File name:

iNFekt-v1.3.0-setup.exe

Full analysis: https://app.any.run/tasks/e55661d9-5e97-4e01-aacb-83740df69c83
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: June 04, 2025, 06:39:21
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
adware
delphi
inno
installer
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

88EC388E7FC19930BF4EF6248B14B392

SHA1:

479D1AB3ECDA72096E44B0A6EF22D872FC5C0A6D

SHA256:

1E2CF1653B4CC8E1DBB724C3EA0DB99D51E4985E6A1D2AA20D883B6B917D2AA6

SSDEEP:

98304:m+cD4dnFAULQd3e1v8MqKcYAMj9yr4vB6ZHobOrHjOSun4gBVASAONqynynD0ZYO:Q6mnqV/WYP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • iNFekt-v1.3.0-setup.tmp (PID: 1052)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iNFekt-v1.3.0-setup.exe (PID: 6816)
      • iNFekt-v1.3.0-setup.exe (PID: 3124)
      • iNFekt-v1.3.0-setup.tmp (PID: 1052)
      • vcredist_x64.exe (PID: 1472)
      • vcredist_x64.exe (PID: 1760)
      • VC_redist.x64.exe (PID: 2316)
      • VC_redist.x64.exe (PID: 1176)
      • VC_redist.x64.exe (PID: 4648)

    • Reads security settings of Internet Explorer

      • iNFekt-v1.3.0-setup.tmp (PID: 2652)
      • iNFekt-v1.3.0-setup.tmp (PID: 1052)
      • vcredist_x64.exe (PID: 1760)

    • Reads the Windows owner or organization settings

      • iNFekt-v1.3.0-setup.tmp (PID: 1052)

    • Process drops legitimate windows executable

      • iNFekt-v1.3.0-setup.tmp (PID: 1052)
      • vcredist_x64.exe (PID: 1472)
      • vcredist_x64.exe (PID: 1760)
      • VC_redist.x64.exe (PID: 2316)
      • msiexec.exe (PID: 7948)
      • VC_redist.x64.exe (PID: 4648)

    • Starts a Microsoft application from unusual location

      • vcredist_x64.exe (PID: 1472)
      • VC_redist.x64.exe (PID: 2316)
      • vcredist_x64.exe (PID: 1760)

    • Starts itself from another location

      • vcredist_x64.exe (PID: 1760)

    • Executes as Windows Service

      • VSSVC.exe (PID: 4980)

    • Searches for installed software

      • dllhost.exe (PID: 1676)
      • vcredist_x64.exe (PID: 1760)

    • There is functionality for taking screenshot (YARA)

      • iNFekt-v1.3.0-setup.tmp (PID: 1052)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 7948)

    • Application launched itself

      • VC_redist.x64.exe (PID: 2320)
      • VC_redist.x64.exe (PID: 1176)

  • INFO

    • Create files in a temporary directory

      • iNFekt-v1.3.0-setup.exe (PID: 6816)
      • iNFekt-v1.3.0-setup.exe (PID: 3124)
      • iNFekt-v1.3.0-setup.tmp (PID: 1052)
      • vcredist_x64.exe (PID: 1760)

    • Checks supported languages

      • iNFekt-v1.3.0-setup.exe (PID: 6816)
      • iNFekt-v1.3.0-setup.exe (PID: 3124)
      • iNFekt-v1.3.0-setup.tmp (PID: 2652)
      • iNFekt-v1.3.0-setup.tmp (PID: 1052)
      • vcredist_x64.exe (PID: 1472)
      • VC_redist.x64.exe (PID: 2316)
      • vcredist_x64.exe (PID: 1760)

    • Reads the computer name

      • iNFekt-v1.3.0-setup.tmp (PID: 2652)
      • iNFekt-v1.3.0-setup.tmp (PID: 1052)
      • vcredist_x64.exe (PID: 1472)
      • VC_redist.x64.exe (PID: 2316)
      • vcredist_x64.exe (PID: 1760)

