File name:

mysummercar.exe

Full analysis: https://app.any.run/tasks/4a0554e5-2858-4b20-be88-d63d96238604
Verdict: Malicious activity
Analysis date: March 19, 2025, 13:57:28
OS: Windows 11 Professional (build: 22000, 64 bit)
Tags:
meshagent
icmp
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 10 sections
MD5:

7C37795F08588D952C4B3289DE7AB2EA

SHA1:

D364449989AF92352DE044293DFFEBF7CF44E445

SHA256:

FFC59CCBF20AF4DFF5C1406A434F616893AD2242BE879B215E17DEBE0DA1C0B0

SSDEEP:

98304:ndyVR+YY+T5xOiHMVhuwjDeFslVZhyboHUNZLDN4qJLy55aoNlXElzR3I/mXqBlq:qgCyNVDTIh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • mysummercar.exe (PID: 3404)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • GameBar.exe (PID: 3296)

    • Reads the Internet Settings

      • GameBar.exe (PID: 3296)

    • There is functionality for sending ICMP (YARA)

      • mysummercar.exe (PID: 3404)

    • MeshAgent potential remote access (YARA)

      • mysummercar.exe (PID: 3404)

    • There is functionality for taking screenshot (YARA)

      • mysummercar.exe (PID: 3404)

  • INFO

    • The sample compiled with english language support

      • mysummercar.exe (PID: 3404)

    • Reads the time zone

      • GameBar.exe (PID: 3296)

    • Checks supported languages

      • GameBar.exe (PID: 3296)
      • GameBarFTServer.exe (PID: 3972)

    • Reads the computer name

      • GameBarFTServer.exe (PID: 3972)
      • GameBar.exe (PID: 3296)

    • Creates files or folders in the user directory

      • GameBarFTServer.exe (PID: 3972)
      • GameBar.exe (PID: 3296)

    • Reads CPU info

      • GameBar.exe (PID: 3296)

    • Reads Environment values

      • GameBarFTServer.exe (PID: 3972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2015:02:24 17:12:45+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 10
CodeSize: 13718528
InitializedDataSize: 5768704
UninitializedDataSize: -
EntryPoint: 0x691930
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
FileVersionNumber: 5.0.0.39095
ProductVersionNumber: 5.0.0.39095
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 5.0.0.6002871
ProductVersion: 5.0.0.6002871
UnityVersion: 5.0.0f4_5b98b70ebeb9
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
107
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #MESHAGENT mysummercar.exe no specs gamebar.exe gamebarftserver.exe

Process information

PID
CMD
Path
Indicators
Parent process
3296"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mcaC:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBar.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Xbox Game Bar
Version:
5.822.06271.0
Modules
Images
c:\program files\windowsapps\microsoft.xboxgamingoverlay_5.822.6271.0_x64__8wekyb3d8bbwe\gamebar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3404"C:\Users\admin\Desktop\mysummercar.exe" C:\Users\admin\Desktop\mysummercar.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Version:
5.0.0.6002871
Modules
Images
c:\users\admin\desktop\mysummercar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3972"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe" -EmbeddingC:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Xbox Game Bar Full Trust COM Server
Version:
5.822.06271.0
Modules
Images
c:\program files\windowsapps\microsoft.xboxgamingoverlay_5.822.6271.0_x64__8wekyb3d8bbwe\gamebarftserver.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
Total events
9 444
Read events
9 432
Write events
12
Delete events
0

