File name:

netsetman_setup_532.exe

Full analysis: https://app.any.run/tasks/da0f1d08-7bb1-4e01-b408-2c8fe7e235c3
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: August 06, 2024, 08:26:50
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

A3E1C5DA813D4B4DB7DE3A420FAD3157

SHA1:

7626CD5AA17F79663037A1C065ADBB6E0852DBE9

SHA256:

6CE302824C874A08C0E84D16E92E78E82914EA7BF07B6B773B35C00A4238F18C

SSDEEP:

98304:n+cD4dnQVnbjvkyJrReThsedkZRkbYcj54aUAXkK6wL38OV/WSQHx/FTdGZIZSny:dFuoTwG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • netsetman_setup_532.exe (PID: 6492)
      • netsetman_setup_532.exe (PID: 6584)
      • netsetman_setup_532.tmp (PID: 6608)

    • Actions looks like stealing of personal data

      • netsetman_setup_532.tmp (PID: 6608)

    • Changes the autorun value in the registry

      • netsetman_setup_532.tmp (PID: 6608)

    • Starts NET.EXE for service management

      • cmd.exe (PID: 3980)
      • net.exe (PID: 6572)
      • net.exe (PID: 3144)
      • netsetman_setup_532.tmp (PID: 6608)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • netsetman_setup_532.exe (PID: 6492)
      • netsetman_setup_532.exe (PID: 6584)
      • netsetman_setup_532.tmp (PID: 6608)

    • Reads the date of Windows installation

      • netsetman_setup_532.tmp (PID: 6512)
      • netsetman_setup_532.tmp (PID: 6608)

    • Reads security settings of Internet Explorer

      • netsetman_setup_532.tmp (PID: 6512)
      • netsetman_setup_532.tmp (PID: 6608)

    • Reads the Windows owner or organization settings

      • netsetman_setup_532.tmp (PID: 6608)

    • Searches for installed software

      • netsetman_setup_532.tmp (PID: 6608)
      • nsmservice.exe (PID: 2336)

    • Uses TASKKILL.EXE to kill process

      • netsetman_setup_532.tmp (PID: 6608)

    • Creates or modifies Windows services

      • nsmservice.exe (PID: 4788)

    • Starts CMD.EXE for commands execution

      • nsmservice.exe (PID: 4788)

    • Executes as Windows Service

      • nsmservice.exe (PID: 2336)

  • INFO

    • Create files in a temporary directory

      • netsetman_setup_532.exe (PID: 6492)
      • netsetman_setup_532.exe (PID: 6584)
      • netsetman_setup_532.tmp (PID: 6608)

    • Checks supported languages

      • netsetman_setup_532.exe (PID: 6492)
      • netsetman_setup_532.tmp (PID: 6512)
      • netsetman_setup_532.exe (PID: 6584)
      • netsetman_setup_532.tmp (PID: 6608)
      • nsmservice.exe (PID: 4788)
      • nsmservice.exe (PID: 2336)
      • identity_helper.exe (PID: 6576)

    • Reads the computer name

      • netsetman_setup_532.tmp (PID: 6512)
      • netsetman_setup_532.tmp (PID: 6608)
      • nsmservice.exe (PID: 4788)
      • nsmservice.exe (PID: 2336)
      • identity_helper.exe (PID: 6576)

    • Process checks computer location settings

      • netsetman_setup_532.tmp (PID: 6512)
      • netsetman_setup_532.tmp (PID: 6608)

    • Creates a software uninstall entry

      • netsetman_setup_532.tmp (PID: 6608)

    • Creates files in the program directory

      • netsetman_setup_532.tmp (PID: 6608)

    • Reads Microsoft Office registry keys

      • netsetman_setup_532.tmp (PID: 6512)
      • msedge.exe (PID: 4080)

    • Application launched itself

      • msedge.exe (PID: 4080)

