File name:

exness4setup.exe

Full analysis: https://app.any.run/tasks/2c71d0d6-21da-4b0d-b890-1b645b15e720
Verdict: Malicious activity
Analysis date: January 10, 2024, 18:07:08
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32+ executable (GUI) x86-64, for MS Windows
MD5:

95A4A2ACE906D699A49F2968687AAEC4

SHA1:

F540DE40AD21B8AB5514EE46D91E50DA2E48DB25

SHA256:

3FE0E1CDF4BE280148266B9D0A92D6E2A1A3EEEB07F98023832B5959CD842948

SSDEEP:

98304:RufhN7yZPOKc8eghzuAJT6BM86amGtZZuoD08EslwYKEQo5cxYiqKgtifsXFlQOl:qL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the BIOS version

      • exness4setup.exe (PID: 4076)
      • exness4setup.exe (PID: 5760)
      • exness4setup.exe (PID: 3980)
      • exness4setup.exe (PID: 5628)
      • terminal.exe (PID: 4436)

    • Reads security settings of Internet Explorer

      • exness4setup.exe (PID: 5760)
      • exness4setup.exe (PID: 5628)

    • Checks Windows Trust Settings

      • exness4setup.exe (PID: 5760)
      • exness4setup.exe (PID: 5628)

    • Reads Internet Explorer settings

      • exness4setup.exe (PID: 5760)
      • exness4setup.exe (PID: 5628)

    • Explorer used for Indirect Command Execution

      • explorer.exe (PID: 5840)

  • INFO

    • Drops the executable file immediately after the start

      • exness4setup.exe (PID: 4076)
      • exness4setup.exe (PID: 5628)
      • terminal.exe (PID: 4436)

    • Checks supported languages

      • exness4setup.exe (PID: 4076)
      • exness4setup.exe (PID: 5760)
      • exness4setup.exe (PID: 3980)
      • identity_helper.exe (PID: 892)
      • exness4setup.exe (PID: 5628)
      • terminal.exe (PID: 3308)
      • terminal.exe (PID: 4436)
      • metaeditor.exe (PID: 6016)
      • metaeditor.exe (PID: 3344)
      • metaeditor.exe (PID: 5668)
      • metaeditor.exe (PID: 5992)

    • Reads Windows Product ID

      • exness4setup.exe (PID: 4076)
      • exness4setup.exe (PID: 5760)
      • exness4setup.exe (PID: 3980)
      • exness4setup.exe (PID: 5628)
      • terminal.exe (PID: 3308)
      • terminal.exe (PID: 4436)
      • metaeditor.exe (PID: 5668)
      • metaeditor.exe (PID: 6016)
      • metaeditor.exe (PID: 3344)
      • metaeditor.exe (PID: 5992)

    • Reads the computer name

      • exness4setup.exe (PID: 4076)
      • exness4setup.exe (PID: 5760)
      • identity_helper.exe (PID: 892)
      • exness4setup.exe (PID: 3980)
      • exness4setup.exe (PID: 5628)
      • metaeditor.exe (PID: 5668)
      • metaeditor.exe (PID: 6016)
      • metaeditor.exe (PID: 3344)
      • metaeditor.exe (PID: 5992)
      • terminal.exe (PID: 4436)

    • Process checks whether UAC notifications are on

      • exness4setup.exe (PID: 4076)
      • exness4setup.exe (PID: 3980)
      • terminal.exe (PID: 4436)
      • terminal.exe (PID: 3308)
      • metaeditor.exe (PID: 5668)
      • metaeditor.exe (PID: 6016)
      • metaeditor.exe (PID: 5992)
      • metaeditor.exe (PID: 3344)

    • Application launched itself

      • exness4setup.exe (PID: 4076)
      • msedge.exe (PID: 2224)
      • msedge.exe (PID: 512)
      • exness4setup.exe (PID: 3980)
      • msedge.exe (PID: 4936)
      • msedge.exe (PID: 2796)

    • Creates files or folders in the user directory

      • exness4setup.exe (PID: 4076)
      • exness4setup.exe (PID: 5760)
      • exness4setup.exe (PID: 3980)
      • exness4setup.exe (PID: 5628)
      • metaeditor.exe (PID: 5668)
      • metaeditor.exe (PID: 6016)
      • terminal.exe (PID: 4436)
      • metaeditor.exe (PID: 3344)
      • metaeditor.exe (PID: 5992)

    • Creates files in the program directory

      • exness4setup.exe (PID: 5760)
      • exness4setup.exe (PID: 5628)
      • terminal.exe (PID: 4436)

