File name:

setup.exe

Full analysis: https://app.any.run/tasks/a82cbcd0-e066-4241-97d9-94acb169fa6a
Verdict: Malicious activity
Analysis date: August 18, 2024, 18:59:13
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

49EAB6D1280052BDC15ADB5E2A45603A

SHA1:

405CFA122FFE42F8A8B4703894DD7912936D7C5B

SHA256:

823CF8D1E6E17C7FD1F771D400F75F7D6EA1C31532EA41E22EBE153F52D6A202

SSDEEP:

98304:T9e/RPxF9CWnoZtd249lLt9OfsnTdbFvbN3QwttPpwlX/p7hN05w6QLAlZbOAzmp:Y5k4EG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • setup.exe (PID: 6360)
      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6048)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)
      • msiexec.exe (PID: 7648)

    • Executable content was dropped or overwritten

      • setup.exe (PID: 6360)
      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6048)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

    • Reads security settings of Internet Explorer

      • Update.exe (PID: 6376)
      • Updater.exe (PID: 6464)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)

    • Reads the date of Windows installation

      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)

    • Searches for installed software

      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

    • Creates a software uninstall entry

      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

    • Process drops legitimate windows executable

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6048)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)
      • msiexec.exe (PID: 7648)

    • Starts itself from another location

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 7648)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 7648)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 7648)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 7648)

  • INFO

    • Checks supported languages

      • setup.exe (PID: 6360)
      • Updater.exe (PID: 6464)
      • Update.exe (PID: 6376)
      • identity_helper.exe (PID: 7736)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6048)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)
      • msiexec.exe (PID: 7648)
      • msiexec.exe (PID: 6904)
      • identity_helper.exe (PID: 5924)

    • Creates files or folders in the user directory

      • Update.exe (PID: 6376)
      • setup.exe (PID: 6360)

    • Reads the computer name

      • Updater.exe (PID: 6464)
      • Update.exe (PID: 6376)
      • identity_helper.exe (PID: 7736)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)
      • msiexec.exe (PID: 7648)
      • msiexec.exe (PID: 6904)
      • identity_helper.exe (PID: 5924)

    • Reads the machine GUID from the registry

      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)
      • msiexec.exe (PID: 7648)

    • Process checks computer location settings

      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)

    • Reads Microsoft Office registry keys

      • Updater.exe (PID: 6464)
      • msedge.exe (PID: 6852)
      • msedge.exe (PID: 8044)

    • Create files in a temporary directory

      • Update.exe (PID: 6376)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6048)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7800)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

    • Application launched itself

      • msedge.exe (PID: 6852)
      • msedge.exe (PID: 8044)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6852)
      • msiexec.exe (PID: 7648)

    • The process uses the downloaded file

      • msedge.exe (PID: 7368)
      • msedge.exe (PID: 6852)

    • Reads Environment values

      • identity_helper.exe (PID: 7736)
      • identity_helper.exe (PID: 5924)

    • Creates files in the program directory

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 6316)

    • Reads the software policy settings

      • msiexec.exe (PID: 7648)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 7648)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:09:27 18:20:07+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 119808
InitializedDataSize: 3551232
UninitializedDataSize: -
EntryPoint: 0xab5c
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.124.0.0
ProductVersionNumber: 1.124.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: EDV_Configurations_Global
FileVersion: 1.124.0
InternalName: Setup.exe
LegalCopyright: Copyright © 2024 SW Team
OriginalFileName: Setup.exe
ProductName: EDV_Configurations_Global
ProductVersion: 1.124.0
SquirrelAwareVersion: 1
CompanyName: SW Team
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
193
Monitored processes
58
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start setup.exe update.exe updater.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-6.0.33-win-x64.exe windowsdesktop-runtime-6.0.33-win-x64.exe windowsdesktop-runtime-6.0.33-win-x64.exe msiexec.exe msedge.exe msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
872"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3692 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1680"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3424 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2088"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5960 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4376 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5212 --field-trial-handle=2456,i,3208882011790040390,8669757145445242557,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2960"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2700 --field-trial-handle=2456,i,3208882011790040390,8669757145445242557,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3900"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3892 --field-trial-handle=2456,i,3208882011790040390,8669757145445242557,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3916"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6324 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4004"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=5296 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4784"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6456 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
33 133
Read events
32 614
Write events
511
Delete events
8

