File name:

Setup.exe

Full analysis: https://app.any.run/tasks/1329076e-1c42-4fc3-be2c-eb02e1a1d7ce
Verdict: Malicious activity
Analysis date: April 25, 2025, 14:14:35
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
inno
installer
delphi
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

42F5BF7B75F8BC145141C42B805C50B7

SHA1:

15845D740AAC9E66B8015D1702E027E90285829A

SHA256:

6ACCB71D9D8CA6E0D6CEC641C74EA21E6E219EC12619DA91E9FBB49B8FC733E4

SSDEEP:

98304:5FpqUQSA4E9lJrLWpd4dly4FcO3l8Vr0YPQzGkyHlFnUEqcKlo3XZvOIixssZGAl:CBomtOUBn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to run other applications

      • _iu14D2N.tmp (PID: 8076)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Setup.exe (PID: 7496)
      • unins000.exe (PID: 8056)
      • Setup.tmp (PID: 7516)
      • _iu14D2N.tmp (PID: 8076)

    • Process drops legitimate windows executable

      • Setup.tmp (PID: 7516)
      • _iu14D2N.tmp (PID: 8076)

    • Reads the Windows owner or organization settings

      • Setup.tmp (PID: 7516)
      • _iu14D2N.tmp (PID: 8076)

    • Starts application with an unusual extension

      • unins000.exe (PID: 8056)

    • Starts itself from another location

      • unins000.exe (PID: 8056)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 5072)
      • schtasks.exe (PID: 7492)
      • schtasks.exe (PID: 4208)
      • schtasks.exe (PID: 8176)

    • Reads security settings of Internet Explorer

      • _iu14D2N.tmp (PID: 8076)

  • INFO

    • Creates files in the program directory

      • Setup.tmp (PID: 7516)

    • Checks supported languages

      • Setup.tmp (PID: 7516)
      • Setup.exe (PID: 7496)
      • unins000.exe (PID: 8056)
      • _iu14D2N.tmp (PID: 8076)
      • identity_helper.exe (PID: 6872)

    • Create files in a temporary directory

      • Setup.exe (PID: 7496)
      • Setup.tmp (PID: 7516)
      • unins000.exe (PID: 8056)
      • _iu14D2N.tmp (PID: 8076)

    • The sample compiled with english language support

      • Setup.tmp (PID: 7516)
      • _iu14D2N.tmp (PID: 8076)

    • The sample compiled with russian language support

      • Setup.tmp (PID: 7516)

    • Reads the computer name

      • Setup.tmp (PID: 7516)
      • unins000.exe (PID: 8056)
      • _iu14D2N.tmp (PID: 8076)
      • identity_helper.exe (PID: 6872)

    • Creates a software uninstall entry

      • Setup.tmp (PID: 7516)

    • Reads the software policy settings

      • _iu14D2N.tmp (PID: 8076)

    • Compiled with Borland Delphi (YARA)

      • Setup.tmp (PID: 7516)

    • Detects InnoSetup installer (YARA)

      • Setup.exe (PID: 7496)
      • Setup.tmp (PID: 7516)

    • Process checks computer location settings

      • _iu14D2N.tmp (PID: 8076)

    • Application launched itself

      • msedge.exe (PID: 1324)
      • msedge.exe (PID: 2240)

    • Manual execution by a user

      • msedge.exe (PID: 2240)

    • Reads Environment values

      • identity_helper.exe (PID: 6872)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 37888
InitializedDataSize: 17920
UninitializedDataSize: -
EntryPoint: 0x9c14
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Post Trauma Setup
FileVersion:
LegalCopyright: Decepticon
ProductName: Post Trauma
ProductVersion: 1.04
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
194
Monitored processes
61
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start setup.exe setup.tmp sppextcomobj.exe no specs slui.exe no specs unins000.exe _iu14d2n.tmp schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs msedge.exe no specs schtasks.exe no specs conhost.exe no specs msedge.exe no specs schtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
516"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5724 --field-trial-handle=2372,i,5719670914215472321,16740672238848313144,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
720"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3476 --field-trial-handle=2372,i,5719670914215472321,16740672238848313144,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x290,0x294,0x298,0x288,0x2a0,0x7ffc89a55fd8,0x7ffc89a55fe4,0x7ffc89a55ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1164\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5592 --field-trial-handle=2372,i,5719670914215472321,16740672238848313144,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1276"C:\Windows\System32\schtasks.exe" /create /tn "admin" /tr "C:\Windows\System32\cmd.exe /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v admin /t REG_SZ /d \"cmd.exe /c start www.vengvenger.org\" /f" /sc onstart /rl highest /delay 0005:00C:\Windows\SysWOW64\schtasks.exe_iu14D2N.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1324"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://repack.info/C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe_iu14D2N.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1616\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2088"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6804 --field-trial-handle=2372,i,5719670914215472321,16740672238848313144,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2240"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument https://repack.info/C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
6 161
Read events
6 113
Write events
47
Delete events
1

