv.exe | — | cFosSpeed 12.50.2525.tmp | |||||||||||
User: admin Integrity Level: HIGH Version: 3, 3, 6, 0 Modules
| |||||||||||||||
| 2040 | "C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\setup.exe" | C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\setup.exe | cFosSpeed 12.50.2525.tmp | ||||||||||||
User: admin Company: cFos Software GmbH Integrity Level: HIGH Description: cFosSpeed Installer Version: 12.50.2525 Modules
| |||||||||||||||
Total events
18 746
Read events
16 371
Write events
2 277
Delete events
98
Modification events
| (PID) Process: | (4084) cFosSpeed 12.50.2525.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | Owner |
Value: F40F000082E4223B67B1DA01 | |||
| (PID) Process: | (4084) cFosSpeed 12.50.2525.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | SessionHash |
Value: E89D3B5658B72A8BD01FB4638044BFE891CF2F48D3E8415E3F5FC5A22F4F3991 | |||
| (PID) Process: | (4084) cFosSpeed 12.50.2525.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | Sequence |
Value: 1 | |||
| (PID) Process: | (4084) cFosSpeed 12.50.2525.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | RegFiles0000 |
Value: C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\cfosspeed.exe | |||
| (PID) Process: | (4084) cFosSpeed 12.50.2525.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | RegFilesHash |
Value: 0C80CC87EA304DC091B465E3D43066C4ACA1D36EA47896CDD2F2F17878EF107C | |||
| (PID) Process: | (328) netsh.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (328) netsh.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E |
| Operation: | write | Name: | @%SystemRoot%\system32\dhcpqec.dll,-100 |
Value: DHCP Quarantine Enforcement Client | |||
| (PID) Process: | (328) netsh.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E |
| Operation: | write | Name: | @%SystemRoot%\system32\dhcpqec.dll,-101 |
Value: Provides DHCP based enforcement for NAP | |||
| (PID) Process: | (328) netsh.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E |
| Operation: | write | Name: | @%SystemRoot%\system32\dhcpqec.dll,-103 |
Value: 1.0 | |||
| (PID) Process: | (328) netsh.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E |
| Operation: | write | Name: | @%SystemRoot%\system32\dhcpqec.dll,-102 |
Value: Microsoft Corporation | |||
Executable files
312
Suspicious files
21
Text files
1 845
Unknown types
12
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 4084 | cFosSpeed 12.50.2525.tmp | C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\_isetup\_RegDLL.tmp | executable | |
MD5:0EE914C6F0BB93996C75941E1AD629C6 | SHA256:4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2 | |||
| 4084 | cFosSpeed 12.50.2525.tmp | C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\is-6M1JF.tmp | text | |
MD5:D5A84EF1B9607184B8B6CE59565FF813 | SHA256:AF0C92C9A299D4A22B4661C69DF00DA6C2071A980E2C09AF4D3841E6AEEBF06E | |||
| 4068 | cFosSpeed 12.50.2525.exe | C:\Users\admin\AppData\Local\Temp\is-KV5HF.tmp\cFosSpeed 12.50.2525.tmp | executable | |
MD5:39A780FDB20F03E789EFBC1106CCA6E1 | SHA256:5B033615584AF02DDE32E9303F1FA110E24D806315F7F975427BE525D1767CDF | |||
| 4084 | cFosSpeed 12.50.2525.tmp | C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\is-286VP.tmp | text | |
MD5:4B26B566A65391650D74D95591668176 | SHA256:6CCD720E17D6867CEFAB70056E4F6766654B34CF7A6189ACC9138D67FBC4CF09 | |||
| 4084 | cFosSpeed 12.50.2525.tmp | C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\install.ini | text | |
MD5:D5A84EF1B9607184B8B6CE59565FF813 | SHA256:AF0C92C9A299D4A22B4661C69DF00DA6C2071A980E2C09AF4D3841E6AEEBF06E | |||
| 4084 | cFosSpeed 12.50.2525.tmp | C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\VclStylesInno.dll | executable | |
