| File name: | ATLauncher-setup-1.3.0.0.exe |
| Full analysis: | https://app.any.run/tasks/45ae8788-c4dc-4be8-bdf3-e377d8bf7e7e |
| Verdict: | Malicious activity |
| Threats: | Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security. |
| Analysis date: | May 25, 2025, 09:36:13 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections |
| MD5: | 9D56B8206CBC9F298DFE5991161EF21D |
| SHA1: | C4F531D4499676685C162C014E6024A441BED82C |
| SHA256: | 4AC8068C83E84B9C9C09DCAD37120ED4041E72480C4E9A36543445DCB78432D2 |
| SSDEEP: | 98304:Z6GavilarPpxm7kWxWuMYp/tgpnpbpMnrYkSEZxcT1XG15aikVIFh8ECMiN/VW+1:1j6Nb |
MALICIOUS
No malicious indicators.SUSPICIOUS
Executable content was dropped or overwritten
- ATLauncher-setup-1.3.0.0.exe (PID: 864)
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
- javaw.exe (PID: 1388)
- 7za.exe (PID: 5116)
Reads the Windows owner or organization settings
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
Process drops legitimate windows executable
- 7za.exe (PID: 5116)
Drops 7-zip archiver for unpacking
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
Uses REG/REGEDIT.EXE to modify registry
- javaw.exe (PID: 1388)
Application launched itself
- javaw.exe (PID: 1388)
The process drops C-runtime libraries
- 7za.exe (PID: 5116)
Reads security settings of Internet Explorer
- javaw.exe (PID: 1388)
The process checks if it is being run in the virtual environment
- javaw.exe (PID: 1388)
INFO
Create files in a temporary directory
- ATLauncher-setup-1.3.0.0.exe (PID: 864)
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
- javaw.exe (PID: 4608)
- javaw.exe (PID: 1388)
- java.exe (PID: 4336)
- javaw.exe (PID: 6824)
Checks supported languages
- ATLauncher-setup-1.3.0.0.exe (PID: 864)
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
- javaw.exe (PID: 4608)
- 7za.exe (PID: 5116)
- ATLauncher.exe (PID: 4008)
- java.exe (PID: 4336)
- javaw.exe (PID: 6824)
- javaw.exe (PID: 1388)
Reads the computer name
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
- 7za.exe (PID: 5116)
- javaw.exe (PID: 1388)
Compiled with Borland Delphi (YARA)
- ATLauncher-setup-1.3.0.0.exe (PID: 864)
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
Detects InnoSetup installer (YARA)
- ATLauncher-setup-1.3.0.0.exe (PID: 864)
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
Checks proxy server information
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
- slui.exe (PID: 728)
Reads the machine GUID from the registry
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
- javaw.exe (PID: 1388)
Reads CPU info
- javaw.exe (PID: 4608)
- javaw.exe (PID: 6824)
- javaw.exe (PID: 1388)
Creates files or folders in the user directory
- 7za.exe (PID: 5116)
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
- javaw.exe (PID: 1388)
Reads the software policy settings
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
- slui.exe (PID: 728)
The sample compiled with english language support
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
- 7za.exe (PID: 5116)
Creates a software uninstall entry
- ATLauncher-setup-1.3.0.0.tmp (PID: 744)
Process checks computer location settings
- javaw.exe (PID: 1388)
Creates files in the program directory
- java.exe (PID: 4336)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Inno Setup installer (53.5) |
|---|---|---|
| .exe | | | InstallShield setup (21) |
| .exe | | | Win32 EXE PECompact compressed (generic) (20.2) |
| .exe | | | Win32 Executable (generic) (2.1) |
| .exe | | | Win16/32 Executable Delphi generic (1) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2025:01:08 15:36:35+00:00 |
| ImageFileCharacteristics: | Executable, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 2.25 |
| CodeSize: | 684032 |
| InitializedDataSize: | 529408 |
| UninitializedDataSize: | - |
| EntryPoint: | 0xa7f98 |
| OSVersion: | 6.1 |
| ImageVersion: | - |
| SubsystemVersion: | 6.1 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.3.0.0 |
| ProductVersionNumber: | 1.3.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Neutral |
| CharacterSet: | Unicode |
