File name:

setup.msi

Full analysis: https://app.any.run/tasks/a8590805-ef85-498d-9d5c-438447614144
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 12, 2024, 05:12:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
generated-doc
adware
takemyfile
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {C885E5EF-F5A7-4894-BA6C-A3C7849A169C}, Number of Words: 2, Subject: Apps, Author: NEXITEK LTD, Name of Creating Application: Apps, Template: ;1033, Comments: This installer database contains the logic and data required to install Apps., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Fri May 10 17:45:22 2024, Last Saved Time/Date: Fri May 10 17:45:22 2024, Last Printed: Fri May 10 17:45:22 2024, Number of Pages: 450
MD5:

3F1C43E9532F6ED643DB669DC8823AAA

SHA1:

C17DDD335DAE27C8F8D6BB2DA88953A6676A6FFA

SHA256:

90516B6E70CF233597CF2B54B5908F374797F6391A3D1A9E429F8B414A139301

SSDEEP:

98304:x9ILoiSpkUN/2WGYqr0V5RZlTvJ9jwa8wQ8KI6HMW:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 1064)

    • The DLL Hijacking

      • msiexec.exe (PID: 2312)

  • SUSPICIOUS

    • Checks for Java to be installed

      • msiexec.exe (PID: 2312)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 1064)

    • Reads the Internet Settings

      • msiexec.exe (PID: 2312)
      • MSI7DCA.tmp (PID: 1988)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 2312)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 1064)

  • INFO

    • Manual execution by a user

      • msiexec.exe (PID: 1020)
      • wmpnscfg.exe (PID: 1008)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 1020)

    • Checks supported languages

      • msiexec.exe (PID: 1064)
      • MSI7DCA.tmp (PID: 1988)
      • wmpnscfg.exe (PID: 1008)
      • msiexec.exe (PID: 2312)

    • An automatically generated document

      • runas.exe (PID: 3980)

    • Reads the software policy settings

      • msiexec.exe (PID: 1020)
      • msiexec.exe (PID: 1064)

    • Reads the computer name

      • msiexec.exe (PID: 1064)
      • MSI7DCA.tmp (PID: 1988)
      • wmpnscfg.exe (PID: 1008)
      • msiexec.exe (PID: 2312)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 1064)
      • MSI7DCA.tmp (PID: 1988)
      • msiexec.exe (PID: 2312)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 1064)

    • Application launched itself

      • msiexec.exe (PID: 1064)
      • msedge.exe (PID: 1944)

    • Process checks Powershell version

      • msiexec.exe (PID: 2312)

    • Reads Microsoft Office registry keys

      • msiexec.exe (PID: 2312)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 1064)

    • Create files in a temporary directory

      • MSI7DCA.tmp (PID: 1988)
      • msiexec.exe (PID: 1064)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 1064)

    • Checks proxy server information

      • msiexec.exe (PID: 2312)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 2312)

    • Reads Environment values

      • msiexec.exe (PID: 2312)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (88.6)
.mst | Windows SDK Setup Transform Script (10)
.msi | Microsoft Installer (100)

EXIF

FlashPix

Security: None
CodePage: Windows Latin 1 (Western European)
RevisionNumber: {C885E5EF-F5A7-4894-BA6C-A3C7849A169C}
Words: 2
Subject: Apps
Author: NEXITEK LTD
LastModifiedBy: -
Software: Apps
Template: ;1033
Comments: This installer database contains the logic and data required to install Apps.
Title: Installation Database
Keywords: Installer, MSI, Database
CreateDate: 2024:05:10 17:45:22
ModifyDate: 2024:05:10 17:45:22
LastPrinted: 2024:05:10 17:45:22
Pages: 450
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
63
Monitored processes
26
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start runas.exe no specs msiexec.exe no specs msiexec.exe msiexec.exe msi7dca.tmp no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
924"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1448 --field-trial-handle=1296,i,2223132274783823181,6698391975792226295,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1008"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1020"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\Desktop\setup.msi" C:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1064C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1248"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3880 --field-trial-handle=1296,i,2223132274783823181,6698391975792226295,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1344"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1296,i,2223132274783823181,6698391975792226295,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1568"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3196 --field-trial-handle=1296,i,2223132274783823181,6698391975792226295,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1644"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1552 --field-trial-handle=1296,i,2223132274783823181,6698391975792226295,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1824"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6e05f598,0x6e05f5a8,0x6e05f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1944"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://telixsearch.com/tyyC:\Program Files\Microsoft\Edge\Application\msedge.exe
MSI7DCA.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
16 486
Read events
16 232
Write events
228
Delete events
26

