File name:

MBSetup.exe

Full analysis: https://app.any.run/tasks/212e30f6-16ac-4a7f-9f40-6ee0e03f3ac4
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: December 10, 2024, 09:16:46
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-scr
arch-doc
arch-html
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

73E964D096ABEAE2A3EDE695422FD301

SHA1:

C21B85855C2CC928572BA9BBFD07203051B7A074

SHA256:

6BD5DD485B558AE2A89FE7B0101C77FFF6A64E1019F5D75B6FA53298170E1752

SSDEEP:

98304:gYBx86v7Nzwk4/gW22IT1PD2222222721vFdGBeQN0aFvGSSRkrlcfABLqI1D1XH:6XX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • MBAMInstallerService.exe (PID: 5880)

  • SUSPICIOUS

    • Searches for installed software

      • MBSetup.exe (PID: 6744)
      • MBAMInstallerService.exe (PID: 5880)

    • Drops 7-zip archiver for unpacking

      • MBAMInstallerService.exe (PID: 5880)

    • Reads the BIOS version

      • MBSetup.exe (PID: 6744)
      • MBAMService.exe (PID: 6236)

    • The process verifies whether the antivirus software is installed

      • MBSetup.exe (PID: 6744)
      • MBVpnTunnelService.exe (PID: 3772)
      • MBAMInstallerService.exe (PID: 5880)
      • drvinst.exe (PID: 6160)
      • MBAMService.exe (PID: 5240)
      • Malwarebytes.exe (PID: 2124)
      • MBAMWsc.exe (PID: 6768)
      • MBAMService.exe (PID: 6236)

    • Executes as Windows Service

      • MBAMInstallerService.exe (PID: 5880)
      • MBAMService.exe (PID: 6236)

    • Executable content was dropped or overwritten

      • MBAMInstallerService.exe (PID: 5880)
      • MBSetup.exe (PID: 6744)
      • MBVpnTunnelService.exe (PID: 3772)
      • drvinst.exe (PID: 6160)
      • MBAMService.exe (PID: 5240)
      • MBAMService.exe (PID: 6236)

    • Drops a system driver (possible attempt to evade defenses)

      • MBAMInstallerService.exe (PID: 5880)
      • MBVpnTunnelService.exe (PID: 3772)
      • drvinst.exe (PID: 6160)
      • MBAMService.exe (PID: 5240)
      • MBAMService.exe (PID: 6236)

    • The process drops C-runtime libraries

      • MBAMInstallerService.exe (PID: 5880)
      • MBAMService.exe (PID: 6236)

    • Process drops legitimate windows executable

      • MBAMInstallerService.exe (PID: 5880)
      • MBAMService.exe (PID: 6236)

    • Adds/modifies Windows certificates

      • MBAMInstallerService.exe (PID: 5880)
      • MBAMService.exe (PID: 6236)

    • Creates files in the driver directory

      • MBVpnTunnelService.exe (PID: 3772)
      • drvinst.exe (PID: 6160)
      • MBAMService.exe (PID: 5240)
      • MBAMInstallerService.exe (PID: 5880)
      • MBAMService.exe (PID: 6236)

    • The process creates files with name similar to system file names

      • MBAMInstallerService.exe (PID: 5880)

    • Changes Internet Explorer settings (feature browser emulation)

      • MBAMInstallerService.exe (PID: 5880)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 6160)
      • MBAMService.exe (PID: 6236)

    • Creates or modifies Windows services

      • MBAMService.exe (PID: 5240)
      • MBAMService.exe (PID: 6236)

    • Creates/Modifies COM task schedule object

      • MBAMService.exe (PID: 6236)

    • Reads security settings of Internet Explorer

      • MBAMService.exe (PID: 6236)

    • Starts CMD.EXE for commands execution

      • MBSetup.exe (PID: 6744)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 6640)

    • The process drops Mozilla's DLL files

      • MBAMService.exe (PID: 6236)

  • INFO

    • Creates files in the program directory

      • MBSetup.exe (PID: 6744)
      • MBAMInstallerService.exe (PID: 5880)
      • MBVpnTunnelService.exe (PID: 3772)
      • MBAMService.exe (PID: 6236)
      • Malwarebytes.exe (PID: 2124)