| Comments: | This installation was built with Inno Setup. |
| CompanyName: | ATLauncher |
| FileDescription: | ATLauncher Setup |
| FileVersion: | 1.3.0.0 |
| LegalCopyright: | |
| OriginalFileName: | |
| ProductName: | ATLauncher |
| ProductVersion: | 1.3.0.0 |
Total processes
145
Monitored processes
16
Malicious processes
2
Suspicious processes
2
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 668 | reg query HKEY_LOCAL_MACHINE\Software\JavaSoft\ /f Home /t REG_SZ /s /reg:64 | C:\Windows\System32\reg.exe | — | javaw.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Console Tool Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 728 | C:\WINDOWS\System32\slui.exe -Embedding | C:\Windows\System32\slui.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Activation Client Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 744 | "C:\Users\admin\AppData\Local\Temp\is-BMDBF.tmp\ATLauncher-setup-1.3.0.0.tmp" /SL5="$902B0,1538498,1214464,C:\Users\admin\Desktop\ATLauncher-setup-1.3.0.0.exe" | C:\Users\admin\AppData\Local\Temp\is-BMDBF.tmp\ATLauncher-setup-1.3.0.0.tmp | ATLauncher-setup-1.3.0.0.exe | ||||||||||||
User: admin Company: ATLauncher Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 Modules
| |||||||||||||||
| 864 | "C:\Users\admin\Desktop\ATLauncher-setup-1.3.0.0.exe" | C:\Users\admin\Desktop\ATLauncher-setup-1.3.0.0.exe | explorer.exe | ||||||||||||
User: admin Company: ATLauncher Integrity Level: MEDIUM Description: ATLauncher Setup Exit code: 0 Version: 1.3.0.0 Modules
| |||||||||||||||
| 1052 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | 7za.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1388 | "C:\Users\admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe" -Djna.nosys=true -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true -classpath "C:\Users\admin\AppData\Roaming\ATLauncher\ATLauncher.exe;lib\oshi-core-6.6.6.jar;lib\jna-platform-5.16.0.jar;lib\jna-5.16.0.jar;lib\gson-2.11.0.jar;lib\guava-33.4.0-jre.jar;lib\xz-1.10.jar;lib\base64-2.3.9.jar;lib\jopt-simple-5.0.4.jar;lib\zt-zip-1.17.jar;lib\sentry-8.0.0.jar;lib\gettext-lib-88ae68d897.jar;lib\murmur-1.0.0.jar;lib\jlhttp-3.2.jar;lib\joda-time-2.13.0.jar;lib\commonmark-0.21.0.jar;lib\dbus-java-3.3.2.jar;lib\nekodetector-Version-1.1-pre.jar;lib\imageio-webp-3.12.0.jar;lib\commons-compress-1.27.1.jar;lib\okhttp-tls-4.12.0.jar;lib\apollo-rx3-support-2.5.14.jar;lib\apollo-runtime-2.5.14.jar;lib\apollo-http-cache-2.5.14.jar;lib\okhttp-4.12.0.jar;lib\flatlaf-extras-3.5.4.jar;lib\flatlaf-3.5.4.jar;lib\log4j-core-2.24.3.jar;lib\log4j-api-2.24.3.jar;lib\rxswing-a5749ad421.jar;lib\rxjava-3.1.10.jar;lib\error_prone_annotations-2.36.0.jar;lib\failureaccess-1.0.2.jar;lib\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;lib\apollo-normalized-cache-jvm-2.5.14.jar;lib\cache-2.0.2.jar;lib\jsr305-3.0.2.jar;lib\checker-qual-3.43.0.jar;lib\j2objc-annotations-3.0.0.jar;lib\slf4j-api-2.0.16.jar;lib\antlr4-runtime-4.7.3.jar;lib\jnr-unixsocket-0.38.17.jar;lib\jnr-enxio-0.32.13.jar;lib\jnr-posix-3.1.15.jar;lib\jnr-ffi-2.2.11.jar;lib\asm-commons-9.2.jar;lib\asm-util-9.2.jar;lib\asm-analysis-9.2.jar;lib\asm-tree-9.5.jar;lib\asm-9.5.jar;lib\imageio-metadata-3.12.0.jar;lib\imageio-core-3.12.0.jar;lib\common-image-3.12.0.jar;lib\common-io-3.12.0.jar;lib\common-lang-3.12.0.jar;lib\commons-codec-1.17.1.jar;lib\commons-io-2.16.1.jar;lib\commons-lang3-3.16.0.jar;lib\apollo-http-cache-api-2.5.14.jar;lib\apollo-normalized-cache-api-jvm-2.5.14.jar;lib\apollo-api-jvm-2.5.14.jar;lib\okio-jvm-3.6.0.jar;lib\kotlin-stdlib-jdk8-1.9.10.jar;lib\jsvg-1.4.0.jar;lib\reactive-streams-1.0.4.jar;lib\jnr-constants-0.10.3.jar;lib\kotlin-stdlib-jdk7-1.9.10.jar;lib\uuid-jvm-0.2.0.jar;lib\kotlin-stdlib-1.9.10.jar;lib\jffi-1.3.9.jar;lib\jffi-1.3.9-native.jar;lib\jnr-a64asm-1.0.0.jar;lib\jnr-x86asm-1.0.2.jar;lib\kotlin-stdlib-common-1.9.10.jar;lib\annotations-13.0.jar" com.atlauncher.App | C:\Users\admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe | ATLauncher.exe | ||||||||||||
