File name:

setup.exe

Full analysis: https://app.any.run/tasks/3510400e-bd0d-4ae6-8506-d19546b30c7c
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 30, 2023, 03:41:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

791001DCEDF0E992BBDD5A5418CBABB5

SHA1:

CA40AAE2609D47F8927478A41849F1595A3A6A51

SHA256:

2068FB1037140CC78CD85D222D856F0881048D66BB31E5A1E851D6C91FC435D8

SSDEEP:

98304:9y/SMPUQ+OuJgjwE6Co22onsv25UgrgHDwa02/Ny1C5VHT+ZacYEBhxmF85VC5pa:CbgyHhqjLoavvqa5czsQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • hosts.exe (PID: 2468)
      • hosts.exe (PID: 2584)
      • hosts.exe (PID: 2396)
      • hosts.exe (PID: 980)
      • hosts.exe (PID: 2756)
      • hosts.exe (PID: 1000)
      • hosts.exe (PID: 2492)
      • hosts.exe (PID: 3024)
      • hosts.exe (PID: 2796)
      • hosts.exe (PID: 3140)
      • hosts.exe (PID: 3172)
      • hosts.exe (PID: 3248)
      • hosts.exe (PID: 3452)
      • hosts.exe (PID: 3492)
      • hosts.exe (PID: 3308)
      • hosts.exe (PID: 3644)
      • hosts.exe (PID: 3816)
      • hosts.exe (PID: 3880)
      • hosts.exe (PID: 3768)
      • hosts.exe (PID: 4028)
      • hosts.exe (PID: 124)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3636)
      • hosts.exe (PID: 1392)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • setup.tmp (PID: 2416)
      • _iu14D2N.tmp (PID: 2440)

    • Starts application with an unusual extension

      • unins000.exe (PID: 2336)

    • Starts CMD.EXE for commands execution

      • setup.tmp (PID: 2416)

    • Creates files in the driver directory

      • hosts.exe (PID: 2468)
      • hosts.exe (PID: 2396)
      • hosts.exe (PID: 2756)
      • hosts.exe (PID: 980)
      • hosts.exe (PID: 1000)
      • hosts.exe (PID: 2492)
      • hosts.exe (PID: 2584)
      • hosts.exe (PID: 3024)
      • hosts.exe (PID: 2796)
      • hosts.exe (PID: 3172)
      • hosts.exe (PID: 3308)
      • hosts.exe (PID: 3140)
      • hosts.exe (PID: 3452)
      • hosts.exe (PID: 3248)
      • hosts.exe (PID: 3492)
      • hosts.exe (PID: 3644)
      • hosts.exe (PID: 3816)
      • hosts.exe (PID: 3880)
      • hosts.exe (PID: 4028)
      • hosts.exe (PID: 124)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3636)
      • hosts.exe (PID: 1392)
      • hosts.exe (PID: 3768)

    • Executing commands from ".cmd" file

      • setup.tmp (PID: 2416)

    • Reads the Internet Settings

      • setup.tmp (PID: 2416)

  • INFO

    • Checks supported languages

      • setup.exe (PID: 2256)
      • setup.tmp (PID: 2416)
      • unins000.exe (PID: 2336)
      • _iu14D2N.tmp (PID: 2440)
      • hosts.exe (PID: 2584)
      • hosts.exe (PID: 2468)
      • FlushFileCache.exe (PID: 2056)
      • hosts.exe (PID: 2396)
      • hosts.exe (PID: 980)
      • hosts.exe (PID: 2756)
      • hosts.exe (PID: 1000)
      • hosts.exe (PID: 2492)
      • hosts.exe (PID: 3024)
      • hosts.exe (PID: 2796)
      • hosts.exe (PID: 3140)
      • hosts.exe (PID: 3248)
      • hosts.exe (PID: 3172)
      • hosts.exe (PID: 3492)
      • hosts.exe (PID: 3452)
      • hosts.exe (PID: 3308)
      • hosts.exe (PID: 3644)
      • hosts.exe (PID: 3880)
      • hosts.exe (PID: 3768)
      • hosts.exe (PID: 4028)
      • hosts.exe (PID: 124)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3636)
      • hosts.exe (PID: 1392)
      • hosts.exe (PID: 3816)