    • Checks supported languages

      • MBSetup.exe (PID: 6744)
      • MBAMInstallerService.exe (PID: 5880)
      • MBVpnTunnelService.exe (PID: 3772)
      • drvinst.exe (PID: 6160)
      • MBAMService.exe (PID: 5240)
      • MBAMService.exe (PID: 6236)

    • Reads the machine GUID from the registry

      • MBSetup.exe (PID: 6744)
      • MBAMInstallerService.exe (PID: 5880)
      • drvinst.exe (PID: 6160)
      • MBAMService.exe (PID: 6236)

    • Reads the computer name

      • MBSetup.exe (PID: 6744)
      • MBAMInstallerService.exe (PID: 5880)
      • MBVpnTunnelService.exe (PID: 3772)
      • drvinst.exe (PID: 6160)
      • MBAMService.exe (PID: 5240)
      • MBAMService.exe (PID: 6236)
      • ig.exe (PID: 1412)
      • MBAMWsc.exe (PID: 6768)

    • Create files in a temporary directory

      • MBSetup.exe (PID: 6744)

    • Reads the software policy settings

      • MBAMInstallerService.exe (PID: 5880)
      • MBSetup.exe (PID: 6744)
      • drvinst.exe (PID: 6160)
      • MBAMService.exe (PID: 6236)

    • Checks proxy server information

      • MBSetup.exe (PID: 6744)

    • Adds/modifies Windows certificates

      • drvinst.exe (PID: 6160)

    • Reads Environment values

      • MBAMService.exe (PID: 6236)

    • Reads CPU info

      • MBAMService.exe (PID: 6236)

    • Reads the time zone

      • MBAMService.exe (PID: 6236)

    • Sends debugging messages

      • Malwarebytes.exe (PID: 2124)
      • MBAMService.exe (PID: 6236)

    • The process uses the downloaded file

      • MBAMService.exe (PID: 6236)

    • Manual execution by a user

      • firefox.exe (PID: 6508)

    • Application launched itself

      • firefox.exe (PID: 6196)
      • firefox.exe (PID: 6508)

    • Creates files or folders in the user directory

      • Malwarebytes.exe (PID: 2124)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 6196)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:11:21 14:53:11+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.38
CodeSize: 801792
InitializedDataSize: 1892352
UninitializedDataSize: -
EntryPoint: 0x90c75
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 5.2.3.118
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Malwarebytes
FileDescription: Malwarebytes Setup
FileVersion: 5.2.3.118
LegalCopyright: Copyright (C) 2017 - 2024 Malwarebytes, Inc. All rights reserved.
InternalName: MBSetup.exe
OriginalFileName: MBSetup.exe
ProductName: Malwarebytes
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
169
Monitored processes
41
Malicious processes
8
Suspicious processes
0

