File name:

setup.exe

Full analysis: https://app.any.run/tasks/a5c1b1f3-a5b7-4d38-9dab-1bba6bcae5d5
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: February 17, 2025, 13:09:20
OS: Windows 11 Professional (build: 22000, 64 bit)
Tags:
inno
installer
delphi
adware
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

052BA40094543B5DFA0A3B3E634EC1C6

SHA1:

CC56B52D30144ACB435F2F0F9F255D012E1FD4B3

SHA256:

6EBB43F783B73A13DC9CBD39D87CB2EBBBBAABD97201352A59A2156392DA7847

SSDEEP:

98304:9O/SMPUQ+/uMLYOCFpAOLX46e/h//oShmxel+YxjyqcQmJQoUa2X8zJneB+peJNS:aRD1jD5EQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ADWARE has been detected (SURICATA)

      • setup.tmp (PID: 448)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • setup.exe (PID: 3004)
      • setup.tmp (PID: 448)

    • Reads the Windows owner or organization settings

      • setup.tmp (PID: 448)

    • Process drops legitimate windows executable

      • setup.tmp (PID: 448)

    • Reads the Internet Settings

      • setup.tmp (PID: 448)

    • Reads security settings of Internet Explorer

      • setup.tmp (PID: 448)

    • Access to an unwanted program domain was detected

      • setup.tmp (PID: 448)

    • There is functionality for taking screenshot (YARA)

      • setup.tmp (PID: 448)

    • Checks Windows Trust Settings

      • setup.tmp (PID: 448)

    • Reads settings of System Certificates

      • setup.tmp (PID: 448)

    • Potential Corporate Privacy Violation

      • setup.tmp (PID: 448)

    • Process requests binary or script from the Internet

      • setup.tmp (PID: 448)

  • INFO

    • Checks supported languages

      • setup.tmp (PID: 448)
      • setup.exe (PID: 3004)
      • FlushFileCache.exe (PID: 2708)
      • identity_helper.exe (PID: 4812)

    • Reads the computer name

      • setup.tmp (PID: 448)
      • FlushFileCache.exe (PID: 2708)

    • Create files in a temporary directory

      • setup.exe (PID: 3004)
      • setup.tmp (PID: 448)

    • The sample compiled with chinese language support

      • setup.tmp (PID: 448)

    • Detects InnoSetup installer (YARA)

      • setup.exe (PID: 3004)
      • setup.tmp (PID: 448)

    • The sample compiled with english language support

      • setup.tmp (PID: 448)

    • Compiled with Borland Delphi (YARA)

      • setup.exe (PID: 3004)
      • setup.tmp (PID: 448)

    • Checks proxy server information

      • setup.tmp (PID: 448)

    • Reads the software policy settings

      • setup.tmp (PID: 448)

    • Reads the machine GUID from the registry

      • setup.tmp (PID: 448)

    • The sample compiled with russian language support

      • setup.tmp (PID: 448)

    • Creates a software uninstall entry

      • setup.tmp (PID: 448)

    • Application launched itself

      • msedge.exe (PID: 3964)
      • msedge.exe (PID: 6044)

    • Manual execution by a user

      • msedge.exe (PID: 6044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:10:02 05:04:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 86016
InitializedDataSize: 53760
UninitializedDataSize: -
EntryPoint: 0x16478
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: The Sims 4 Setup
FileVersion:
LegalCopyright: FitGirl
ProductName: The Sims 4
ProductVersion:
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
146
Monitored processes
38
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start setup.exe #ADWARE setup.tmp flushfilecache.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
448"C:\Users\admin\AppData\Local\Temp\is-9SLC3.tmp\setup.tmp" /SL5="$160320,5610433,140800,C:\Users\admin\Desktop\setup.exe" C:\Users\admin\AppData\Local\Temp\is-9SLC3.tmp\setup.tmp
setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-9slc3.tmp\setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64base.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64con.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
1056"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6060 --field-trial-handle=2076,i,9305733535122855573,1755267280685218147,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1168"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6516 --field-trial-handle=2076,i,9305733535122855573,1755267280685218147,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1276"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6380 --field-trial-handle=2076,i,9305733535122855573,1755267280685218147,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1292"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1988 --field-trial-handle=1992,i,14721342714824970956,11108809071826584536,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
1624"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3416 --field-trial-handle=2076,i,9305733535122855573,1755267280685218147,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1772"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2224 --field-trial-handle=1992,i,14721342714824970956,11108809071826584536,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2124"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6284 --field-trial-handle=2076,i,9305733535122855573,1755267280685218147,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2192"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6356 --field-trial-handle=2076,i,9305733535122855573,1755267280685218147,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2240"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4832 --field-trial-handle=2076,i,9305733535122855573,1755267280685218147,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
12 143
Read events
11 957
Write events
181
Delete events
5