    • Reads the machine GUID from the registry

      • exness4setup.exe (PID: 5760)
      • exness4setup.exe (PID: 5628)
      • terminal.exe (PID: 4436)

    • Reads the software policy settings

      • exness4setup.exe (PID: 5760)
      • exness4setup.exe (PID: 5628)
      • terminal.exe (PID: 4436)

    • Manual execution by a user

      • msedge.exe (PID: 512)
      • exness4setup.exe (PID: 3980)

    • Reads CPU info

      • exness4setup.exe (PID: 5628)
      • terminal.exe (PID: 4436)
      • exness4setup.exe (PID: 5760)

    • Process checks computer location settings

      • exness4setup.exe (PID: 5628)

    • Reads product name

      • terminal.exe (PID: 4436)

    • Reads Environment values

      • terminal.exe (PID: 4436)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:01:06 15:49:51+01:00
ImageFileCharacteristics: Executable
PEType: PE32+
LinkerVersion: 14.38
CodeSize: 1314304
InitializedDataSize: 3233792
UninitializedDataSize: -
EntryPoint: 0x2b278
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 5.0.0.4122
ProductVersionNumber: 5.0.0.4122
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: https://www.metaquotes.net
CompanyName: MetaQuotes Ltd.
FileDescription: Setup
FileVersion: 5.0.0.4122
InternalName: Setup
LegalCopyright: © 2000-2024, MetaQuotes Ltd.
LegalTrademarks: MetaTrader
OriginalFileName: Setup
ProductName: Setup
ProductVersion: 5.0.0.4122
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
189
Monitored processes
53
Malicious processes
2
Suspicious processes
3

Behavior graph

Click at the process to see the details
start exness4setup.exe exness4setup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs exness4setup.exe no specs exness4setup.exe msedge.exe no specs msedge.exe no specs filecoauth.exe no specs msedge.exe no specs terminal.exe no specs msedge.exe no specs msedge.exe no specs explorer.exe no specs msedge.exe no specs msedge.exe no specs explorer.exe no specs msedge.exe no specs terminal.exe metaeditor.exe no specs metaeditor.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs metaeditor.exe no specs metaeditor.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs filecoauth.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument https://www.mql5.com/en/auth_register?nobanner=true&utm_campaign=mql5.register&utm_medium=special&utm_source=web.installer&utm_codepage=1033&utm_uniq=5188845343151378080&utm_link=74BAB33E0E66E858F995CF8800B3C38C&ref=www.exness.comC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
516"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale=en_GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3496 --field-trial-handle=2052,i,15247162459921209301,15609858244597901564,131072 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
892"C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 --field-trial-handle=2052,i,15247162459921209301,15609858244597901564,131072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.62\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
1176"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5360 --field-trial-handle=2052,i,15247162459921209301,15609858244597901564,131072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1356"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=2180,i,9568952454682557565,6210177192708268623,131072 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1376"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2488 --field-trial-handle=1956,i,2718479723481749969,619171286559780834,131072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1560"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 --field-trial-handle=2052,i,15247162459921209301,15609858244597901564,131072 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1564"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3484 --field-trial-handle=2052,i,15247162459921209301,15609858244597901564,131072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=2180,i,9568952454682557565,6210177192708268623,131072 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2224"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mql5.com/en/auth_register?nobanner=true&utm_campaign=mql5.register&utm_medium=special&utm_source=web.installer&utm_codepage=1033&utm_uniq=5188845343151378080&utm_link=74BAB33E0E66E858F995CF8800B3C38C&ref=www.exness.comC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeexness4setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
26 211
Read events
26 096
Write events
114
Delete events
1

Modification events

(PID) Process:(4076) exness4setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4076) exness4setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4076) exness4setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4076) exness4setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(5760) exness4setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(5760) exness4setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(5760) exness4setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2224) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2224) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2224) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
Executable files
8
Suspicious files
604
Text files
285
Unknown types
3