Behavior graph

Click at the process to see the details
start mbsetup.exe mbaminstallerservice.exe mbvpntunnelservice.exe conhost.exe no specs drvinst.exe mbamservice.exe mbamservice.exe ig.exe no specs help.exe no specs help.exe no specs ig.exe no specs ig.exe no specs ig.exe no specs ig.exe no specs ig.exe no specs ig.exe no specs ig.exe no specs ig.exe no specs ig.exe no specs malwarebytes.exe ig.exe no specs ig.exe no specs ig.exe no specs ig.exe no specs mbamwsc.exe no specs cmd.exe no specs conhost.exe no specs timeout.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs mbsetup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
396ig.exe reseedC:\Program Files\Malwarebytes\Anti-Malware\ig.exeMBAMService.exe
User:
admin
Company:
MalwareBytes
Integrity Level:
LOW
Description:
Malware Scanner
Exit code:
5242880
Version:
1.0.4.8
Modules
Images
c:\program files\malwarebytes\anti-malware\ig.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
748"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2080 -parentBuildID 20240213221259 -prefsHandle 2012 -prefMapHandle 2004 -prefsLen 31031 -prefMapSize 244583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e69283e1-de06-4da9-ad1e-cbe435c1e077} 6196 "\\.\pipe\gecko-crash-server-pipe.6196" 1ee21aeda10 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
1076ig.exe reseedC:\Program Files\Malwarebytes\Anti-Malware\ig.exeMBAMService.exe
User:
admin
Company:
MalwareBytes
Integrity Level:
LOW
Description:
Malware Scanner
Exit code:
13893632
Version:
1.0.4.8
Modules
Images
c:\program files\malwarebytes\anti-malware\ig.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1348"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4920 -parentBuildID 20240213221259 -sandboxingKind 0 -prefsHandle 4052 -prefMapHandle 4056 -prefsLen 36588 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d4c41fa-a7e1-4670-833b-25353e84d4ee} 6196 "\\.\pipe\gecko-crash-server-pipe.6196" 1ee2bf8e110 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
1400ig.exe reseedC:\Program Files\Malwarebytes\Anti-Malware\ig.exeMBAMService.exe
User:
admin
Company:
MalwareBytes
Integrity Level:
LOW
Description:
Malware Scanner
Exit code:
6029312
Version:
1.0.4.8
Modules
Images
c:\program files\malwarebytes\anti-malware\ig.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1412ig.exe secureC:\Users\admin\AppData\LocalLow\IGDump\sec\ig.exeMBAMService.exe
User:
admin
Company:
MalwareBytes
Integrity Level:
LOW
Description:
Malware Scanner
Exit code:
3235811341
Version:
1.0.4.8
Modules
Images
c:\program files\malwarebytes\anti-malware\ig.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1460"C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\admin\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"C:\Program Files\Mozilla Firefox\firefox.execmd.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
HIGH
Description:
Firefox
Exit code:
0
Version:
123.0
1888ig.exe reseedC:\Program Files\Malwarebytes\Anti-Malware\ig.exeMBAMService.exe
User:
admin
Company:
MalwareBytes
Integrity Level:
LOW
Description:
Malware Scanner
Exit code:
2818048
Version:
1.0.4.8
Modules
Images
c:\program files\malwarebytes\anti-malware\ig.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1920ig.exe reseedC:\Program Files\Malwarebytes\Anti-Malware\ig.exeMBAMService.exe
User:
admin
Company:
MalwareBytes
Integrity Level:
LOW
Description:
Malware Scanner
Exit code:
15532032
Version:
1.0.4.8
Modules
Images
c:\program files\malwarebytes\anti-malware\ig.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
2092c:\windows\system32\help.exe /?C:\Windows\SysWOW64\help.exeig.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Command Line Help Utility
Exit code:
3221225506
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\help.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
256 812
Read events
255 878
Write events
909
Delete events
25

Modification events

(PID) Process:(6744) MBSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes
Operation:writeName:id
Value:
1a7720736cff4e75ae07a4a5aca822d7
(PID) Process:(6744) MBSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Malwarebytes
Operation:writeName:id
Value:
1a7720736cff4e75ae07a4a5aca822d7
(PID) Process:(6744) MBSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\mbamtestkey
Operation:delete keyName:(default)
Value:
(PID) Process:(6744) MBSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Malwarebytes
Operation:delete valueName:IrisFirstRun
Value:
(PID) Process:(6744) MBSetup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMInstallerService\Parameters
Operation:writeName:UserName
Value:
admin
(PID) Process:(6744) MBSetup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMInstallerService\Parameters
Operation:writeName:ProductCode
Value:
MBAM-C
(PID) Process:(6744) MBSetup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMInstallerService\Parameters
Operation:writeName:ProductBuild
Value:
consumer
(PID) Process:(6744) MBSetup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMInstallerService\Parameters
Operation:writeName:ProgramDirectory
Value:
C:\Program Files\Malwarebytes\Anti-Malware
(PID) Process:(6744) MBSetup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMInstallerService\Parameters
Operation:writeName:LocalAppDataDir
Value:
C:\Users\admin\AppData\Local
(PID) Process:(6744) MBSetup.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMInstallerService\Parameters
Operation:writeName:Channel
Value:
release
Executable files
1 282
Suspicious files
310
Text files
118
Unknown types
17