MD5:B0CA93CEB050A2FEFF0B19E65072BBB5 | SHA256:0E93313F42084D804B9AC4BE53D844E549CFCAF19E6F276A3B0F82F01B9B2246 | |||
| 4084 | cFosSpeed 12.50.2525.tmp | C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\is-7RL7Q.tmp | text | |
MD5:6F5482D19B8069919BD34B3647AA2690 | SHA256:56A3CC70CF350D90D3AF10B7CC562CAB76E272A3AF9E93F203C5CDE4BEE41421 | |||
| 4084 | cFosSpeed 12.50.2525.tmp | C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\default_settings.ini | text | |
MD5:1D47B473250537EF75BBBD1474C49D7C | SHA256:437B71CBEEDD0D07896BA188001B8352ABBDDAE2226BBD381AE64280946BFE04 | |||
| 4084 | cFosSpeed 12.50.2525.tmp | C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\WizardForm.BitmapImage1.bmp | image | |
MD5:48386BC24D46A3FAC0056AB765A597A1 | SHA256:55E4D15D42D4983C2D3A4E0ABD07EFF703929FAE4DD33115F008BE346D501036 | |||
| 4084 | cFosSpeed 12.50.2525.tmp | C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\is-440FO.tmp | text | |
MD5:89AC2D3232149F6C00251DE9162FA6E3 | SHA256:0AF8F1B807512AAE39C2AC1AA4D0CAE65CABECB6FD554B8439A5162A0D6ECA55 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
18
DNS requests
9
Threats
2
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
2040 | setup.exe | GET | 301 | 23.214.121.169:80 | http://go.microsoft.com/fwlink/p/?LinkId=2124703 | unknown | — | — | unknown |
1816 | MicrosoftEdgeUpdate.exe | GET | 304 | 199.232.210.172:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bb849f2003417ceb | unknown | — | — | unknown |
884 | svchost.exe | GET | — | 199.232.214.172:80 | http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d87a3bbd-7fe5-4ec3-b806-293cca78b363?P1=1717550895&P2=404&P3=2&P4=PcEGM6egcAVk2thuswLXomi1%2bpUxaCB8YPw8YZRarR1YUXvFJ86uEP2l2oI%2ftRjiBJWJm%2fn8D44uaM%2bc9EXW1Q%3d%3d | unknown | — | — | unknown |
1816 | MicrosoftEdgeUpdate.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D | unknown | — | — | unknown |
884 | svchost.exe | HEAD | 200 | 199.232.214.172:80 | http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d87a3bbd-7fe5-4ec3-b806-293cca78b363?P1=1717550895&P2=404&P3=2&P4=PcEGM6egcAVk2thuswLXomi1%2bpUxaCB8YPw8YZRarR1YUXvFJ86uEP2l2oI%2ftRjiBJWJm%2fn8D44uaM%2bc9EXW1Q%3d%3d | unknown | — | — | unknown |
2040 | setup.exe | GET | 200 | 2.19.122.202:80 | http://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/f9e20864-dafb-4728-8a89-5879d36301b7/MicrosoftEdgeWebview2Setup.exe | unknown | — | — | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 224.0.0.252:5355 | — | — | — | unknown |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
1088 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
2040 | setup.exe | 23.214.121.169:443 | go.microsoft.com | AKAMAI-AS | GB | unknown |
2040 | setup.exe | 2.19.122.202:443 | msedge.sf.dl.delivery.mp.microsoft.com | Akamai International B.V. | DE | unknown |
2040 | setup.exe | 23.214.121.169:80 | go.microsoft.com | AKAMAI-AS | GB | unknown |
2040 | setup.exe | 2.19.122.202:80 | msedge.sf.dl.delivery.mp.microsoft.com | Akamai International B.V. | DE | unknown |
1816 | MicrosoftEdgeUpdate.exe | 13.107.42.16:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
2240 | MicrosoftEdgeUpdate.exe | 20.7.47.135:443 | msedge.api.cdp.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
cfos.de |
| unknown |
go.microsoft.com |
| whitelisted |
msedge.sf.dl.delivery.mp.microsoft.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
msedge.api.cdp.microsoft.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
msedge.f.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
2040 | setup.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
884 | svchost.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
Process | Message |
|---|---|
setup.exe | Unable to open device 'CFOSSPEED$D'.
|