File name: | setup.exe |
Full analysis: | https://app.any.run/tasks/a82cbcd0-e066-4241-97d9-94acb169fa6a |
Verdict: | Malicious activity |
Analysis date: | August 18, 2024, 18:59:13 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 49EAB6D1280052BDC15ADB5E2A45603A |
SHA1: | 405CFA122FFE42F8A8B4703894DD7912936D7C5B |
SHA256: | 823CF8D1E6E17C7FD1F771D400F75F7D6EA1C31532EA41E22EBE153F52D6A202 |
SSDEEP: | 98304:T9e/RPxF9CWnoZtd249lLt9OfsnTdbFvbN3QwttPpwlX/p7hN05w6QLAlZbOAzmp:Y5k4EG |
.exe | | | Win64 Executable (generic) (64.6) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (15.4) |
.exe | | | Win32 Executable (generic) (10.5) |
.exe | | | Generic Win/DOS Executable (4.6) |
.exe | | | DOS Executable Generic (4.6) |
CompanyName: | SW Team |
---|---|
SquirrelAwareVersion: | 1 |
ProductVersion: | 1.124.0 |
ProductName: | EDV_Configurations_Global |
OriginalFileName: | Setup.exe |
LegalCopyright: | Copyright © 2024 SW Team |
InternalName: | Setup.exe |
FileVersion: | 1.124.0 |
FileDescription: | EDV_Configurations_Global |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 1.124.0.0 |
FileVersionNumber: | 1.124.0.0 |
Subsystem: | Windows GUI |
SubsystemVersion: | 6 |
ImageVersion: | - |
OSVersion: | 6 |
EntryPoint: | 0xab5c |
UninitializedDataSize: | - |
InitializedDataSize: | 3551232 |
CodeSize: | 119808 |
LinkerVersion: | 14.16 |
PEType: | PE32 |
ImageFileCharacteristics: | Executable, 32-bit |
TimeStamp: | 2020:09:27 18:20:07+00:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
6360 | "C:\Users\admin\AppData\Local\Temp\setup.exe" | C:\Users\admin\AppData\Local\Temp\setup.exe | explorer.exe | ||||||||||||
User: admin Company: SW Team Integrity Level: MEDIUM Description: EDV_Configurations_Global Exit code: 0 Version: 1.124.0 Modules
| |||||||||||||||
6376 | "C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe" --install . | C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe | setup.exe | ||||||||||||
User: admin Company: GitHub Integrity Level: MEDIUM Description: Update Exit code: 0 Version: 2.0.1.1 Modules
| |||||||||||||||
6464 | "C:\Users\admin\AppData\Local\Global\app-1.124.0\Updater.exe" --squirrel-firstrun | C:\Users\admin\AppData\Local\Global\app-1.124.0\Updater.exe | Update.exe | ||||||||||||
User: admin Company: Updater Integrity Level: MEDIUM Description: Updater Exit code: 2147516547 Version: 1.0.0.0 Modules
| |||||||||||||||
6852 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.25&gui=true | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Updater.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
6892 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x31c,0x320,0x324,0x314,0x32c,0x7fffcbc65fd8,0x7fffcbc65fe4,0x7fffcbc65ff0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
7108 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2392 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
7120 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2600 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
6288 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2748 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
1680 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3424 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
872 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3692 --field-trial-handle=2412,i,7690632538679618396,2937228097387002883,262144 --variations-seed-version /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
|
(PID) Process: | (6376) Update.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (6376) Update.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (6376) Update.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (6376) Update.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 | |||
(PID) Process: | (6376) Update.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global |
Operation: | write | Name: | DisplayName |
Value: EDV_Configurations_Global | |||
(PID) Process: | (6376) Update.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global |
Operation: | write | Name: | DisplayVersion |
Value: 1.124.0 | |||
(PID) Process: | (6376) Update.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global |
Operation: | write | Name: | InstallDate |
Value: 20240818 | |||
(PID) Process: | (6376) Update.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global |
Operation: | write | Name: | InstallLocation |
Value: C:\Users\admin\AppData\Local\Global | |||