    • Reads Environment values

      • identity_helper.exe (PID: 6576)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 146944
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 5.3.2.0
ProductVersionNumber: 5.3.2.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: NetSetMan GmbH
FileDescription: NetSetMan Setup
FileVersion: 5.3.2
LegalCopyright: Copyright © 2004-2024 Ilja Herlein / NetSetMan GmbH
OriginalFileName:
ProductName: NetSetMan
ProductVersion: 5.3.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
173
Monitored processes
51
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start netsetman_setup_532.exe netsetman_setup_532.tmp no specs netsetman_setup_532.exe netsetman_setup_532.tmp taskkill.exe no specs conhost.exe no specs msedge.exe nsmservice.exe no specs cmd.exe no specs conhost.exe no specs msedge.exe no specs net.exe no specs net1.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs nsmservice.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1964"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2732 --field-trial-handle=2500,i,7179705539357911543,17234966211951769275,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2088\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2336"C:\Program Files (x86)\NetSetMan\nsmservice.exe"C:\Program Files (x86)\NetSetMan\nsmservice.exeservices.exe
User:
SYSTEM
Company:
NetSetMan GmbH
Integrity Level:
SYSTEM
Description:
NetSetMan Service
Version:
3.3.1.0
Modules
Images
c:\program files (x86)\netsetman\nsmservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\msvcp_win.dll
3008"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x31c,0x320,0x324,0x314,0x32c,0x7fffd4775fd8,0x7fffd4775fe4,0x7fffd4775ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3036"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6856 --field-trial-handle=2500,i,7179705539357911543,17234966211951769275,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3144net start nsmServiceC:\Windows\SysWOW64\net.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\net.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
3268C:\WINDOWS\system32\net1 start nsmServiceC:\Windows\SysWOW64\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\sechost.dll
3980cmd.exe /c net start nsmServiceC:\Windows\SysWOW64\cmd.exensmservice.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
2
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
4080"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.netsetman.com/index.php?s=setup&a=update&ver=5.3.2&lng=en&os=16C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
netsetman_setup_532.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4788"C:\Program Files (x86)\NetSetMan\nsmservice.exe" /install /silentC:\Program Files (x86)\NetSetMan\nsmservice.exenetsetman_setup_532.tmp
User:
admin
Company:
NetSetMan GmbH
Integrity Level:
HIGH
Description:
NetSetMan Service
Exit code:
0
Version:
3.3.1.0
Modules
Images
c:\program files (x86)\netsetman\nsmservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
Total events
12 261
Read events
12 131
Write events
126
Delete events
4

Modification events

(PID) Process:(6608) netsetman_setup_532.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
D019000087B4CE68DAE7DA01
(PID) Process:(6608) netsetman_setup_532.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
2648E6C52ADB95F03F7DE2BFF385CAA00AD9989BB9F284460CBD3EEC6550FF4D
(PID) Process:(6608) netsetman_setup_532.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(6608) netsetman_setup_532.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6608) netsetman_setup_532.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6608) netsetman_setup_532.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6608) netsetman_setup_532.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6608) netsetman_setup_532.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files (x86)\NetSetMan\netsetman.exe
(PID) Process:(6608) netsetman_setup_532.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
3CF6D6947CF4013E584B209477BC4516425D5FE66E7AC584F58E446F5F92F3EB
(PID) Process:(6608) netsetman_setup_532.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:NetSetMan
Value:
"C:\Program Files (x86)\NetSetMan\netsetman.exe" -h
Executable files
11
Suspicious files
101
Text files
278
Unknown types
2