Modification events

(PID) Process:(3296) GameBar.exeKey:\REGISTRY\A\{fb503574-6250-4e3c-ad22-6b2593142a98}\LocalState
Operation:writeName:InstalledVersionMajor
Value:
05001C4D54E5D698DB01
(PID) Process:(3296) GameBar.exeKey:\REGISTRY\A\{fb503574-6250-4e3c-ad22-6b2593142a98}\LocalState
Operation:writeName:InstalledVersionMinor
Value:
36031C4D54E5D698DB01
(PID) Process:(3296) GameBar.exeKey:\REGISTRY\A\{fb503574-6250-4e3c-ad22-6b2593142a98}\LocalState
Operation:writeName:InstalledVersionBuild
Value:
7F181C4D54E5D698DB01
(PID) Process:(3296) GameBar.exeKey:\REGISTRY\A\{fb503574-6250-4e3c-ad22-6b2593142a98}\LocalState
Operation:writeName:InstalledVersionRevision
Value:
00001C4D54E5D698DB01
(PID) Process:(3296) GameBar.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.xboxgamingoverlay_8wekyb3d8bbwe\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3296) GameBar.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.xboxgamingoverlay_8wekyb3d8bbwe\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3296) GameBar.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.xboxgamingoverlay_8wekyb3d8bbwe\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3296) GameBar.exeKey:\REGISTRY\A\{fb503574-6250-4e3c-ad22-6b2593142a98}\LocalState
Operation:writeName:KGLOneSettingsVersion
Value:
750800003B24D4E6D698DB01
(PID) Process:(3296) GameBar.exeKey:\REGISTRY\A\{fb503574-6250-4e3c-ad22-6b2593142a98}\LocalState
Operation:writeName:KGLOneSettingsUri
Value:
680074007400700073003A002F002F0064006C006100730073006500740073002D00730073006C002E00780062006F0078006C006900760065002E0063006F006D002F007000750062006C00690063002F0063006F006E00740065006E0074002F006B0067006C002F00560065007200730069006F006E002F0032003100360035002F006B0067006C002E0032003100360035002E0063006F006D00700072006500730073006500640000003B24D4E6D698DB01
(PID) Process:(3296) GameBar.exeKey:\REGISTRY\A\{fb503574-6250-4e3c-ad22-6b2593142a98}\LocalState
Operation:writeName:KGLOneSettingsHash
Value:
420042003300350037003100460034003900360045003100420038003000350033003200450039003400390046003200370033003700380033003900300033004100420045003100430033003900380037004600370033004100410032003300390039004200410039004600350039003400330045003900390033003000460000003B24D4E6D698DB01
Executable files
0
Suspicious files
4
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3296GameBar.exeC:\Users\admin\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\INetCache\3I6S3GGB\ab[1].jsonbinary
MD5:B511D6CBD6CED678D532E8AC4E7D2E35
SHA256:FE8B42EECA01A1CA166CF0486D552AE6AABF2825E9B5F749A3BFB2B6FADD216A
3296GameBar.exeC:\Users\admin\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalState\profileDataSettings.txt~RF1672d3.TMPbinary
MD5:452516F224C76B421714DF6598174F4F
SHA256:FBEFDF698EB346C2D2C039027363A6D1219552D7366ED9C5C703AB82826EF223
3296GameBar.exeC:\Users\admin\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalState\profileDataSettings.txtbinary
MD5:A977933B53E1AF220D67111DDB472EA7
SHA256:4B2308BA30FA19F0ED74DEC85C5C1280A4265B570D83471FE370CFC2215424C4
3296GameBar.exeC:\Users\admin\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalState\profileDataSettings.txt.~tmpbinary
MD5:A977933B53E1AF220D67111DDB472EA7
SHA256:4B2308BA30FA19F0ED74DEC85C5C1280A4265B570D83471FE370CFC2215424C4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
19
DNS requests
13
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3640
svchost.exe
GET
200
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d9a11b5b0e7c76bb
DE
compressed
4.65 Kb
whitelisted
4576
MoUsoCoreWorker.exe
GET
200
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9ab9867f22237fa5
DE
compressed
4.65 Kb
whitelisted
1352
svchost.exe
GET
200
184.24.77.24:80
http://www.msftconnecttest.com/connecttest.txt
DE
text
22 b
whitelisted
2768
svchost.exe
GET
200
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?15be5abb986864ed
DE
compressed
7.61 Kb
whitelisted
2768
svchost.exe
GET
200
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?f5121d5bf6d77c0f
DE
compressed
7.61 Kb
whitelisted
2768
svchost.exe
GET
200
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?4c1c53e3976db8c9
DE
compressed
71.5 Kb
whitelisted
2768
svchost.exe
GET
200
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?c541ceb484cd6e74
DE
compressed
7.61 Kb
whitelisted
2768
svchost.exe
GET
200
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?e8295883656f7dad
DE
compressed
71.5 Kb
whitelisted
GET
200
13.107.5.91:443
https://www.xboxab.com/ab?gameid=AC70E74F8D1044C5894D0DC261838A8D
US
binary
340 b
whitelisted
POST
200
40.126.31.71:443
https://login.live.com/RST2.srf
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1352
svchost.exe
184.24.77.24:80
Akamai International B.V.
DE
unknown
4576
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4576
MoUsoCoreWorker.exe
23.50.131.200:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
whitelisted
3640
svchost.exe
40.126.32.72:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3640
svchost.exe
23.50.131.200:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
whitelisted
3296
GameBar.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
3296
GameBar.exe
13.107.5.91:443
www.xboxab.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3296
GameBar.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3828
smartscreen.exe
48.209.144.71:443
checkappexec.microsoft.com
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
whitelisted
ctldl.windowsupdate.com
  • 23.50.131.200
  • 23.50.131.216
whitelisted
login.live.com
  • 40.126.32.72
  • 20.190.160.5
  • 40.126.32.136
  • 20.190.160.128
  • 20.190.160.66
  • 40.126.32.138
  • 20.190.160.65
  • 20.190.160.67
  • 20.190.159.128
  • 40.126.31.130
  • 40.126.31.131
  • 20.190.159.73
  • 20.190.159.2
  • 40.126.31.128
  • 40.126.31.0
  • 40.126.31.73
whitelisted
www.xboxab.com
  • 13.107.5.91
whitelisted
lfghub-anonymous.xboxlive.com
whitelisted
checkappexec.microsoft.com
  • 48.209.144.71
whitelisted
dns.msftncsi.com
  • 131.107.255.255
whitelisted
self.events.data.microsoft.com
  • 20.44.10.122
whitelisted

Threats

PID
Process
Class
Message
1352
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Process
Message
GameBarFTServer.exe
[TRACE] The DiagOutputDir folder is accessible
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mysummercar.exe