    • Create files in a temporary directory

      • setup.exe (PID: 2256)
      • setup.tmp (PID: 2416)
      • unins000.exe (PID: 2336)
      • _iu14D2N.tmp (PID: 2440)

    • Drops the executable file immediately after the start

      • setup.exe (PID: 2256)
      • setup.tmp (PID: 2416)
      • _iu14D2N.tmp (PID: 2440)
      • unins000.exe (PID: 2336)

    • Reads the computer name

      • setup.tmp (PID: 2416)
      • FlushFileCache.exe (PID: 2056)
      • _iu14D2N.tmp (PID: 2440)
      • hosts.exe (PID: 2584)
      • hosts.exe (PID: 2468)
      • hosts.exe (PID: 2396)
      • hosts.exe (PID: 2756)
      • hosts.exe (PID: 980)
      • hosts.exe (PID: 1000)
      • hosts.exe (PID: 2492)
      • hosts.exe (PID: 3024)
      • hosts.exe (PID: 2796)
      • hosts.exe (PID: 3140)
      • hosts.exe (PID: 3248)
      • hosts.exe (PID: 3172)
      • hosts.exe (PID: 3492)
      • hosts.exe (PID: 3452)
      • hosts.exe (PID: 3308)
      • hosts.exe (PID: 3644)
      • hosts.exe (PID: 3816)
      • hosts.exe (PID: 3768)
      • hosts.exe (PID: 4028)
      • hosts.exe (PID: 3880)
      • hosts.exe (PID: 124)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3636)
      • hosts.exe (PID: 1392)

    • Process drops legitimate windows executable

      • setup.tmp (PID: 2416)
      • _iu14D2N.tmp (PID: 2440)

    • Checks proxy server information

      • setup.tmp (PID: 2416)

    • Process requests binary or script from the Internet

      • setup.tmp (PID: 2416)

    • Reads the machine GUID from the registry

      • setup.tmp (PID: 2416)
      • hosts.exe (PID: 2468)
      • hosts.exe (PID: 2396)
      • hosts.exe (PID: 2756)
      • hosts.exe (PID: 980)
      • hosts.exe (PID: 1000)
      • hosts.exe (PID: 2492)
      • hosts.exe (PID: 3024)
      • hosts.exe (PID: 2796)
      • hosts.exe (PID: 3140)
      • hosts.exe (PID: 2584)
      • hosts.exe (PID: 3248)
      • hosts.exe (PID: 3452)
      • hosts.exe (PID: 3492)
      • hosts.exe (PID: 3172)
      • hosts.exe (PID: 3308)
      • hosts.exe (PID: 3644)
      • hosts.exe (PID: 3816)
      • hosts.exe (PID: 3768)
      • hosts.exe (PID: 4028)
      • hosts.exe (PID: 3880)
      • hosts.exe (PID: 124)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3636)
      • hosts.exe (PID: 1392)

    • Starts itself from another location

      • unins000.exe (PID: 2336)

    • Application launched itself

      • msedge.exe (PID: 2736)
      • msedge.exe (PID: 920)

    • The executable file from the user directory is run by the CMD process

      • hosts.exe (PID: 2468)
      • hosts.exe (PID: 2584)
      • hosts.exe (PID: 2396)
      • hosts.exe (PID: 980)
      • hosts.exe (PID: 2756)
      • hosts.exe (PID: 1000)
      • hosts.exe (PID: 2492)
      • hosts.exe (PID: 3024)
      • hosts.exe (PID: 2796)
      • hosts.exe (PID: 3140)
      • hosts.exe (PID: 3248)
      • hosts.exe (PID: 3172)
      • hosts.exe (PID: 3308)
      • hosts.exe (PID: 3644)
      • hosts.exe (PID: 3492)
      • hosts.exe (PID: 3816)
      • hosts.exe (PID: 3452)
      • hosts.exe (PID: 3880)
      • hosts.exe (PID: 3768)
      • hosts.exe (PID: 4028)
      • hosts.exe (PID: 124)
      • hosts.exe (PID: 1072)
      • hosts.exe (PID: 3636)

    • Manual execution by a user

      • msedge.exe (PID: 920)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:10:02 07:04:04+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 86016
InitializedDataSize: 53760
UninitializedDataSize: -
EntryPoint: 0x16478
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Spider-man Remastered Setup
FileVersion:
LegalCopyright: FitGirl
ProductName: Spider-man Remastered
ProductVersion:
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
88
Monitored processes
47
Malicious processes
4
Suspicious processes
23