User: admin Company: Eclipse Adoptium Integrity Level: MEDIUM Description: OpenJDK Platform binary Version: 17.0.9.0 Modules
| |||||||||||||||
| 3896 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | reg.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 4008 | "C:\Users\admin\AppData\Roaming\ATLauncher\ATLauncher.exe" | C:\Users\admin\AppData\Roaming\ATLauncher\ATLauncher.exe | — | ATLauncher-setup-1.3.0.0.tmp | |||||||||||
User: admin Company: ATLauncher Integrity Level: MEDIUM Description: ATLauncher Exit code: 0 Version: 3.4.39.5 Modules
| |||||||||||||||
| 4336 | "C:\Program Files\Java\jre1.8.0_271\bin\java.exe" -version | C:\Program Files\Java\jre1.8.0_271\bin\java.exe | — | javaw.exe | |||||||||||
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.2710.9 Modules
| |||||||||||||||
| 4608 | "C:\Users\admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe" -version | C:\Users\admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe | — | ATLauncher.exe | |||||||||||
User: admin Company: Eclipse Adoptium Integrity Level: MEDIUM Description: OpenJDK Platform binary Exit code: 0 Version: 17.0.9.0 Modules
| |||||||||||||||
Total events
9 831
Read events
9 805
Write events
26
Delete events
0
Modification events
| (PID) Process: | (744) ATLauncher-setup-1.3.0.0.tmp | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5FDA11-45A5-4CC3-8E51-5E11E2481697}_is1 |
| Operation: | write | Name: | Inno Setup: Setup Version |
Value: 6.4.0 | |||
| (PID) Process: | (744) ATLauncher-setup-1.3.0.0.tmp | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5FDA11-45A5-4CC3-8E51-5E11E2481697}_is1 |
| Operation: | write | Name: | Inno Setup: App Path |
Value: C:\Users\admin\AppData\Roaming\ATLauncher | |||
| (PID) Process: | (744) ATLauncher-setup-1.3.0.0.tmp | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5FDA11-45A5-4CC3-8E51-5E11E2481697}_is1 |
| Operation: | write | Name: | InstallLocation |
Value: C:\Users\admin\AppData\Roaming\ATLauncher\ | |||
| (PID) Process: | (744) ATLauncher-setup-1.3.0.0.tmp | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5FDA11-45A5-4CC3-8E51-5E11E2481697}_is1 |
| Operation: | write | Name: | Inno Setup: Icon Group |
Value: ATLauncher | |||
| (PID) Process: | (744) ATLauncher-setup-1.3.0.0.tmp | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5FDA11-45A5-4CC3-8E51-5E11E2481697}_is1 |
| Operation: | write | Name: | Inno Setup: User |
Value: admin | |||
| (PID) Process: | (744) ATLauncher-setup-1.3.0.0.tmp | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5FDA11-45A5-4CC3-8E51-5E11E2481697}_is1 |
| Operation: | write | Name: | Inno Setup: Selected Tasks |
Value: desktopicon | |||
| (PID) Process: | (744) ATLauncher-setup-1.3.0.0.tmp | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5FDA11-45A5-4CC3-8E51-5E11E2481697}_is1 |
| Operation: | write | Name: | Inno Setup: Deselected Tasks |
Value: | |||
| (PID) Process: | (744) ATLauncher-setup-1.3.0.0.tmp | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5FDA11-45A5-4CC3-8E51-5E11E2481697}_is1 |
| Operation: | write | Name: | Inno Setup: Language |
Value: english | |||
| (PID) Process: | (744) ATLauncher-setup-1.3.0.0.tmp | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5FDA11-45A5-4CC3-8E51-5E11E2481697}_is1 |
| Operation: | write | Name: | DisplayName |
Value: ATLauncher Setup | |||
| (PID) Process: | (744) ATLauncher-setup-1.3.0.0.tmp | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5FDA11-45A5-4CC3-8E51-5E11E2481697}_is1 |
| Operation: | write | Name: | DisplayIcon |
Value: C:\Users\admin\AppData\Roaming\ATLauncher\ATLauncher.exe | |||
Executable files
107
Suspicious files
16
Text files
219
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 744 | ATLauncher-setup-1.3.0.0.tmp | C:\Users\admin\AppData\Local\Temp\is-2896L.tmp\is-F31SU.tmp | — | |
MD5:— | SHA256:— | |||
| 744 | ATLauncher-setup-1.3.0.0.tmp | C:\Users\admin\AppData\Local\Temp\is-2896L.tmp\jre.zip | — | |
MD5:— | SHA256:— | |||
| 744 | ATLauncher-setup-1.3.0.0.tmp | C:\Users\admin\AppData\Local\Temp\is-2896L.tmp\is-T1H87.tmp | — | |
MD5:— | SHA256:— | |||