Dropped files

PID
Process
Filename
Type
5880MBAMInstallerService.exeC:\Windows\Temp\MBInstallTemp8bd36fafb6d711efa319525400ee3f05\ctlrpkg.7z
MD5:
SHA256:
5880MBAMInstallerService.exeC:\Windows\Temp\MBInstallTemp8bd36fafb6d711efa319525400ee3f05\dbclspkg.7z
MD5:
SHA256:
5880MBAMInstallerService.exeC:\Windows\Temp\MBInstallTemp8bd36fafb6d711efa319525400ee3f05\dotnetpkg.7z
MD5:
SHA256:
6744MBSetup.exeC:\Program Files (x86)\mbamtestfile.dattext
MD5:9F06243ABCB89C70E0C331C61D871FA7
SHA256:837CCB607E312B170FAC7383D7CCFD61FA5072793F19A25E75FBACB56539B86B
6744MBSetup.exeC:\Windows\SysWOW64\drivers\mbamtestfile.dattext
MD5:9F06243ABCB89C70E0C331C61D871FA7
SHA256:837CCB607E312B170FAC7383D7CCFD61FA5072793F19A25E75FBACB56539B86B
5880MBAMInstallerService.exeC:\Windows\Temp\MBInstallTemp8bd36fafb6d711efa319525400ee3f05\servicepkg\MBAMService.exeexecutable
MD5:A91250EE015E44503B78B787BD444558
SHA256:A43179B449C2BAB069CFC055DE0A3E9E5F3BA378FE4306C19F2B999325A2C7B2
5880MBAMInstallerService.exeC:\Windows\Temp\MBInstallTemp8bd36fafb6d711efa319525400ee3f05\servicepkg\mbamelam.sysexecutable
MD5:9E77C51E14FA9A323EE1635DC74ECC07
SHA256:B5619D758AE6A65C1663F065E53E6B68A00511E7D7ACCB3E07ED94BFD0B1EDE0
5880MBAMInstallerService.exeC:\Windows\Temp\MBInstallTemp8bd36fafb6d711efa319525400ee3f05\ctlrpkg\Assistant.runtimeconfig.jsonbinary
MD5:D94CF983FBA9AB1BB8A6CB3AD4A48F50
SHA256:1ECA0F0C70070AA83BB609E4B749B26DCB4409784326032726394722224A098A
5880MBAMInstallerService.exeC:\Windows\Temp\MBInstallTemp8bd36fafb6d711efa319525400ee3f05\7z.dllexecutable
MD5:3430E2544637CEBF8BA1F509ED5A27B1
SHA256:BB01C6FBB29590D6D144A9038C2A7736D6925A6DBD31889538AF033E03E4F5FA
5880MBAMInstallerService.exeC:\Windows\Temp\MBInstallTemp8bd36fafb6d711efa319525400ee3f05\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.jsonbinary
MD5:D94CF983FBA9AB1BB8A6CB3AD4A48F50
SHA256:1ECA0F0C70070AA83BB609E4B749B26DCB4409784326032726394722224A098A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
43
TCP/UDP connections
111
DNS requests
144
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
732
svchost.exe
GET
200
2.16.164.106:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.106:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
732
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
900
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6236
MBAMService.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl
unknown
whitelisted
900
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6236
MBAMService.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEQCeArDpSs6yEJyh6YNr4MLb
unknown
whitelisted
6684
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5064
SearchApp.exe
2.23.209.174:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.106:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
732
svchost.exe
2.16.164.106:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
732
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
6744
MBSetup.exe
35.161.133.102:443
api2.amplitude.com
AMAZON-02
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
www.bing.com
  • 2.23.209.174
  • 2.23.209.181
  • 2.23.209.178
  • 2.23.209.179
  • 2.23.209.182
  • 2.23.209.180
  • 2.23.209.177
  • 2.23.209.176
  • 2.23.209.175
whitelisted
google.com
  • 142.250.74.206
whitelisted
crl.microsoft.com
  • 2.16.164.106
  • 2.16.164.18
  • 2.16.164.49
  • 2.16.164.9
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 88.221.169.152
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
api2.amplitude.com
  • 35.161.133.102
  • 54.212.252.60
  • 34.214.109.82
  • 44.235.221.250
  • 52.35.139.248
  • 52.13.236.220
  • 54.69.46.188
  • 52.38.221.45
  • 35.82.180.25
  • 44.233.23.172
  • 52.40.73.208
  • 44.240.28.238
  • 34.212.71.236
  • 52.33.78.68
  • 54.68.71.145
  • 35.160.7.224
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
login.live.com
  • 20.190.159.23
  • 20.190.159.73
  • 20.190.159.68
  • 40.126.31.67
  • 20.190.159.64
  • 20.190.159.71
  • 40.126.31.69
  • 20.190.159.0
whitelisted
ark.mwbsys.com
  • 54.175.117.118
  • 54.152.220.63
  • 3.234.117.85
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MBSetup.exe