analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

setup.exe

Full analysis: https://app.any.run/tasks/a82cbcd0-e066-4241-97d9-94acb169fa6a
Verdict: Malicious activity
Analysis date: August 18, 2024, 18:59:13
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

49EAB6D1280052BDC15ADB5E2A45603A

SHA1:

405CFA122FFE42F8A8B4703894DD7912936D7C5B

SHA256:

823CF8D1E6E17C7FD1F771D400F75F7D6EA1C31532EA41E22EBE153F52D6A202

SSDEEP:

98304:T9e/RPxF9CWnoZtd249lLt9OfsnTdbFvbN3QwttPpwlX/p7hN05w6QLAlZbOAzmp:Y5k4EG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • setup.exe (PID: 6360)
      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6048)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)
      • msiexec.exe (PID: 7648)

    • Executable content was dropped or overwritten

      • setup.exe (PID: 6360)
      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6048)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

    • Reads security settings of Internet Explorer

      • Update.exe (PID: 6376)
      • Updater.exe (PID: 6464)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)

    • Searches for installed software

      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

    • Reads the date of Windows installation

      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)

    • Creates a software uninstall entry

      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

    • Process drops legitimate windows executable

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6048)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)
      • msiexec.exe (PID: 7648)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)

    • Starts itself from another location

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 7648)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 7648)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 7648)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 7648)

  • INFO

    • Creates files or folders in the user directory

      • setup.exe (PID: 6360)
      • Update.exe (PID: 6376)

    • Create files in a temporary directory

      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6048)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

    • Reads the computer name

      • Update.exe (PID: 6376)
      • Updater.exe (PID: 6464)
      • identity_helper.exe (PID: 7736)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)
      • msiexec.exe (PID: 7648)
      • msiexec.exe (PID: 6904)
      • identity_helper.exe (PID: 5924)

    • Checks supported languages

      • setup.exe (PID: 6360)
      • Update.exe (PID: 6376)
      • Updater.exe (PID: 6464)
      • identity_helper.exe (PID: 7736)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6048)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)
      • msiexec.exe (PID: 7648)
      • msiexec.exe (PID: 6904)
      • identity_helper.exe (PID: 5924)

    • Reads the machine GUID from the registry

      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)
      • msiexec.exe (PID: 7648)

    • Process checks computer location settings

      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)

    • Reads Microsoft Office registry keys

      • Updater.exe (PID: 6464)
      • msedge.exe (PID: 6852)
      • msedge.exe (PID: 8044)

    • Application launched itself

      • msedge.exe (PID: 6852)
      • msedge.exe (PID: 8044)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6852)
      • msiexec.exe (PID: 7648)

    • Reads Environment values

      • identity_helper.exe (PID: 7736)
      • identity_helper.exe (PID: 5924)

    • The process uses the downloaded file

      • msedge.exe (PID: 6852)
      • msedge.exe (PID: 7368)

    • Creates files in the program directory

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

    • Reads the software policy settings

      • msiexec.exe (PID: 7648)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 7648)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

CompanyName: SW Team
SquirrelAwareVersion: 1
ProductVersion: 1.124.0
ProductName: EDV_Configurations_Global
OriginalFileName: Setup.exe
LegalCopyright: Copyright © 2024 SW Team
InternalName: Setup.exe
FileVersion: 1.124.0
FileDescription: EDV_Configurations_Global
CharacterSet: Unicode
LanguageCode: English (U.S.)
FileSubtype: -
ObjectFileType: Executable application
FileOS: Windows NT 32-bit
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 1.124.0.0
FileVersionNumber: 1.124.0.0
Subsystem: Windows GUI
SubsystemVersion: 6
ImageVersion: -
OSVersion: 6
EntryPoint: 0xab5c
UninitializedDataSize: -
InitializedDataSize: 3551232
CodeSize: 119808
LinkerVersion: 14.16
PEType: PE32
ImageFileCharacteristics: Executable, 32-bit
TimeStamp: 2020:09:27 18:20:07+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
193
Monitored processes
58
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start setup.exe update.exe updater.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-6.0.33-win-x64.exe windowsdesktop-runtime-6.0.33-win-x64.exe windowsdesktop-runtime-6.0.33-win-x64.exe msiexec.exe msedge.exe msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6360"C:\Users\admin\AppData\Local\Temp\setup.exe" C:\Users\admin\AppData\Local\Temp\setup.exe
explorer.exe
User:
admin
Company:
SW Team
Integrity Level:
MEDIUM
Description:
EDV_Configurations_Global
Exit code:
0
Version:
1.124.0
Modules
Images
c:\users\admin\appdata\local\temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6376"C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe" --install . C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe
setup.exe
User:
admin
Company:
GitHub
Integrity Level:
MEDIUM
Description:
Update
Exit code:
0
Version:
2.0.1.1
Modules
Images
c:\users\admin\appdata\local\squirreltemp\update.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
6464"C:\Users\admin\AppData\Local\Global\app-1.124.0\Updater.exe" --squirrel-firstrunC:\Users\admin\AppData\Local\Global\app-1.124.0\Updater.exe
Update.exe
User:
admin
Company:
Updater
Integrity Level:
MEDIUM
Description:
Updater
Exit code:
2147516547
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\global\app-1.124.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6852"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.25&gui=trueC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Updater.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
6892"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x31c,0x320,0x324,0x314,0x32c,0x7fffcbc65fd8,0x7fffcbc65fe4,0x7fffcbc65ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
7108"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2392 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
7120"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2600 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
6288"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2748 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1680"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3424 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
872"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3692 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
33 133
Read events
32 614
Write events
511
Delete events
8