Dropped files

PID
Process
Filename
Type
512msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10f1b5.TMP
MD5:
SHA256:
512msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
512msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10f1c4.TMP
MD5:
SHA256:
512msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
512msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF10f203.TMP
MD5:
SHA256:
512msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
2224msedge.exeC:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\CRASHPAD\SETTINGS.DATbinary
MD5:E2757D5A5254E45CDCE4888662B214A8
SHA256:8306EF3DCAE74D697DF4367324A026CAA9EAC9B36D7FBE49E9C381446DE0CE75
2224msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\b7b0720b-83b6-4d74-a144-b6d80e6bafb4.tmpbinary
MD5:87084F969568F2748BF063B7F01DA8B9
SHA256:6683AB1DC708304B77E5D8AA9E977AE2A042DA1C9E42DCCDE0BF1EF00A489CDC
512msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old~RF10f232.TMPtext
MD5:30D59E9B44FA0B4ECA7BDAEE2490D5A0
SHA256:7EA7C035EB4DF6A954BF8A8907FF601722A17E1A6D15C52B5636C1894DCC6C48
2224msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\cb41a5d9-4395-4dc5-ae8b-154ba96b1adf.tmpbinary
MD5:87084F969568F2748BF063B7F01DA8B9
SHA256:6683AB1DC708304B77E5D8AA9E977AE2A042DA1C9E42DCCDE0BF1EF00A489CDC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
170
TCP/UDP connections
705
DNS requests
90
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
78.140.180.43:443
https://download.mql5.com/cdn/dns/dns.dat
unknown
unknown
5760
exness4setup.exe
GET
200
156.38.206.18:443
https://api6.mql5.net/cdn/files/mt4/cdn.txt
unknown
text
137 b
unknown
5760
exness4setup.exe
GET
200
195.201.80.82:443
https://download.mql5.com/cdn/dns/dns.dat
unknown
binary
14.8 Kb
unknown
5760
exness4setup.exe
GET
200
78.140.180.86:443
https://content.finteza.com/tr?event=MetaTrader%204%20Desktop+Install+Begin&id=kbwyexqdujfqmunrjhycknpcwyjgqxemen&utm_website=install.metatrader4.com&model=desktop&scr_res=1280x720&cpu=4&memory=4096&l=en&model_vendor=DELL&model_device=DELL&fv_date=1704910044&utm_source=download.metatrader.com&signature=19f87f0e1a240b91dded66a115167198410141704910045
unknown
image
70 b
unknown
5760
exness4setup.exe
GET
200
66.203.112.227:443
https://api12.mql5.net/cdn/files/mt4/cdn.txt
unknown
text
137 b
unknown
5760
exness4setup.exe
GET
200
78.140.180.43:443
https://api1.mql5.net/cdn/files/mt4/cdn.txt
unknown
text
137 b
unknown
5760
exness4setup.exe
GET
200
185.252.31.15:443
https://api10.mql5.net/cdn/files/mt4/cdn.txt
unknown
text
137 b
unknown
5760
exness4setup.exe
GET
200
142.215.208.235:443
https://api7.mql5.net/cdn/files/mt4/cdn.txt
unknown
text
137 b
unknown
5760
exness4setup.exe
GET
200
117.20.41.198:443
https://api2.mql5.net/cdn/files/mt4/cdn.txt
unknown
text
137 b
unknown
5760
exness4setup.exe
GET
200
177.154.156.125:443
https://api8.mql5.net/cdn/files/mt4/cdn.txt
unknown
text
137 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4076
exness4setup.exe
195.201.80.82:443
download.mql5.com
Hetzner Online GmbH
DE
unknown
5760
exness4setup.exe
195.201.80.82:443
download.mql5.com
Hetzner Online GmbH
DE
unknown
5760
exness4setup.exe
78.140.180.86:443
content.finteza.com
Webzilla B.V.
NL
unknown
5760
exness4setup.exe
78.140.180.43:443
download.mql5.com
Webzilla B.V.
NL
unknown
5760
exness4setup.exe
117.20.41.198:443
INTERNAP-BLK4
SG
unknown
5760
exness4setup.exe
148.113.1.241:443
IN
unknown
5760
exness4setup.exe
88.212.232.132:443
United Network LLC
RU
unknown
5760
exness4setup.exe
104.166.145.86:443
ZEN-ECN
NG
unknown
5760
exness4setup.exe
156.38.206.18:443
xneelo
ZA
unknown
5760
exness4setup.exe
142.215.208.235:443
EQUINIX-EC-NY
US
unknown

DNS requests

Domain
IP
Reputation
download.mql5.com
  • 195.201.80.82
  • 78.140.180.43
whitelisted
content.finteza.com
  • 78.140.180.86
unknown
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
  • 4.231.128.59
whitelisted
www.mql5.com
  • 78.140.180.54
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edgeassetservice.azureedge.net
  • 13.107.246.45
  • 13.107.213.45
  • 13.107.213.63
  • 13.107.246.63
whitelisted
self.events.data.microsoft.com
  • 52.168.117.169
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
content.mql5.com
  • 78.140.180.86
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
exness4setup.exe