File name:	AceSetup.exe
Full analysis:	https://app.any.run/tasks/fec88614-5160-4605-84c9-af44512b9e3b
Verdict:	Malicious activity
Analysis date:	April 04, 2026, 21:49:06
OS:	Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32+ executable (GUI) x86-64, for MS Windows, 11 sections
MD5:	B219A75B950338E67E9248FD5AB69619
SHA1:	93922CFB4C222E5C8E596B5130E2A47794C81044
SHA256:	005930DAFC3191268EAAC65DB75B81DD44671FADD1AA9E12CAF44A6EAF8C2E0D
SSDEEP:	98304:J16zOwJ2TtI/0ymWxU+lvtn2cRfOBYFgByUrSA4ouht+I1bPESAmep3XAhIeX178:Rp3X6YZVcE8mBzogP9

.exe	\|	Generic Win/DOS Executable (50)
.exe	\|	DOS Executable Generic (49.9)

MachineType:	AMD AMD64
TimeStamp:	0000:00:00 00:00:00
ImageFileCharacteristics:	Executable, Large address aware
PEType:	PE32+
LinkerVersion:	14
CodeSize:	3869696
InitializedDataSize:	8240128
UninitializedDataSize:	-
EntryPoint:	0x371d50
OSVersion:	10
ImageVersion:	-
SubsystemVersion:	10
Subsystem:	Windows GUI
FileVersionNumber:	143.0.7514.0
ProductVersionNumber:	143.0.7514.0
FileFlagsMask:	0x0017
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	BrowseAI LLC
FileDescription:	Ace Installer (x64)
FileVersion:	143.0.7514.0
InternalName:	Ace Installer (x64)
LegalCopyright:	Copyright 1970 The BrowseAI LLC Authors. All rights reserved.
OriginalFileName:	UpdaterSetup.exe
ProductName:	Ace Installer (x64)
ProductVersion:	143.0.7514.0
CompanyShortName:	BrowseAI LLC
ProductShortName:	AceUpdater
LastChange:	0000000000000000000000000000000000000000
OfficialBuild:	1


(PID) Process:	(2524) slui.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\3d\52C64B7E
Operation:	write	Name:	@%SystemRoot%\System32\sppcomapi.dll,-3200
Value: Software Licensing
(PID) Process:	(5548) updater.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F62A668-F2CD-5EE5-AF96-D5E810082767}
Operation:	write	Name:	AppID
Value: {4F62A668-F2CD-5EE5-AF96-D5E810082767}
(PID) Process:	(5548) updater.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4F62A668-F2CD-5EE5-AF96-D5E810082767}
Operation:	write	Name:	LocalService
Value: AceUpdaterService143.0.7514.0
(PID) Process:	(5548) updater.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4F62A668-F2CD-5EE5-AF96-D5E810082767}
Operation:	write	Name:	ServiceParameters
Value: --com-service
(PID) Process:	(5548) updater.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{283209B7-C761-41CA-BE8D-B5321CD78FD6}
Operation:	write	Name:	AppID
Value: {283209B7-C761-41CA-BE8D-B5321CD78FD6}
(PID) Process:	(5548) updater.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E0425C1F-4263-4BA5-9328-423470344FC0}\TypeLib
Operation:	write	Name:	Version
Value: 1.0
(PID) Process:	(5548) updater.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0425C1F-4263-4BA5-9328-423470344FC0}\TypeLib
Operation:	write	Name:	Version
Value: 1.0
(PID) Process:	(5548) updater.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7DA4837-09FF-4355-BFE1-30598E40F41A}\TypeLib
Operation:	write	Name:	Version
Value: 1.0
(PID) Process:	(5548) updater.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7DA4837-09FF-4355-BFE1-30598E40F41A}\TypeLib
Operation:	write	Name:	Version
Value: 1.0
(PID) Process:	(5548) updater.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D45CFCE3-5297-4D0B-925E-1924A32A7452}\TypeLib
Operation:	write	Name:	Version
Value: 1.0

PID	Process	Filename		Type
4308	AceSetup.exe	C:\Users\admin\AppData\Local\Temp\Ace4308_1259004321\UPDATER.PACKED.7Z		—
		MD5:—	SHA256:—
4308	AceSetup.exe	C:\Users\admin\AppData\Local\Temp\Ace4308_1969508865\updater.7z		—
		MD5:—	SHA256:—
5548	updater.exe	C:\Program Files (x86)\Ace\AceUpdater\prefs.json		binary
		MD5:078F49F3BE050B7642142E6BF0B50B1B	SHA256:C49632AF4674FE9D9CE718228D2B74AA8519CE1E0C2F74D9ED8798B26BDF0B50
4308	AceSetup.exe	C:\Users\admin\AppData\Local\Temp\Ace4308_1969508865\bin\uninstall.cmd		binary
		MD5:37B06E59CF1AB59705A9B621A76E0BF1	SHA256:4C7FB6EDC3BDC0F12B11B3669F27DC7274EE0642EE0E00FE5B1A04D96A009DBD
1180	updater.exe	C:\Program Files (x86)\Ace\AceUpdater\143.0.7514.0\updater.exe		binary
		MD5:DCB9128E17C6E9E25F5D69B6F84E35EC	SHA256:ACED4EF02FA4E8B6040F6FD3BE126CB68C8686778A7E2FDC6274E3F06C7742F4
1180	updater.exe	C:\Program Files (x86)\Ace\AceUpdater\updater.log		binary
		MD5:08A47A588A718CDD2F51759FC42A9404	SHA256:3E8DBC32D23E06D45DF15768FF5D5A4B7B986466F38E2EC1021EC16A98AF4EB3
4308	AceSetup.exe	C:\Users\admin\AppData\Local\Temp\Ace4308_1969508865\bin\updater.exe		binary
		MD5:DCB9128E17C6E9E25F5D69B6F84E35EC	SHA256:ACED4EF02FA4E8B6040F6FD3BE126CB68C8686778A7E2FDC6274E3F06C7742F4
1180	updater.exe	C:\Program Files (x86)\Ace\AceUpdater\143.0.7514.0\uninstall.cmd		binary
		MD5:37B06E59CF1AB59705A9B621A76E0BF1	SHA256:4C7FB6EDC3BDC0F12B11B3669F27DC7274EE0642EE0E00FE5B1A04D96A009DBD
5548	updater.exe	C:\Program Files (x86)\Ace\AceUpdater\143.0.7514.0\2eb28e5c-8d7f-49ad-b03c-b1b25bd1eb4e.tmp		binary
		MD5:AA2D0C0C72BB528CF4168EA91C1C9A56	SHA256:E03E9D262CA3B7D19E37C3A69C7D8B46BD3F5542AA555A17D864071C28257B2C
1180	updater.exe	C:\Program Files (x86)\Ace\AceUpdater\prefs.json		binary
		MD5:1E53B935C07311B38DDA51900A35555F	SHA256:C60A6B88BCA5DA2484854E7265BB82642FD1B929156BAFE8C11E5E721B7A8D28