Modification events

(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global
Operation:writeName:DisplayName
Value:
EDV_Configurations_Global
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global
Operation:writeName:DisplayVersion
Value:
1.124.0
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global
Operation:writeName:InstallDate
Value:
20240818
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Global
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global
Operation:writeName:Publisher
Value:
SW Team
(PID) Process:(6376) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Global\Update.exe" --uninstall -s
Executable files
253
Suspicious files
133
Text files
108
Unknown types
1

Dropped files

PID
Process
Filename
Type
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\Global\IHMConfigGeral.zml
MD5:
SHA256:
6376Update.exeC:\Users\admin\AppData\Local\Global\packages\Global-1.124.0-full.nupkgcompressed
MD5:BDCD42A2B5C9A937EEE2CC33BFB61814
SHA256:6D2774259F8E0C8A827B372E3207BCB7498D6B656D7B7108F1109FE7E8850CBF
6360setup.exeC:\Users\admin\AppData\Local\SquirrelTemp\RELEASEStext
MD5:981626C6485CC408F7A67759A19834F3
SHA256:48B3D8C1E77399F2F2B47FDC52F97B65A4D87AA3FA77D6BC228D5ABA25E797B6
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\DeltaCompressionDotNet.PatchApi.dllexecutable
MD5:A1E92E6CDA95789E88B732EAFA276B2B
SHA256:684DC7547BD5490184BC76E7F4B80CF40869F817A12E964DFC502C3F3DB07515
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\Global\GlobalData.zmlbinary
MD5:B766FDCD56AB257EA691B185C223A363
SHA256:2584C9B5E14CC2A7B8C2113D789437F284DE82A92EC9D27FD178314B85A6FFF6
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\Global\EDVLang.zmlbinary
MD5:6385F39142578A663AA74574DB347210
SHA256:261BB311817F3AC71E0C512A6F41406C8CE968E0451E9115BE254EA12353A70E
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\DeltaCompressionDotNet.dllexecutable
MD5:FFA8AB2E87481D9DA99D224E0389C8D5
SHA256:13950B911243E13269EF2487A00147C824E2223A7FB9103EB21F765C795BE45E
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\Global\permissions.zmlbinary
MD5:1E93A3BCD163926E7B9CA16B8D8BC3CF
SHA256:64C65991FF4D9762226930EC0340740480510160FE2B95FC8FC12A6CBC6219FC
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\NuGet.Squirrel.dllexecutable
MD5:60C9E2F324E237D2AA504E412162D989
SHA256:F5D689AFFE680A5434C79237394F6AB62C73B8FA794553E157FC2856B4A4C8EF
6376Update.exeC:\Users\admin\AppData\Local\Global\app-1.124.0\Newtonsoft.Json.dllexecutable
MD5:86A83A63F12B55FD3718CFBFB577D7DC
SHA256:4816C4276F575E4D85B80633A0DF2EADF29496FE00BDC33CD7843E61373BDE0E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
65
DNS requests
68
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1948
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7648
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6852
msedge.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
6812
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4424
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1984
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6852
msedge.exe
239.255.255.250:1900
whitelisted
7120
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7120
msedge.exe
2.22.34.124:443
aka.ms
AKAMAI-AS
IT
unknown
7120
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
7120
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
aka.ms
  • 2.22.34.124
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.67
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 23.216.77.152
  • 23.216.77.175
whitelisted
dotnet.microsoft.com
  • 13.107.246.67
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted

Threats

No threats detected
Process
Message
Updater.exe
You must install .NET to run this application. App: C:\Users\admin\AppData\Local\Global\app-1.124.0\Updater.exe Architecture: x64 App host version: 6.0.25 .NET location: Not found Learn about runtime installation: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.25
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
setup.exe