Modification events

(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global
Operation:writeName:DisplayName
Value:
EDV_Configurations_Global
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global
Operation:writeName:DisplayVersion
Value:
1.124.0
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global
Operation:writeName:InstallDate
Value:
20240818
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Global
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global
Operation:writeName:Publisher
Value:
SW Team
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Global\Update.exe" --uninstall -s
Executable files
253
Suspicious files
133
Text files
108
Unknown types
1

Dropped files

PID
Process
Filename
Type
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\Global\IHMConfigGeral.zml
MD5:
SHA256:
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\DeltaCompressionDotNet.PatchApi.dllexecutable
MD5:A1E92E6CDA95789E88B732EAFA276B2B
SHA256:684DC7547BD5490184BC76E7F4B80CF40869F817A12E964DFC502C3F3DB07515
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\DeltaCompressionDotNet.MsDelta.dllexecutable
MD5:C848A2F5FA5FEAA71409795E8E8C69D0
SHA256:1CE872ED466A8A3466C808A7BABF3B597EC12E1CB84870E7A0CF00B2F5EF6DF4
6360setup.exeC:\Users\admin\AppData\Local\SquirrelTemp\Global-1.124.0-full.nupkgcompressed
MD5:BDCD42A2B5C9A937EEE2CC33BFB61814
SHA256:6D2774259F8E0C8A827B372E3207BCB7498D6B656D7B7108F1109FE7E8850CBF
6360setup.exeC:\Users\admin\AppData\Local\SquirrelTemp\RELEASEStext
MD5:981626C6485CC408F7A67759A19834F3
SHA256:48B3D8C1E77399F2F2B47FDC52F97B65A4D87AA3FA77D6BC228D5ABA25E797B6
6376Update.exeC:\Users\admin\AppData\Local\Global\packages\Global-1.124.0-full.nupkgcompressed
MD5:BDCD42A2B5C9A937EEE2CC33BFB61814
SHA256:6D2774259F8E0C8A827B372E3207BCB7498D6B656D7B7108F1109FE7E8850CBF
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\Global\EDVLang.zmlbinary
MD5:6385F39142578A663AA74574DB347210
SHA256:261BB311817F3AC71E0C512A6F41406C8CE968E0451E9115BE254EA12353A70E
6360setup.exeC:\Users\admin\AppData\Local\SquirrelTemp\Update.exeexecutable
MD5:A560BAD9E373EA5223792D60BEDE2B13
SHA256:76359CD4B0349A83337B941332AD042C90351C2BB0A4628307740324C97984CC
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\Mono.Cecil.dllexecutable
MD5:6D6292BC8E698E53E69556ADD6F62442
SHA256:0F6465CE57A0CBABC37013C8E3C9F110672DE1C127B6192177D59EB1C7809772
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\Mono.Cecil.Rocks.dllexecutable
MD5:7C9A0C59CE05ABA61485EB46883BA933
SHA256:822C94D1C2AB96EFEB19BC5F1D304586E70A004D2F44F372377F33F2545EB921
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
65
DNS requests
68
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1948
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
6812
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
6852
msedge.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
unknown
7648
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4424
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1984
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6852
msedge.exe
239.255.255.250:1900
whitelisted
7120
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7120
msedge.exe
2.22.34.124:443
aka.ms
AKAMAI-AS
IT
unknown
7120
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
7120
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
aka.ms
  • 2.22.34.124
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.67
unknown
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 23.216.77.152
  • 23.216.77.175
whitelisted
dotnet.microsoft.com
  • 13.107.246.67
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted

Threats

No threats detected
Process
Message
Updater.exe
You must install .NET to run this application. App: C:\Users\admin\AppData\Local\Global\app-1.124.0\Updater.exe Architecture: x64 App host version: 6.0.25 .NET location: Not found Learn about runtime installation: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.25
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
setup.exe