    • Process checks computer location settings

      • iNFekt-v1.3.0-setup.tmp (PID: 2652)
      • vcredist_x64.exe (PID: 1760)

    • Checks proxy server information

      • iNFekt-v1.3.0-setup.tmp (PID: 1052)

    • Reads the machine GUID from the registry

      • iNFekt-v1.3.0-setup.tmp (PID: 1052)

    • Detects InnoSetup installer (YARA)

      • iNFekt-v1.3.0-setup.exe (PID: 6816)
      • iNFekt-v1.3.0-setup.tmp (PID: 2652)
      • iNFekt-v1.3.0-setup.exe (PID: 3124)
      • iNFekt-v1.3.0-setup.tmp (PID: 1052)

    • Reads the software policy settings

      • iNFekt-v1.3.0-setup.tmp (PID: 1052)

    • The sample compiled with english language support

      • iNFekt-v1.3.0-setup.tmp (PID: 1052)
      • vcredist_x64.exe (PID: 1472)
      • vcredist_x64.exe (PID: 1760)
      • VC_redist.x64.exe (PID: 2316)
      • msiexec.exe (PID: 7948)
      • VC_redist.x64.exe (PID: 1176)
      • VC_redist.x64.exe (PID: 4648)

    • Compiled with Borland Delphi (YARA)

      • iNFekt-v1.3.0-setup.exe (PID: 6816)
      • iNFekt-v1.3.0-setup.tmp (PID: 2652)
      • iNFekt-v1.3.0-setup.exe (PID: 3124)
      • iNFekt-v1.3.0-setup.tmp (PID: 1052)

    • Manages system restore points

      • SrTasks.exe (PID: 4844)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 7948)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 89600
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: syndicode
FileDescription: iNFekt NFO Viewer Setup
FileVersion:
LegalCopyright: Copyright © 2010-2022 syndicode
OriginalFileName:
ProductName: iNFekt NFO Viewer
ProductVersion: 1.3.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
149
Monitored processes
18
Malicious processes
4
Suspicious processes
4