Dropped files

PID
Process
Filename
Type
6608netsetman_setup_532.tmpC:\Program Files (x86)\NetSetMan\unins000.exeexecutable
MD5:E31F6BD880442E257B0DA5808BBA0324
SHA256:F3FB5636A1225E5C8B576DE5A6048BB94542E22D02DCEE4A31497F87249B6A06
6608netsetman_setup_532.tmpC:\Program Files (x86)\NetSetMan\netsetman.exeexecutable
MD5:CB7CC0EFEC3CE3B4D6DEC580DBB85B0E
SHA256:1113F51B0A9E087B647E8F2E95E1A01325E8211079ED3EEB0E5F214259CABADE
6584netsetman_setup_532.exeC:\Users\admin\AppData\Local\Temp\is-1JLN6.tmp\netsetman_setup_532.tmpexecutable
MD5:AA6D9FC93581CB518D4C3C7C7A0DA3EB
SHA256:A9EE0F2D51AB47D88CA1BA45898493425B7F0FE3B48C8AC7D16ABC05914BD28C
6608netsetman_setup_532.tmpC:\Program Files (x86)\NetSetMan\is-NK4EB.tmptext
MD5:21D354D317500A7BC289AAB792ED68AE
SHA256:EA5DBA41654F37DCE5925AF6E3E0978E5A01B5E749EA0A4A3271FCEB7789367E
6608netsetman_setup_532.tmpC:\Users\admin\AppData\Local\Temp\is-0PCQ1.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
6608netsetman_setup_532.tmpC:\Program Files (x86)\NetSetMan\is-TVP6R.tmpexecutable
MD5:E31F6BD880442E257B0DA5808BBA0324
SHA256:F3FB5636A1225E5C8B576DE5A6048BB94542E22D02DCEE4A31497F87249B6A06
6608netsetman_setup_532.tmpC:\Program Files (x86)\NetSetMan\is-D147C.tmptext
MD5:EEC5829F79F0DD1DE0ECF1BA4D3960AE
SHA256:AB1408CDB107004AFF8DDEA26B39FC943DCF7240D87C287975A9A6E26B0E9EED
6608netsetman_setup_532.tmpC:\Program Files (x86)\NetSetMan\NSM-Help\is-40461.tmphtml
MD5:FE3D46ECF2427A3D2CADBAA27A1BC216
SHA256:D7929D7F516A9A6E7CB4D04DA21E58139A65567EE9A0D8B49F22CBCFF30CE424
6608netsetman_setup_532.tmpC:\Program Files (x86)\NetSetMan\NSM-Help\nsm5help_br.htmhtml
MD5:FE3D46ECF2427A3D2CADBAA27A1BC216
SHA256:D7929D7F516A9A6E7CB4D04DA21E58139A65567EE9A0D8B49F22CBCFF30CE424
6608netsetman_setup_532.tmpC:\Program Files (x86)\NetSetMan\is-2VO23.tmpexecutable
MD5:CB7CC0EFEC3CE3B4D6DEC580DBB85B0E
SHA256:1113F51B0A9E087B647E8F2E95E1A01325E8211079ED3EEB0E5F214259CABADE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
317
TCP/UDP connections
63
DNS requests
49
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
OPTIONS
503
23.48.23.51:443
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
GET
304
204.79.197.239:443
https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
unknown
GET
301
85.13.135.165:443
https://www.netsetman.com/index.php?s=setup&a=update&ver=5.3.2&lng=en&os=16
unknown
html
283 b
GET
200
204.79.197.239:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
465 b
POST
204
104.126.37.123:443
https://www.bing.com/threshold/xls.aspx
unknown
GET
200
13.107.253.67:443
https://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stable
unknown
binary
12.6 Kb
GET
401
13.107.6.158:443
https://business.bing.com/work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox
unknown
binary
586 b
GET
302
85.13.135.165:443
https://www.netsetman.com/setup?a=update&ver=5.3.2&lng=en&os=16
unknown
html
262 b
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=38&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
735 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
3140
RUXIMICS.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5040
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5040
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4324
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4080
msedge.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.238
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.netsetman.com
  • 85.13.135.165
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.67
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
www.bing.com
  • 104.126.37.179
  • 104.126.37.128
  • 104.126.37.131
  • 104.126.37.130
  • 104.126.37.178
  • 104.126.37.185
  • 104.126.37.184
  • 104.126.37.186
  • 104.126.37.123
  • 104.126.37.155
  • 104.126.37.153
  • 104.126.37.170
  • 104.126.37.139
  • 104.126.37.171
  • 104.126.37.162
  • 104.126.37.145
  • 104.126.37.144
  • 104.126.37.163
whitelisted
bzib.nelreports.net
  • 23.48.23.26
  • 23.48.23.51
whitelisted
update.googleapis.com
  • 216.58.206.67
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
netsetman_setup_532.exe