(PID) Process: | (6376) Update.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global |
Operation: | write | Name: | Publisher |
Value: SW Team | |||
(PID) Process: | (6376) Update.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Global |
Operation: | write | Name: | QuietUninstallString |
Value: "C:\Users\admin\AppData\Local\Global\Update.exe" --uninstall -s |
PID | Process | Filename | Type | |
---|---|---|---|---|
6376 | Update.exe | C:\Users\admin\AppData\Local\Global\app-1.124.0\Global\IHMConfigGeral.zml | — | |
MD5:— | SHA256:— | |||
6376 | Update.exe | C:\Users\admin\AppData\Local\Global\app-1.124.0\DeltaCompressionDotNet.PatchApi.dll | executable | |
MD5:A1E92E6CDA95789E88B732EAFA276B2B | SHA256:684DC7547BD5490184BC76E7F4B80CF40869F817A12E964DFC502C3F3DB07515 | |||
6376 | Update.exe | C:\Users\admin\AppData\Local\Global\app-1.124.0\DeltaCompressionDotNet.MsDelta.dll | executable | |
MD5:C848A2F5FA5FEAA71409795E8E8C69D0 | SHA256:1CE872ED466A8A3466C808A7BABF3B597EC12E1CB84870E7A0CF00B2F5EF6DF4 | |||
6360 | setup.exe | C:\Users\admin\AppData\Local\SquirrelTemp\Global-1.124.0-full.nupkg | compressed | |
MD5:BDCD42A2B5C9A937EEE2CC33BFB61814 | SHA256:6D2774259F8E0C8A827B372E3207BCB7498D6B656D7B7108F1109FE7E8850CBF | |||
6360 | setup.exe | C:\Users\admin\AppData\Local\SquirrelTemp\RELEASES | text | |
MD5:981626C6485CC408F7A67759A19834F3 | SHA256:48B3D8C1E77399F2F2B47FDC52F97B65A4D87AA3FA77D6BC228D5ABA25E797B6 | |||
6376 | Update.exe | C:\Users\admin\AppData\Local\Global\packages\Global-1.124.0-full.nupkg | compressed | |
MD5:BDCD42A2B5C9A937EEE2CC33BFB61814 | SHA256:6D2774259F8E0C8A827B372E3207BCB7498D6B656D7B7108F1109FE7E8850CBF | |||
6376 | Update.exe | C:\Users\admin\AppData\Local\Global\app-1.124.0\Global\EDVLang.zml | binary | |
MD5:6385F39142578A663AA74574DB347210 | SHA256:261BB311817F3AC71E0C512A6F41406C8CE968E0451E9115BE254EA12353A70E | |||
6360 | setup.exe | C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe | executable | |
MD5:A560BAD9E373EA5223792D60BEDE2B13 | SHA256:76359CD4B0349A83337B941332AD042C90351C2BB0A4628307740324C97984CC | |||
6376 | Update.exe | C:\Users\admin\AppData\Local\Global\app-1.124.0\Mono.Cecil.dll | executable | |
MD5:6D6292BC8E698E53E69556ADD6F62442 | SHA256:0F6465CE57A0CBABC37013C8E3C9F110672DE1C127B6192177D59EB1C7809772 | |||
6376 | Update.exe | C:\Users\admin\AppData\Local\Global\app-1.124.0\Mono.Cecil.Rocks.dll | executable | |
MD5:7C9A0C59CE05ABA61485EB46883BA933 | SHA256:822C94D1C2AB96EFEB19BC5F1D304586E70A004D2F44F372377F33F2545EB921 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1948 | svchost.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | unknown |
6812 | backgroundTaskHost.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D | unknown | — | — | unknown |
6852 | msedge.exe | GET | 200 | 23.35.229.160:80 | http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl | unknown | — | — | unknown |
7648 | SIHClient.exe | GET | 200 | 23.35.229.160:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4424 | RUXIMICS.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
3888 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2120 | MoUsoCoreWorker.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
1984 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
6852 | msedge.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
7120 | msedge.exe | 13.107.42.16:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7120 | msedge.exe | 2.22.34.124:443 | aka.ms | AKAMAI-AS | IT | unknown |
7120 | msedge.exe | 204.79.197.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
7120 | msedge.exe | 13.107.6.158:443 | business.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
google.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
aka.ms |
| whitelisted |
edge.microsoft.com |
| whitelisted |
edge-mobile-static.azureedge.net |
| unknown |
business.bing.com |
| whitelisted |
bzib.nelreports.net |
| whitelisted |
dotnet.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
Process | Message |
---|---|
Updater.exe | You must install .NET to run this application.
App: C:\Users\admin\AppData\Local\Global\app-1.124.0\Updater.exe
Architecture: x64
App host version: 6.0.25
.NET location: Not found
Learn about runtime installation:
https://aka.ms/dotnet/app-launch-failed
Download the .NET runtime:
https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.25 |