Behavior graph

Click at the process to see the details
start infekt-v1.3.0-setup.exe infekt-v1.3.0-setup.tmp no specs infekt-v1.3.0-setup.exe infekt-v1.3.0-setup.tmp vcredist_x64.exe vcredist_x64.exe vc_redist.x64.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe vc_redist.x64.exe no specs vc_redist.x64.exe vc_redist.x64.exe regsvr32.exe no specs infekt-win64.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
1052"C:\Users\admin\AppData\Local\Temp\is-F02O1.tmp\iNFekt-v1.3.0-setup.tmp" /SL5="$B0314,2812846,832512,C:\Users\admin\Desktop\iNFekt-v1.3.0-setup.exe" /SPAWNWND=$17030E /NOTIFYWND=$A0308 C:\Users\admin\AppData\Local\Temp\is-F02O1.tmp\iNFekt-v1.3.0-setup.tmp
iNFekt-v1.3.0-setup.exe
User:
admin
Company:
syndicode
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-f02o1.tmp\infekt-v1.3.0-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
1132"C:\Program Files\iNFekt\infekt-win64.exe"C:\Program Files\iNFekt\infekt-win64.exeiNFekt-v1.3.0-setup.tmp
User:
admin
Company:
syndicode
Integrity Level:
MEDIUM
Description:
iNFekt NFO Viewer
Version:
1.3.0.0
Modules
Images
c:\program files\infekt\infekt-win64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\program files\infekt\cairo.dll
1176"C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.filehandle.attached=564 -burn.filehandle.self=572 -uninstall -quiet -burn.related.upgrade -burn.ancestors={9387bec2-2f2b-48d1-a0ce-692c5df7042d} -burn.filehandle.self=1036 -burn.embedded BurnPipe.{86697497-AD84-4C29-A03E-C2E01FD0FB76} {6675FD1B-E3BB-4DD2-A9DE-1FDADAFF7BE2} 2316C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
VC_redist.x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
Modules
Images
c:\programdata\package cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\vc_redist.x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1472"C:\Users\admin\AppData\Local\Temp\is-BOJL2.tmp\vcredist_x64.exe" /install /quiet /norestartC:\Users\admin\AppData\Local\Temp\is-BOJL2.tmp\vcredist_x64.exe
iNFekt-v1.3.0-setup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35208
Exit code:
3010
Version:
14.44.35208.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bojl2.tmp\vcredist_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1660C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1676C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
1760"C:\WINDOWS\Temp\{A1DBB8F7-4F29-4BDA-B13B-95B8F0FFCDA1}\.cr\vcredist_x64.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\is-BOJL2.tmp\vcredist_x64.exe" -burn.filehandle.attached=620 -burn.filehandle.self=616 /install /quiet /norestartC:\Windows\Temp\{A1DBB8F7-4F29-4BDA-B13B-95B8F0FFCDA1}\.cr\vcredist_x64.exe
vcredist_x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35208
Exit code:
3010
Version:
14.44.35208.0
Modules
Images
c:\windows\temp\{a1dbb8f7-4f29-4bda-b13b-95b8f0ffcda1}\.cr\vcredist_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2316"C:\WINDOWS\Temp\{6DA7D37B-49DD-4F11-B1CB-5419B1929385}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{E355E5EF-4DD1-4EC4-972C-44DE058D9B7A} {BFE304FC-E562-4CC4-BA65-342953CE9EB0} 1760C:\Windows\Temp\{6DA7D37B-49DD-4F11-B1CB-5419B1929385}\.be\VC_redist.x64.exe
vcredist_x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35208
Exit code:
3010
Version:
14.44.35208.0
Modules
Images
c:\windows\temp\{6da7d37b-49dd-4f11-b1cb-5419b1929385}\.be\vc_redist.x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2320"C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={9387bec2-2f2b-48d1-a0ce-692c5df7042d} -burn.filehandle.self=1036 -burn.embedded BurnPipe.{86697497-AD84-4C29-A03E-C2E01FD0FB76} {6675FD1B-E3BB-4DD2-A9DE-1FDADAFF7BE2} 2316C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exeVC_redist.x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
Modules
Images
c:\programdata\package cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\vc_redist.x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2652"C:\Users\admin\AppData\Local\Temp\is-372UT.tmp\iNFekt-v1.3.0-setup.tmp" /SL5="$A0308,2812846,832512,C:\Users\admin\Desktop\iNFekt-v1.3.0-setup.exe" C:\Users\admin\AppData\Local\Temp\is-372UT.tmp\iNFekt-v1.3.0-setup.tmpiNFekt-v1.3.0-setup.exe
User:
admin
Company:
syndicode
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-372ut.tmp\infekt-v1.3.0-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
Total events
19 747
Read events
18 693
Write events
676
Delete events
378

Modification events

(PID) Process:(2316) VC_redist.x64.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4000000000000000C2D077771BD5DB010C090000C4080000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1676) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000416D94771BD5DB018C06000050130000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1676) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000416D94771BD5DB018C06000050130000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1676) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000C2D077771BD5DB018C06000050130000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1676) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
480000000000000007D396771BD5DB018C06000050130000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1676) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000719A9B771BD5DB018C06000050130000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1676) dllhost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(1676) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
4800000000000000A707D0771BD5DB018C06000050130000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4980) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000090FBDB771BD5DB0174130000AC1E0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4980) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000090FBDB771BD5DB01741300002C1C0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
92
Suspicious files
36
Text files
67
Unknown types
28

