File name:

digalo.exe

Full analysis: https://app.any.run/tasks/4f0724dc-f773-45a7-a653-cb9586bb6b6b
Verdict: Malicious activity
Analysis date: July 17, 2024, 21:11:09
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
MD5:

E8BA85FF20389845E03B1FD1F5D0C963

SHA1:

5F61F5F398FBB7E0966DE7B05E6C98A3D9384EF1

SHA256:

57DA593B12CF6BA6C42710CFECAA68EA0BC1E4F0B4BE920F888FC342D7798255

SSDEEP:

98304:5BK9k3VfnYyhw9zQpF4hHMbWBtRaBfMUW0hCj2ZOHuAkogjmzAZVEbxhfk0Adwp9:1rVcwVDW8lrGT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Setup.exe (PID: 3192)
      • digalo.exe (PID: 3204)
      • _INS5576._MP (PID: 2752)

    • Creates a writable file in the system directory

      • _INS5576._MP (PID: 2752)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • digalo.exe (PID: 3204)
      • Setup.exe (PID: 3192)
      • _INS5576._MP (PID: 2752)

    • Starts application with an unusual extension

      • Setup.exe (PID: 3192)

    • Process drops legitimate windows executable

      • _INS5576._MP (PID: 2752)

    • Creates file in the systems drive root

      • _ISDel.exe (PID: 2108)

    • Creates a software uninstall entry

      • _INS5576._MP (PID: 2752)

    • Creates/Modifies COM task schedule object

      • _INS5576._MP (PID: 2752)

  • INFO

    • Create files in a temporary directory

      • Setup.exe (PID: 3192)
      • digalo.exe (PID: 3204)
      • _INS5576._MP (PID: 2752)

    • Reads the computer name

      • Setup.exe (PID: 3192)
      • _INS5576._MP (PID: 2752)
      • _ISDel.exe (PID: 2108)

    • Checks supported languages

      • digalo.exe (PID: 3204)
      • Setup.exe (PID: 3192)
      • _INS5576._MP (PID: 2752)
      • _ISDel.exe (PID: 2108)
      • DigaloRegister.exe (PID: 3652)
      • Digalo_Rus.exe (PID: 3684)

    • Creates files in the program directory

      • _INS5576._MP (PID: 2752)

    • Application launched itself

      • msedge.exe (PID: 3884)
      • msedge.exe (PID: 2080)

    • Manual execution by a user

      • msedge.exe (PID: 3884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ 4.x (53)
.exe | InstallShield setup (16.9)
.exe | Win32 Executable MS Visual C++ (generic) (12.2)
.exe | Win64 Executable (generic) (10.8)
.dll | Win32 Dynamic Link Library (generic) (2.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1999:01:07 18:10:41+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 5
CodeSize: 72192
InitializedDataSize: 72704
UninitializedDataSize: -
EntryPoint: 0xce00
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.4.1.0
ProductVersionNumber: 2.4.1.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: InstallShield Software Corporation
FileDescription: PackageForTheWeb Stub
FileVersion: 2.04.001
InternalName: STUB.EXE
LegalCopyright: Copyright © 1996-1999 InstallShield Software Corporation
OriginalFileName: STUB32.EXE
ProductName: PackageForTheWeb Stub
ProductVersion: 2.04.001
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
67
Monitored processes
28
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start digalo.exe setup.exe _ins5576._mp _isdel.exe no specs msedge.exe no specs msedge.exe no specs digalo_rus.exe no specs digaloregister.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs digalo.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
964"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1104 --field-trial-handle=1344,i,16637626513456856211,16669444418902765216,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1168"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3124 --field-trial-handle=1432,i,14919404926795313164,6587536648394202271,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1172"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1656 --field-trial-handle=1432,i,14919404926795313164,6587536648394202271,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2036"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1276 --field-trial-handle=1344,i,16637626513456856211,16669444418902765216,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2080"C:\Program Files\Microsoft\Edge\Application\msedge.exe" "%1" C:\Program Files\Digalo\Digalo 2000 Russian\Russian\Digalo Russian.htmC:\Program Files\Microsoft\Edge\Application\msedge.exe_INS5576._MP
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2108C:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\_ISDEL.EXEC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\_ISDel.exeSetup.exe
User:
admin
Company:
InstallShield Software Corporation
Integrity Level:
HIGH
Description:
32-bit InstallShield Deleter.
Exit code:
0
Version:
5, 51, 138, 0
Modules
Images
c:\users\admin\appdata\local\temp\pfteeb4~tmp\_isdel.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
2180"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2748 --field-trial-handle=1432,i,14919404926795313164,6587536648394202271,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2256"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=880 --field-trial-handle=1432,i,14919404926795313164,6587536648394202271,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2424"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2164 --field-trial-handle=1432,i,14919404926795313164,6587536648394202271,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2580"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0x170,0x174,0x178,0x144,0x180,0x6ab9f598,0x6ab9f5a8,0x6ab9f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
Total events
10 593
Read events
10 496
Write events
90
Delete events
7

Modification events

(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digalo 2000 Russian
Operation:writeName:UninstallString
Value:
C:\Windows\IsUninst.exe -f"C:\Program Files\Digalo\Digalo 2000 Russian\Uninst.isu"
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe
Operation:writeName:Path
Value:
C:\Program Files\Digalo\Digalo 2000 Russian
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digalo 2000 Russian
Operation:writeName:DisplayName
Value:
Digalo 2000 Russian
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Operation:writeName:C:\Windows\system32\DIGALO.DLL
Value:
1
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Operation:writeName:C:\Windows\system32\DigaloRegister.exe
Value:
1
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EEA4F90-7FDB-11d3-998A-00105A40EA60}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Voice\TextToSpeech\Engine
Operation:writeName:Digalo
Value:
{7EEA4F90-7FDB-11d3-998A-00105A40EA60}
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Elan Text To Speech\Digalo\NICOLAI
Operation:writeName:data
Value:
C:\Program Files\Digalo\Digalo 2000 Russian\RUSSIAN\DATA
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Elan Text To Speech\Digalo\NICOLAI
Operation:writeName:CustomCmdLine
Value:
/d "C:\Program Files\Digalo\Digalo 2000 Russian\RUSSIAN\DATA\NICOLAI.dat"
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Elan Text To Speech\Digalo\Voices\{D1829431-B467-11d3-9A09-00105A40EA60}
Operation:writeName:Cmd
Value:
NICOLAI
Executable files
20
Suspicious files
47
Text files
37
Unknown types
1

Dropped files

PID
Process
Filename
Type
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\pftw1.pkg
MD5:
SHA256:
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\data1.cab
MD5:
SHA256:
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\layout.binbinary
MD5:128108F663DBD9DB35D1FD6306095EC9
SHA256:9309560F0C039DFC9D06162731F35469B0928FA9C3772556D093E9E7300D94C2
3204digalo.exeC:\Users\admin\AppData\Local\Temp\extEE93.tmpini
MD5:B6DD0342AB6EA3E3EE1A84E11C254CB3
SHA256:9A86326D62AEA574D7D4CEE83412AB0A6493B1D44531D5ACD6091FFC5EA67D6D
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\data1.hdrcompressed
MD5:6ECD84B547BEBCF193FFB73ED1645F3B
SHA256:2EA7762C6DB7D701819D49550C0419EE9C0CFCEC3E1106D3F2729A158770ECFB
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\lang.datini
MD5:70627BD56FE92A5C97027CBBD88BACD0
SHA256:B67A09F3FE25B08025810BBB20B8FAE05672D0A723F2DBED84F04224A89E6344
3192Setup.exeC:\Users\admin\AppData\Local\Temp\_ISTMP1.DIR\_INS5576._MPexecutable
MD5:D28CB295E2395B3593293470E7784512
SHA256:A8657371F03E2E66DB951C3DCD3AEB42C576894908CA2EB1B3806AA0404CB083
3204digalo.exeC:\Users\admin\AppData\Local\Temp\plfEE92.tmpini
MD5:B6DD0342AB6EA3E3EE1A84E11C254CB3
SHA256:9A86326D62AEA574D7D4CEE83412AB0A6493B1D44531D5ACD6091FFC5EA67D6D
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\_user1.hdrcompressed
MD5:C9402B48D74A4AAC05BBB710F69F7A77
SHA256:C97B8127C9CE3D3CF19F8FF629C686D5A18E9AD0164203843EEEAC43FF3BB3D1
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\_user1.cabcompressed
MD5:881BAC18BB46F8501BFF4C9702379B30
SHA256:4EBA43D99D5C1D9E9A63C3F436D072EE7F9AE838F9F5448600BD6D001184C1BE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
20
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
whitelisted
1060
svchost.exe
GET
304
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?11acddbe1ebd82b3
unknown
whitelisted
1372
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1372
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
1060
svchost.exe
224.0.0.252:5355
whitelisted
1372
svchost.exe
23.50.131.200:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
3884
msedge.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.46
  • 172.217.168.238
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
ctldl.windowsupdate.com
  • 23.50.131.200
  • 23.50.131.216
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
russian.htm
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
www.bing.com
  • 104.126.37.137
  • 104.126.37.176
  • 104.126.37.128
  • 104.126.37.130
  • 104.126.37.178
  • 104.126.37.171
  • 104.126.37.136
  • 104.126.37.186
  • 104.126.37.177
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
digalo.exe