Modification events

(PID) Process:(7516) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Post Trauma_is1
Operation:writeName:MajorVersion
Value:
1
(PID) Process:(7516) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Post Trauma_is1
Operation:writeName:MinorVersion
Value:
4
(PID) Process:(7516) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Post Trauma_is1
Operation:writeName:EstimatedSize
Value:
21509411
(PID) Process:(7516) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Post Trauma_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.1.ee2 (a)
(PID) Process:(7516) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Post Trauma_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\Post Trauma
(PID) Process:(7516) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Post Trauma_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\Post Trauma\
(PID) Process:(7516) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Post Trauma_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Post Trauma
(PID) Process:(7516) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Post Trauma_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(7516) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Post Trauma_is1
Operation:writeName:Inno Setup: Setup Type
Value:
full
(PID) Process:(7516) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Post Trauma_is1
Operation:writeName:Inno Setup: Selected Components
Value:
open,open\url
Executable files
29
Suspicious files
258
Text files
68
Unknown types
0

Dropped files

PID
Process
Filename
Type
7516Setup.tmpC:\Users\admin\AppData\Local\Temp\is-A3LNA.tmp\_isetup\_RegDLL.tmpexecutable
MD5:0EE914C6F0BB93996C75941E1AD629C6
SHA256:4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
7516Setup.tmpC:\Users\admin\AppData\Local\Temp\is-A3LNA.tmp\srep.exeexecutable
MD5:09B45CC49ABCEAF93E249E837A2B0A6E
SHA256:0A5C85EB11DC7130C4191B9899A4F06889861F80BFB104FE167D01A52D04C755
7516Setup.tmpC:\Users\admin\AppData\Local\Temp\is-A3LNA.tmp\_isetup\_iscrypt.dllexecutable
MD5:A69559718AB506675E907FE49DEB71E9
SHA256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
7516Setup.tmpC:\Users\admin\AppData\Local\Temp\is-A3LNA.tmp\zlibwapi.dllexecutable
MD5:3404F4DACF98EFF4D29DCF4A80F3FB10
SHA256:612F178062CE1AE7C0BAEF235CD1AC4559630F67C07D8A3514A5F0AB6D221438
7516Setup.tmpC:\Users\admin\AppData\Local\Temp\is-A3LNA.tmp\ISDone.dllexecutable
MD5:4FEAFA8B5E8CDB349125C8AF0AC43974
SHA256:BB8A0245DCC5C10A1C7181BAD509B65959855009A8105863EF14F2BB5B38AC71
7516Setup.tmpC:\Users\admin\AppData\Local\Temp\is-A3LNA.tmp\_isetup\_setup64.tmpexecutable
MD5:4FF75F505FDDCC6A9AE62216446205D9
SHA256:A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
7516Setup.tmpC:\Users\admin\AppData\Local\Temp\is-A3LNA.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
7516Setup.tmpC:\Users\admin\AppData\Local\Temp\is-A3LNA.tmp\unarc.dllexecutable
MD5:56A2BCECBD3CDDD6F4A35361BF4920D6
SHA256:5FCFAC18758A12E0E717A5189F379922A32B5AC12F26491E638D70B54AE1DCAB
7516Setup.tmpC:\Users\admin\AppData\Local\Temp\is-A3LNA.tmp\English.initext
MD5:36E5E1F4CD1F61BD6AA4BB685D2ACA98
SHA256:8717B34F403DE8468FCC722A2033BEC7A26D63981B86AEAAECD802BA045F9BF1
7516Setup.tmpC:\Users\admin\AppData\Local\Temp\is-A3LNA.tmp\arc.initext
MD5:48172A08D541FBFD8F84E65FFBEE9892
SHA256:C90537C5319165DADDC89C47EA402B465C8BC3AF5059E5C85D20326E4C505BD8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
50
DNS requests
60
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.32.238.107:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
8076
_iu14D2N.tmp
GET
301
172.67.162.196:80
http://url-repack.org/games/OpenRePackSite.txt
unknown
unknown
5496
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
8076
_iu14D2N.tmp
GET
301
172.67.162.196:80
http://url-repack.org/games/OpenRePackSite.txt
unknown
unknown
8076
_iu14D2N.tmp
GET
301
172.67.162.196:80
http://url-repack.org/games/id/StartUpdate.txt
unknown
unknown
8076
_iu14D2N.tmp
GET
301
172.67.162.196:80
http://url-repack.org/games/id/EndUpdate.txt
unknown
unknown
8076
_iu14D2N.tmp
GET
301
172.67.162.196:80
http://url-repack.org/games/id/EndUpdate.txt
unknown
unknown
8076
_iu14D2N.tmp
GET
301
172.67.162.196:80
http://url-repack.org/games/id/StartUpdate.txt
unknown
unknown
8076
_iu14D2N.tmp
GET
301
172.67.162.196:80
http://url-repack.org/games/id/StartUpdate.txt
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
23.32.238.107:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
1852
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
20.190.159.23:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
8076
_iu14D2N.tmp
172.67.162.196:80
url-repack.org
CLOUDFLARENET
US
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.181.238
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.32.238.107
  • 23.32.238.112
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.159.23
  • 20.190.159.75
  • 40.126.31.73
  • 40.126.31.69
  • 40.126.31.128
  • 20.190.159.129
  • 40.126.31.129
  • 40.126.31.131
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
url-repack.org
  • 172.67.162.196
  • 104.21.10.94
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
repack.info
  • 188.114.97.3
  • 188.114.96.3
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup.exe