Behavior graph

Click at the process to see the details
start setup.exe setup.tmp flushfilecache.exe no specs unins000.exe no specs _iu14d2n.tmp no specs msedge.exe no specs cmd.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe hosts.exe no specs msedge.exe no specs hosts.exe no specs msedge.exe no specs msedge.exe hosts.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs hosts.exe no specs msedge.exe no specs hosts.exe no specs msedge.exe no specs msedge.exe no specs setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124hosts.exe add www.fitgirlpack.site 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-3109P.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-3109p.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
128"C:\Users\admin\AppData\Local\Temp\setup.exe" C:\Users\admin\AppData\Local\Temp\setup.exeexplorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Spider-man Remastered Setup
Exit code:
3221226540
Version:
Modules
Images
c:\users\admin\appdata\local\temp\setup.exe
c:\windows\system32\ntdll.dll
492"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3416 --field-trial-handle=1344,i,14480637335526087167,719608026135194148,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
604"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1344,i,14480637335526087167,719608026135194148,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
864"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2648 --field-trial-handle=1344,i,14480637335526087167,719608026135194148,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
920"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate http://bit.ly/fitgirl-repacks-siteC:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
980hosts.exe add fitgirl-repacks.cc 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-3109P.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-3109p.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1000hosts.exe add fitgirl-repack.com 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-3109P.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-3109p.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1072hosts.exe add fitgirl-repack.org 109.94.209.70 # Fake FitGirl site C:\Users\admin\AppData\Local\Temp\is-3109P.tmp\hosts.execmd.exe
User:
admin
Company:
Vegalogic Software
Integrity Level:
HIGH
Description:
Hosts Commander
Exit code:
0
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\is-3109p.tmp\hosts.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1384"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6b9df598,0x6b9df5a8,0x6b9df5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
9 186
Read events
8 979
Write events
202
Delete events
5

Modification events

(PID) Process:(2416) setup.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\DirectSound\Speaker Configuration
Operation:writeName:Speaker Configuration
Value:
4
(PID) Process:(2416) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2416) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2416) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2416) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2416) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2416) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2416) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2416) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2440) _iu14D2N.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spider-man Remastered_is1
Operation:delete keyName:(default)
Value:
Executable files
55
Suspicious files
31
Text files
72
Unknown types
0