Dropped files

PID
Process
Filename
Type
3124iNFekt-v1.3.0-setup.exeC:\Users\admin\AppData\Local\Temp\is-F02O1.tmp\iNFekt-v1.3.0-setup.tmpexecutable
MD5:5244D77556ED856A1025435CEE914B30
SHA256:9E6DE2D33ED8884F96D9E86CC0CF801FA6994B2D8683DE37D853559A7F3E9A2D
1052iNFekt-v1.3.0-setup.tmpC:\Users\admin\AppData\Local\Temp\is-BOJL2.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
1052iNFekt-v1.3.0-setup.tmpC:\Users\admin\AppData\Local\Temp\is-BOJL2.tmp\idp.dllexecutable
MD5:55C310C0319260D798757557AB3BF636
SHA256:54E7E0AD32A22B775131A6288F083ED3286A9A436941377FC20F85DD9AD983ED
1760vcredist_x64.exeC:\Windows\Temp\{6DA7D37B-49DD-4F11-B1CB-5419B1929385}\.ba\1036\thm.wxlxml
MD5:7B46AE8698459830A0F9116BC27DE7DF
SHA256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
1760vcredist_x64.exeC:\Windows\Temp\{6DA7D37B-49DD-4F11-B1CB-5419B1929385}\.ba\1031\license.rtftext
MD5:2DDCA2866D76C850F68ACDFDB696D6DE
SHA256:28F63BAD9C2960395106011761993049546607F8A850D344D6A54042176BF03F
1760vcredist_x64.exeC:\Windows\Temp\{6DA7D37B-49DD-4F11-B1CB-5419B1929385}\.ba\1029\thm.wxlxml
MD5:16343005D29EC431891B02F048C7F581
SHA256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
1760vcredist_x64.exeC:\Windows\Temp\{6DA7D37B-49DD-4F11-B1CB-5419B1929385}\.ba\1028\thm.wxlxml
MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
SHA256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
1760vcredist_x64.exeC:\Windows\Temp\{6DA7D37B-49DD-4F11-B1CB-5419B1929385}\.ba\logo.pngimage
MD5:D6BD210F227442B3362493D046CEA233
SHA256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
1760vcredist_x64.exeC:\Windows\Temp\{6DA7D37B-49DD-4F11-B1CB-5419B1929385}\.ba\license.rtftext
MD5:04B33F0A9081C10E85D0E495A1294F83
SHA256:8099DC3CF9502C335DA829E5C755948A12E3E6DE490EB492A99DEB673D883D8B
1760vcredist_x64.exeC:\Windows\Temp\{6DA7D37B-49DD-4F11-B1CB-5419B1929385}\.ba\1040\thm.wxlxml
MD5:D90BC60FA15299925986A52861B8E5D5
SHA256:0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
36
TCP/UDP connections
59
DNS requests
21
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7628
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
40.126.32.68:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
POST
200
20.190.160.14:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
POST
200
40.126.32.74:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
HEAD
200
199.232.214.172:443
https://download.visualstudio.microsoft.com/download/pr/40b59c73-1480-4caf-ab5b-4886f176bf71/D62841375B90782B1829483AC75695CCEF680A8F13E7DE569B992EF33C6CD14A/VC_redist.x64.exe
unknown
POST
200
40.126.32.74:443
https://login.live.com/RST2.srf
unknown
xml
11.0 Kb
whitelisted
GET
200
23.48.23.31:443
https://download.visualstudio.microsoft.com/download/pr/40b59c73-1480-4caf-ab5b-4886f176bf71/D62841375B90782B1829483AC75695CCEF680A8F13E7DE569B992EF33C6CD14A/VC_redist.x64.exe
unknown
executable
24.4 Mb
whitelisted
GET
304
4.175.87.197:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
GET
200
4.175.87.197:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
compressed
23.9 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
7628
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
6544
svchost.exe
40.126.32.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
7628
svchost.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
7628
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7628
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1660
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
whitelisted
login.live.com
  • 40.126.32.68
  • 20.190.160.132
  • 20.190.160.65
  • 40.126.32.133
  • 20.190.160.22
  • 20.190.160.20
  • 20.190.160.131
  • 20.190.160.14
whitelisted
google.com
  • 172.217.23.110
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
aka.ms
  • 2.20.153.252
whitelisted
download.visualstudio.microsoft.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted

Threats

PID
Process
Class
Message
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
Misc activity
ET INFO EXE - Served Attached HTTP
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Process
Message
msiexec.exe
Failed to release Service
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
iNFekt-v1.3.0-setup.exe