| 744 | ATLauncher-setup-1.3.0.0.tmp | C:\Users\admin\AppData\Local\Temp\is-2896L.tmp\is-B4RIL.tmp | executable | |
MD5:1BF7D03D2202C09F6AB164E5368E164E | SHA256:47FC85C7F65F10616CDCAD569E4002877EB7C1FE7BDB99CB2EBFDC7FBDCE2C9D | |||
| 744 | ATLauncher-setup-1.3.0.0.tmp | C:\Users\admin\AppData\Local\Temp\is-2896L.tmp\ATLauncher.exe | executable | |
MD5:1BF7D03D2202C09F6AB164E5368E164E | SHA256:47FC85C7F65F10616CDCAD569E4002877EB7C1FE7BDB99CB2EBFDC7FBDCE2C9D | |||
| 744 | ATLauncher-setup-1.3.0.0.tmp | C:\Users\admin\AppData\Local\Temp\is-2896L.tmp\_isetup\_setup64.tmp | executable | |
MD5:E4211D6D009757C078A9FAC7FF4F03D4 | SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95 | |||
| 744 | ATLauncher-setup-1.3.0.0.tmp | C:\Users\admin\AppData\Roaming\ATLauncher\ATLauncher.exe | executable | |
MD5:1BF7D03D2202C09F6AB164E5368E164E | SHA256:47FC85C7F65F10616CDCAD569E4002877EB7C1FE7BDB99CB2EBFDC7FBDCE2C9D | |||
| 744 | ATLauncher-setup-1.3.0.0.tmp | C:\Users\admin\AppData\Local\Temp\is-2896L.tmp\is-3RU13.tmp | executable | |
MD5:43141E85E7C36E31B52B22AB94D5E574 | SHA256:EA308C76A2F927B160A143D94072B0DCE232E04B751F0C6432A94E05164E716D | |||
| 744 | ATLauncher-setup-1.3.0.0.tmp | C:\Users\admin\AppData\Roaming\ATLauncher\is-KSTNJ.tmp | executable | |
MD5:F3C500E605567034D194EA0FC2A7A6F0 | SHA256:A5ECD778D72A6725D21147278AB537B9E2ABDB7CC4A6DA93E0AEE0F7D52E4991 | |||
| 744 | ATLauncher-setup-1.3.0.0.tmp | C:\Users\admin\AppData\Roaming\ATLauncher\unins000.exe | executable | |
MD5:F3C500E605567034D194EA0FC2A7A6F0 | SHA256:A5ECD778D72A6725D21147278AB537B9E2ABDB7CC4A6DA93E0AEE0F7D52E4991 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
34
DNS requests
12
Threats
4
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 302 | 140.82.121.3:443 | https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.9%2B9.1/OpenJDK17U-jre_x64_windows_hotspot_17.0.9_9.zip | unknown | — | — | — |
2104 | svchost.exe | GET | 200 | 23.216.77.6:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
2104 | svchost.exe | GET | 200 | 23.35.229.160:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
— | — | POST | 500 | 20.83.72.98:443 | https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail | unknown | xml | 512 b | whitelisted |
6404 | RUXIMICS.exe | GET | 304 | 23.35.229.160:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
— | — | GET | 200 | 104.22.69.118:443 | https://download.nodecdn.net/containers/atl/ATLauncher.exe | unknown | executable | 27.4 Mb | — |
— | — | POST | 500 | 20.83.72.98:443 | https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail | unknown | xml | 512 b | whitelisted |
— | — | GET | 200 | 104.22.69.118:443 | https://download.nodecdn.net/containers/atl/launcher/json/config.json | unknown | binary | 4.53 Kb | — |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
2104 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 192.168.100.255:137 | — | — | — | whitelisted |
6404 | RUXIMICS.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2104 | svchost.exe | 23.216.77.6:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
2104 | svchost.exe | 23.35.229.160:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
6404 | RUXIMICS.exe | 23.35.229.160:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
2104 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
744 | ATLauncher-setup-1.3.0.0.tmp | 172.67.11.201:443 | download.nodecdn.net | CLOUDFLARENET | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
download.nodecdn.net |
| unknown |
github.com |
| whitelisted |
objects.githubusercontent.com |
| whitelisted |
activation-v2.sls.microsoft.com |
| whitelisted |
sentry.io |
| whitelisted |
api.atlauncher.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
— | — | Potential Corporate Privacy Violation | ET INFO PE EXE or DLL Windows file download HTTP |
— | — | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] InnoSetup Installer |
— | — | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] InnoSetup Installer |
— | — | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] InnoSetup Installer |