Dropped files

PID
Process
Filename
Type
2416setup.tmpC:\Users\admin\AppData\Local\Temp\is-3109P.tmp\wintb.dllexecutable
MD5:9436DF49E08C83BAD8DDC906478C2041
SHA256:1910537AA95684142250CA0C7426A0B5F082E39F6FBDBDBA649AECB179541435
2416setup.tmpC:\Users\admin\AppData\Local\Temp\is-3109P.tmp\innocallback.dllexecutable
MD5:1C55AE5EF9980E3B1028447DA6105C75
SHA256:6AFA2D104BE6EFE3D9A2AB96DBB75DB31565DAD64DD0B791E402ECC25529809F
2416setup.tmpC:\Users\admin\AppData\Local\Temp\is-3109P.tmp\ISDone.dllexecutable
MD5:63DC27B7BC65243EFAA59A9797A140BA
SHA256:C652B4B564B3C85C399155CBB45C6FB5A9F56F074E566BFD20F01DA6E0412C74
2416setup.tmpC:\Users\admin\AppData\Local\Temp\is-3109P.tmp\idp.dllexecutable
MD5:AF555AC9C073F88FE5BF0D677F085025
SHA256:F4FC0187491A9CB89E233197FF72C2405B5EC02E8B8EA640EE68D034DDBC44BB
2416setup.tmpC:\Users\admin\AppData\Local\Temp\is-3109P.tmp\cls-magic2l_x86.exeexecutable
MD5:7CBE7DB7FC9258B6A43551140C343BB3
SHA256:6EA07AA4F5565AC289402ADE3B2E52BF8089AD6185E0ECF0E1F36CEA39C091A9
2416setup.tmpC:\Users\admin\AppData\Local\Temp\is-3109P.tmp\cls-lollypop_x86.exeexecutable
MD5:3527C6739C46F4EE1CFB6B48E1407883
SHA256:724C6E07180E321298B4EA4405C3F7536C524D9826D24F5D6FC50BCB0EF8F723
2416setup.tmpC:\Users\admin\AppData\Local\Temp\is-3109P.tmp\cls-srep_x64.exeexecutable
MD5:6AE2ADD85EC2B642D865FFAAA391D5BB
SHA256:ED8A485B9984997306EA6B5C6D98B5026A5B7903C1DF4C229BF93BF113C78EE9
2416setup.tmpC:\Users\admin\AppData\Local\Temp\is-3109P.tmp\cls-magic2_x86.exeexecutable
MD5:7CBE7DB7FC9258B6A43551140C343BB3
SHA256:6EA07AA4F5565AC289402ADE3B2E52BF8089AD6185E0ECF0E1F36CEA39C091A9
2416setup.tmpC:\Users\admin\AppData\Local\Temp\is-3109P.tmp\cls-magic2l_x64.exeexecutable
MD5:7234C4334A7523B1AC6F51C072497071
SHA256:D92F7C60256509F74E36D9B5AAB041FE44999B1A3910D70AA83C9D01F062EA29
2416setup.tmpC:\Users\admin\AppData\Local\Temp\is-3109P.tmp\cls-zstd.dllexecutable
MD5:501A60FD5593140F25978B8249DA715D
SHA256:FB0B85E32EAC59200A807F1FF51B7F1A865FAA65E9DFBE39C75A8DCAA5BE3FD3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
36
DNS requests
45
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2416
setup.tmp
HEAD
200
68.232.34.200:80
http://download.visualstudio.microsoft.com/download/pr/9565895b-35a6-434b-a881-11a6f4beec76/EE84FED2552E018E854D4CD2496DF4DD516F30733A27901167B8A9882119E57C/VC_redist.x64.exe
US
unknown
2416
setup.tmp
HEAD
200
68.232.34.200:80
http://download.visualstudio.microsoft.com/download/pr/9565895b-35a6-434b-a881-11a6f4beec76/4A8157B2FF422C259DDAA2D0E568C0C0AFAB940E1F6E0E482EF83E90DDBAD2D6/VC_redist.x86.exe
US
unknown
3048
msedge.exe
GET
301
67.199.248.10:80
http://bit.ly/fitgirl-repacks-site
US
html
115 b
unknown
2416
setup.tmp
GET
200
68.232.34.200:80
http://download.visualstudio.microsoft.com/download/pr/9565895b-35a6-434b-a881-11a6f4beec76/4A8157B2FF422C259DDAA2D0E568C0C0AFAB940E1F6E0E482EF83E90DDBAD2D6/VC_redist.x86.exe
US
executable
13.7 Mb
unknown
3048
msedge.exe
GET
301
190.115.31.179:80
http://fitgirl-repacks.site/
BZ
html
568 b
unknown
2416
setup.tmp
GET
200
68.232.34.200:80
http://download.visualstudio.microsoft.com/download/pr/9565895b-35a6-434b-a881-11a6f4beec76/EE84FED2552E018E854D4CD2496DF4DD516F30733A27901167B8A9882119E57C/VC_redist.x64.exe
US
executable
14.3 Mb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2416
setup.tmp
68.232.34.200:80
download.visualstudio.microsoft.com
EDGECAST
US
whitelisted
3048
msedge.exe
67.199.248.10:80
bit.ly
GOOGLE-CLOUD-PLATFORM
US
shared
920
msedge.exe
239.255.255.250:1900
whitelisted
3048
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3048
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3048
msedge.exe
20.31.251.109:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
3048
msedge.exe
51.104.176.40:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
download.visualstudio.microsoft.com
  • 68.232.34.200
whitelisted
bit.ly
  • 67.199.248.10
  • 67.199.248.11
shared
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.31.251.109
  • 51.104.176.40
whitelisted
fitgirl-repacks.site
  • 190.115.31.179
unknown
data-edge.smartscreen.microsoft.com
  • 51.104.176.40
whitelisted
google.com
  • 216.58.214.174
  • 142.250.185.110
whitelisted
stats.wp.com
  • 192.0.76.3
whitelisted
i7.imageban.ru
  • 62.109.19.95
unknown

Threats

PID
Process
Class
Message
2416
setup.tmp
Misc activity
ET INFO EXE - Served Attached HTTP
2416
setup.tmp
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
setup.exe