Modification events

(PID) Process:(448) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
C001000059EC932E3D81DB01
(PID) Process:(448) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
22F4B5AE089DD542C79295B3FBDA9B04A049B0CBBBB75DA729678B33EE0CE5DF
(PID) Process:(448) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(448) setup.tmpKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\DirectSound\Speaker Configuration
Operation:writeName:Speaker Configuration
Value:
4
(PID) Process:(448) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(448) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(448) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(448) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(448) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Games\The Sims 4\_Redist\vcredist_x86_2010_sp1_x86.exe
(PID) Process:(448) setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
2B1014B112DBD7D6898D45DED4252927D47E8CDDC2FE37914B25CBCF23D20F5F
Executable files
90
Suspicious files
306
Text files
75
Unknown types
0

Dropped files

PID
Process
Filename
Type
448setup.tmpC:\Users\admin\AppData\Local\Temp\is-J81LS.tmp\innocallback.dllexecutable
MD5:1C55AE5EF9980E3B1028447DA6105C75
SHA256:6AFA2D104BE6EFE3D9A2AB96DBB75DB31565DAD64DD0B791E402ECC25529809F
448setup.tmpC:\Users\admin\AppData\Local\Temp\is-J81LS.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
448setup.tmpC:\Users\admin\AppData\Local\Temp\is-J81LS.tmp\BASS.dllexecutable
MD5:8005750EC63EB5292884AD6183AE2E77
SHA256:DF9F56C4DA160101567B0526845228EE481EE7D2F98391696FA27FE41F8ACF15
448setup.tmpC:\Users\admin\AppData\Local\Temp\is-J81LS.tmp\wintb.dllexecutable
MD5:9436DF49E08C83BAD8DDC906478C2041
SHA256:1910537AA95684142250CA0C7426A0B5F082E39F6FBDBDBA649AECB179541435
448setup.tmpC:\Users\admin\AppData\Local\Temp\is-J81LS.tmp\ISDone.dllexecutable
MD5:4FEAFA8B5E8CDB349125C8AF0AC43974
SHA256:BB8A0245DCC5C10A1C7181BAD509B65959855009A8105863EF14F2BB5B38AC71
448setup.tmpC:\Users\admin\AppData\Local\Temp\is-J81LS.tmp\idp.dllexecutable
MD5:AF555AC9C073F88FE5BF0D677F085025
SHA256:F4FC0187491A9CB89E233197FF72C2405B5EC02E8B8EA640EE68D034DDBC44BB
448setup.tmpC:\Users\admin\AppData\Local\Temp\is-J81LS.tmp\cls-lolzi.dllexecutable
MD5:CEE3AB80E46CE04DB82677285F268C62
SHA256:19B0633A0E37993F25EB9EC986BE3916C4CDC9FD0B1CEEB85D6256B68EF00E6E
448setup.tmpC:\Users\admin\AppData\Local\Temp\is-J81LS.tmp\cls-lolly.dllexecutable
MD5:0EF04BC15FD1B28975AFF2951B857F03
SHA256:F84677643D9977AA1E8A4AA8C85A12665D29A4E8292485A0B4DF846DD161F824
448setup.tmpC:\Users\admin\AppData\Local\Temp\is-J81LS.tmp\cls-lolzi_x64.exeexecutable
MD5:1CDF04881EB33F5D2CDDE21F4D1934E7
SHA256:8CE66660890D99E78A86EF24F185D189EB01DFE3E7028C360958016281D10C89
448setup.tmpC:\Users\admin\AppData\Local\Temp\is-J81LS.tmp\cls-lollypop.dllexecutable
MD5:0EF04BC15FD1B28975AFF2951B857F03
SHA256:F84677643D9977AA1E8A4AA8C85A12665D29A4E8292485A0B4DF846DD161F824
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
127
TCP/UDP connections
147
DNS requests
146
Threats
34