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3156	updater.exe	GET	—	104.20.31.107:443	https://media.ace.ai/media/versions/ace/mini_installer___ACE-update-143-0-7514-0___x64___20260331130005.crx3	US	—	—	unknown
7784	svchost.exe	GET	200	23.48.23.143:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	NL	binary	825 b	whitelisted
5276	MoUsoCoreWorker.exe	GET	200	88.221.169.152:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	US	binary	814 b	whitelisted
7784	svchost.exe	GET	200	88.221.169.152:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	US	binary	814 b	whitelisted
—	—	POST	200	172.66.160.227:443	https://browser.ace.ai/analytics	US	binary	2 b	unknown
2524	slui.exe	POST	500	48.192.1.64:443	https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail	US	—	—	whitelisted
3156	updater.exe	POST	200	34.8.74.205:443	https://update.ace.ai/ace/service/update2/json/fb5bf2ba-306e-11f1-a669-5659c2b1882a@fb5be9fa-306e-11f1-a669-5659c2b1882a@gs_23566648955_196381223707_802980954933@image	US	binary	117 b	unknown
4308	AceSetup.exe	POST	200	104.20.31.107:443	https://browser.ace.ai/analytics	US	—	2 b	unknown
2524	slui.exe	POST	500	48.192.1.64:443	https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail	US	—	512 b	whitelisted
3156	updater.exe	POST	200	34.8.74.205:443	https://update.ace.ai/ace/service/update2/json/fb5bf2ba-306e-11f1-a669-5659c2b1882a@fb5be9fa-306e-11f1-a669-5659c2b1882a@gs_23566648955_196381223707_802980954933@image	US	—	117 b	unknown

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	Not routed	—	whitelisted
—	—	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
—	—	48.192.1.64:443	activation-v2.sls.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
—	—	2.16.241.218:443	www.bing.com	AKAMAI-ASN1	NL	whitelisted
4	System	192.168.100.255:138	—	Not routed	—	whitelisted
7784	svchost.exe	23.48.23.143:80	crl.microsoft.com	AKAMAI-ASN1	NL	whitelisted
7784	svchost.exe	88.221.169.152:80	www.microsoft.com	AKAMAI-AS	US	whitelisted
5276	MoUsoCoreWorker.exe	88.221.169.152:80	www.microsoft.com	AKAMAI-AS	US	whitelisted
—	—	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
5276	MoUsoCoreWorker.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted

Domain	IP	Reputation
settings-win.data.microsoft.com	20.73.194.208 4.231.128.59	whitelisted
activation-v2.sls.microsoft.com	48.192.1.64	whitelisted
www.bing.com	2.16.241.218 2.16.241.201	whitelisted
google.com	142.251.110.113 142.251.110.100 142.251.110.139 142.251.110.138 142.251.110.101 142.251.110.102	whitelisted
crl.microsoft.com	23.48.23.143 23.48.23.156 2.16.164.120 2.16.164.49	whitelisted
www.microsoft.com	88.221.169.152 23.59.18.102	whitelisted
browser.ace.ai	104.20.31.107 172.66.160.227	unknown
update.ace.ai	34.8.74.205	whitelisted
dl.google.com	192.178.183.190 192.178.183.91 192.178.183.136 192.178.183.93	whitelisted
media.ace.ai	104.20.31.107 172.66.160.227	whitelisted

PID	Process	Class	Message
—	—	Misc activity	ET INFO Observed UA-CPU Header
1180	updater.exe	Misc activity	ET INFO Observed UA-CPU Header

General Info

AceSetup.exe

B219A75B950338E67E9248FD5AB69619

93922CFB4C222E5C8E596B5130E2A47794C81044

005930DAFC3191268EAAC65DB75B81DD44671FADD1AA9E12CAF44A6EAF8C2E0D

98304:J16zOwJ2TtI/0ymWxU+lvtn2cRfOBYFgByUrSA4ouht+I1bPESAmep3XAhIeX178:Rp3X6YZVcE8mBzogP9

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Executing a file with an untrusted certificate

SUSPICIOUS

Reads the date of Windows installation

Application launched itself

Executes as Windows Service

INFO

Reads security settings of Internet Explorer

Reads the computer name

Checks supported languages

The sample compiled with english language support

Reads the machine GUID from the registry

Create files in a temporary directory

Process checks whether UAC notifications are on

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings