File name:

digalo.exe

Full analysis: https://app.any.run/tasks/4f0724dc-f773-45a7-a653-cb9586bb6b6b
Verdict: Malicious activity
Analysis date: July 17, 2024, 21:11:09
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
MD5:

E8BA85FF20389845E03B1FD1F5D0C963

SHA1:

5F61F5F398FBB7E0966DE7B05E6C98A3D9384EF1

SHA256:

57DA593B12CF6BA6C42710CFECAA68EA0BC1E4F0B4BE920F888FC342D7798255

SSDEEP:

98304:5BK9k3VfnYyhw9zQpF4hHMbWBtRaBfMUW0hCj2ZOHuAkogjmzAZVEbxhfk0Adwp9:1rVcwVDW8lrGT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • digalo.exe (PID: 3204)
      • Setup.exe (PID: 3192)
      • _INS5576._MP (PID: 2752)

    • Creates a writable file in the system directory

      • _INS5576._MP (PID: 2752)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • digalo.exe (PID: 3204)
      • Setup.exe (PID: 3192)
      • _INS5576._MP (PID: 2752)

    • Starts application with an unusual extension

      • Setup.exe (PID: 3192)

    • Process drops legitimate windows executable

      • _INS5576._MP (PID: 2752)

    • Creates file in the systems drive root

      • _ISDel.exe (PID: 2108)

    • Creates a software uninstall entry

      • _INS5576._MP (PID: 2752)

    • Creates/Modifies COM task schedule object

      • _INS5576._MP (PID: 2752)

  • INFO

    • Checks supported languages

      • digalo.exe (PID: 3204)
      • Setup.exe (PID: 3192)
      • _INS5576._MP (PID: 2752)
      • _ISDel.exe (PID: 2108)
      • DigaloRegister.exe (PID: 3652)
      • Digalo_Rus.exe (PID: 3684)

    • Reads the computer name

      • Setup.exe (PID: 3192)
      • _INS5576._MP (PID: 2752)
      • _ISDel.exe (PID: 2108)

    • Create files in a temporary directory

      • digalo.exe (PID: 3204)
      • Setup.exe (PID: 3192)
      • _INS5576._MP (PID: 2752)

    • Creates files in the program directory

      • _INS5576._MP (PID: 2752)

    • Application launched itself

      • msedge.exe (PID: 2080)
      • msedge.exe (PID: 3884)

    • Manual execution by a user

      • msedge.exe (PID: 3884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ 4.x (53)
.exe | InstallShield setup (16.9)
.exe | Win32 Executable MS Visual C++ (generic) (12.2)
.exe | Win64 Executable (generic) (10.8)
.dll | Win32 Dynamic Link Library (generic) (2.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1999:01:07 18:10:41+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 5
CodeSize: 72192
InitializedDataSize: 72704
UninitializedDataSize: -
EntryPoint: 0xce00
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.4.1.0
ProductVersionNumber: 2.4.1.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: InstallShield Software Corporation
FileDescription: PackageForTheWeb Stub
FileVersion: 2.04.001
InternalName: STUB.EXE
LegalCopyright: Copyright © 1996-1999 InstallShield Software Corporation
OriginalFileName: STUB32.EXE
ProductName: PackageForTheWeb Stub
ProductVersion: 2.04.001
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
67
Monitored processes
28
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start digalo.exe setup.exe _ins5576._mp _isdel.exe no specs msedge.exe no specs msedge.exe no specs digalo_rus.exe no specs digaloregister.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs digalo.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
964"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1104 --field-trial-handle=1344,i,16637626513456856211,16669444418902765216,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1168"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3124 --field-trial-handle=1432,i,14919404926795313164,6587536648394202271,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1172"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1656 --field-trial-handle=1432,i,14919404926795313164,6587536648394202271,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2036"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1276 --field-trial-handle=1344,i,16637626513456856211,16669444418902765216,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2080"C:\Program Files\Microsoft\Edge\Application\msedge.exe" "%1" C:\Program Files\Digalo\Digalo 2000 Russian\Russian\Digalo Russian.htmC:\Program Files\Microsoft\Edge\Application\msedge.exe_INS5576._MP
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2108C:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\_ISDEL.EXEC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\_ISDel.exeSetup.exe
User:
admin
Company:
InstallShield Software Corporation
Integrity Level:
HIGH
Description:
32-bit InstallShield Deleter.
Exit code:
0
Version:
5, 51, 138, 0
Modules
Images
c:\users\admin\appdata\local\temp\pfteeb4~tmp\_isdel.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\apphelp.dll
2180"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2748 --field-trial-handle=1432,i,14919404926795313164,6587536648394202271,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2256"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=880 --field-trial-handle=1432,i,14919404926795313164,6587536648394202271,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2424"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2164 --field-trial-handle=1432,i,14919404926795313164,6587536648394202271,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2580"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0x170,0x174,0x178,0x144,0x180,0x6ab9f598,0x6ab9f5a8,0x6ab9f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
Total events
10 593
Read events
10 496
Write events
90
Delete events
7

Modification events

(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digalo 2000 Russian
Operation:writeName:UninstallString
Value:
C:\Windows\IsUninst.exe -f"C:\Program Files\Digalo\Digalo 2000 Russian\Uninst.isu"
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe
Operation:writeName:Path
Value:
C:\Program Files\Digalo\Digalo 2000 Russian
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digalo 2000 Russian
Operation:writeName:DisplayName
Value:
Digalo 2000 Russian
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Operation:writeName:C:\Windows\system32\DIGALO.DLL
Value:
1
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Operation:writeName:C:\Windows\system32\DigaloRegister.exe
Value:
1
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EEA4F90-7FDB-11d3-998A-00105A40EA60}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Voice\TextToSpeech\Engine
Operation:writeName:Digalo
Value:
{7EEA4F90-7FDB-11d3-998A-00105A40EA60}
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Elan Text To Speech\Digalo\NICOLAI
Operation:writeName:data
Value:
C:\Program Files\Digalo\Digalo 2000 Russian\RUSSIAN\DATA
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Elan Text To Speech\Digalo\NICOLAI
Operation:writeName:CustomCmdLine
Value:
/d "C:\Program Files\Digalo\Digalo 2000 Russian\RUSSIAN\DATA\NICOLAI.dat"
(PID) Process:(2752) _INS5576._MPKey:HKEY_LOCAL_MACHINE\SOFTWARE\Elan Text To Speech\Digalo\Voices\{D1829431-B467-11d3-9A09-00105A40EA60}
Operation:writeName:Cmd
Value:
NICOLAI
Executable files
20
Suspicious files
47
Text files
37
Unknown types
1

Dropped files

PID
Process
Filename
Type
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\pftw1.pkg
MD5:
SHA256:
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\data1.cab
MD5:
SHA256:
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\os.datini
MD5:478F65A0B922B6BA0A6CE99E1D15C336
SHA256:BE2292517342DE82D50CEFBACB185E36558FCDFBF686692E7DF08A80331F9BEE
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\Setup.exeexecutable
MD5:71E6DD8A9DE4A9BAF89FCA951768059A
SHA256:5656E87DA0641C9DCFCD0EE8949CE72B3FA6A7D0E8B1FD985A16F6BD6C34CE52
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\setup.bmpimage
MD5:267E5A7592E5F3FB6DD51C1ECA08520E
SHA256:0C903860FC45AFB057B9BA423A2BCE36162BA02B0BA8F530015F954E37B235EF
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\lang.datini
MD5:70627BD56FE92A5C97027CBBD88BACD0
SHA256:B67A09F3FE25B08025810BBB20B8FAE05672D0A723F2DBED84F04224A89E6344
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\SETUP.INIini
MD5:0F2DA5B0680249B9B9AA3D2F25E04D63
SHA256:23E623C8F5E209DC071C10782CC321E8185636A8A7841694D78B8D06D6CC9CDA
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\setup.insins
MD5:C43A1A6A4856A525FE16810C3A72C6B7
SHA256:73237DA19E94C072F8DFB113B192CF35BF959F514A45055EBA4F38EC7903B75E
3204digalo.exeC:\Users\admin\AppData\Local\Temp\pftEEB4~tmp\_inst32i.ex_??_
MD5:6229A86A1D291C311DA49A7D69A49A1F
SHA256:B2FF4E8402A5160C491B1AC7EBA0073FBBE2220DCE107441461B250544EFF35A
3204digalo.exeC:\Users\admin\AppData\Local\Temp\extEE93.tmpini
MD5:B6DD0342AB6EA3E3EE1A84E11C254CB3
SHA256:9A86326D62AEA574D7D4CEE83412AB0A6493B1D44531D5ACD6091FFC5EA67D6D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
20
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
whitelisted
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1372
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1060
svchost.exe
GET
304
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?11acddbe1ebd82b3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1372
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
1060
svchost.exe
224.0.0.252:5355
whitelisted
1372
svchost.exe
23.50.131.200:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
3884
msedge.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.46
  • 172.217.168.238
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
ctldl.windowsupdate.com
  • 23.50.131.200
  • 23.50.131.216
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
russian.htm
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
www.bing.com
  • 104.126.37.137
  • 104.126.37.176
  • 104.126.37.128
  • 104.126.37.130
  • 104.126.37.178
  • 104.126.37.171
  • 104.126.37.136
  • 104.126.37.186
  • 104.126.37.177
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
digalo.exe