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1760
MoUsoCoreWorker.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?766745eba3b6456d
unknown
whitelisted
1296
svchost.exe
GET
200
2.16.164.42:80
http://www.msftconnecttest.com/connecttest.txt
unknown
whitelisted
448
setup.tmp
HEAD
302
2.19.100.212:80
http://download.microsoft.com/download/1/6/5/165255E7-1014-4D0A-B094-B6A430A6BFFC/vcredist_x64.exe
unknown
whitelisted
HEAD
200
95.101.149.131:443
https://download.microsoft.com/download/1/6/5/165255E7-1014-4D0A-B094-B6A430A6BFFC/vcredist_x64.exe
unknown
HEAD
200
95.101.149.131:443
https://download.microsoft.com/download/1/6/5/165255E7-1014-4D0A-B094-B6A430A6BFFC/vcredist_x86.exe
unknown
448
setup.tmp
HEAD
302
2.19.100.212:80
http://download.microsoft.com/download/1/6/5/165255E7-1014-4D0A-B094-B6A430A6BFFC/vcredist_x86.exe
unknown
whitelisted
HEAD
200
95.101.149.131:443
https://download.microsoft.com/download/2/E/6/2E61CFA4-993B-4DD4-91DA-3737CD5CD6E3/vcredist_x64.exe
unknown
448
setup.tmp
HEAD
302
2.19.100.212:80
http://download.microsoft.com/download/2/E/6/2E61CFA4-993B-4DD4-91DA-3737CD5CD6E3/vcredist_x64.exe
unknown
whitelisted
448
setup.tmp
HEAD
302
2.19.100.212:80
http://download.microsoft.com/download/2/E/6/2E61CFA4-993B-4DD4-91DA-3737CD5CD6E3/vcredist_x86.exe
unknown
whitelisted
HEAD
200
184.30.21.171:443
https://download.microsoft.com/download/2/E/6/2E61CFA4-993B-4DD4-91DA-3737CD5CD6E3/vcredist_x86.exe
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1296
svchost.exe
2.16.164.42:80
Akamai International B.V.
NL
unknown
1760
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1760
MoUsoCoreWorker.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
whitelisted
448
setup.tmp
2.19.100.212:80
download.microsoft.com
AKAMAI-AS
DE
whitelisted
448
setup.tmp
2.19.100.212:443
download.microsoft.com
AKAMAI-AS
DE
whitelisted
448
setup.tmp
2.22.242.131:80
download.visualstudio.microsoft.com
Akamai International B.V.
DE
whitelisted
2860
svchost.exe
23.50.131.216:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
5552
svchost.exe
239.255.255.250:1900
whitelisted
6176
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
  • 23.50.131.216
  • 23.50.131.200
whitelisted
download.microsoft.com
  • 2.19.100.212
whitelisted
download.visualstudio.microsoft.com
  • 2.22.242.131
  • 2.22.242.97
  • 2.22.242.82
  • 2.22.242.114
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
bit.ly
  • 67.199.248.11
  • 67.199.248.10
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
clients2.google.com
  • 142.250.186.110
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted

Threats

PID
Process
Class
Message
1296
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
448
setup.tmp
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
448
setup.tmp
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
448
setup.tmp
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
448
setup.tmp
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
448
setup.tmp
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Inno Download Plugin UA
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
setup.exe