Modification events

(PID) Process:(1020) msiexec.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1064) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1064) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
28040000CE7792122BA4DA01
(PID) Process:(1064) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
546D8F10E2EEC376413CDDEDB467F7EB72F3CFDA55F545947206F31103C04C16
(PID) Process:(1064) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(1064) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:writeName:C:\Config.Msi\
Value:
(PID) Process:(1064) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:C:\Config.Msi\106cc8.rbs
Value:
31106099
(PID) Process:(1064) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:C:\Config.Msi\106cc8.rbsLow
Value:
(PID) Process:(1064) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\037C6B305F0DAAE4F9BAF82D414CA821
Operation:writeName:55435E464F2BDA24DA73E2F419529F73
Value:
C:\Program Files\NEXITEK LTD\Apps\
(PID) Process:(1064) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\037C6B305F0DAAE4F9BAF82D414CA821
Operation:writeName:00000000000000000000000000000000
Value:
C:\Program Files\NEXITEK LTD\Apps\
Executable files
15
Suspicious files
79
Text files
56
Unknown types
1

Dropped files

PID
Process
Filename
Type
1064msiexec.exeC:\Windows\Installer\MSI73BE.tmpexecutable
MD5:9AC5DA40BE505273F6F1B48CE6D159BE
SHA256:6547BAC5E0F08595325B769A6605A6C27B1EB2620A31DC9ECC4185B64882E837
1988MSI7DCA.tmpC:\Users\admin\AppData\Local\Temp\URL7E0B.url
MD5:
SHA256:
1064msiexec.exeC:\Windows\Installer\MSI7B18.tmpbinary
MD5:E5662F0EB657779BF57035661C1FCC72
SHA256:4B00BFB1FF56CC270BF14B0E9F76129C4DB6D76EDA3CC948DD9E017801C107A3
2312msiexec.exeC:\Users\admin\AppData\Local\AdvinstAnalytics\65b2e2115bc9fc7472607c90\1.0.0\tracking.initext
MD5:4252BA2B6E410CDDBE2A8AB1C9BF750A
SHA256:8F56A171B8DAED1CD856D4FA1B0A9A9C7AD1F73C94EF02BDAC8F493631E85FD7
1064msiexec.exeC:\Windows\Installer\MSI7980.tmpexecutable
MD5:C6B7F525BEBDCE408CAE137E6C82FA4C
SHA256:E0EA63E00F640C74DDD0B51A46D4D0601ACDEBDC8B97957FED727F332A96DC90
1064msiexec.exeC:\Windows\Installer\MSI76CC.tmpexecutable
MD5:C6B7F525BEBDCE408CAE137E6C82FA4C
SHA256:E0EA63E00F640C74DDD0B51A46D4D0601ACDEBDC8B97957FED727F332A96DC90
1064msiexec.exeC:\Windows\Installer\MSI7901.tmpexecutable
MD5:8D84543F774C6B280B32B24265E272E8
SHA256:32B60176177D943DF28F931828717F4B52B1434B8C0CD3CA8CC8A424B016B092
1064msiexec.exeC:\Windows\Installer\MSI7244.tmpexecutable
MD5:C6B7F525BEBDCE408CAE137E6C82FA4C
SHA256:E0EA63E00F640C74DDD0B51A46D4D0601ACDEBDC8B97957FED727F332A96DC90
1064msiexec.exeC:\Windows\Installer\MSI7DCA.tmpexecutable
MD5:E014E0A640CEFB49B2A301FF7D00E6C0
SHA256:EDB6A8E18A441E20127545D0663905F051AD4891566049E60D8263D6052E2BE3
1944msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
72
TCP/UDP connections
21
DNS requests
19
Threats
147

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2312
msiexec.exe
POST
200
54.211.30.217:80
http://collect.installeranalytics.com/
unknown
unknown
2312
msiexec.exe
POST
200
54.211.30.217:80
http://collect.installeranalytics.com/
unknown
unknown
2312
msiexec.exe
POST
200
54.211.30.217:80
http://collect.installeranalytics.com/
unknown
unknown
2312
msiexec.exe
POST
200
54.211.30.217:80
http://collect.installeranalytics.com/
unknown
unknown
2312
msiexec.exe
POST
200
54.211.30.217:80
http://collect.installeranalytics.com/
unknown
unknown
2312
msiexec.exe
POST
200
54.211.30.217:80
http://collect.installeranalytics.com/
unknown
unknown
2312
msiexec.exe
POST
200
54.211.30.217:80
http://collect.installeranalytics.com/
unknown
unknown
2312
msiexec.exe
POST
200
54.211.30.217:80
http://collect.installeranalytics.com/
unknown
unknown
2312
msiexec.exe
POST
200
54.211.30.217:80
http://collect.installeranalytics.com/
unknown
unknown
2312
msiexec.exe
POST
200
54.211.30.217:80
http://collect.installeranalytics.com/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2312
msiexec.exe
54.211.30.217:80
collect.installeranalytics.com
AMAZON-AES
US
unknown
4
System
192.168.100.255:137
whitelisted
2020
msedge.exe
104.21.79.52:443
telixsearch.com
CLOUDFLARENET
unknown
1944
msedge.exe
239.255.255.250:1900
unknown
2020
msedge.exe
52.123.243.211:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2020
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2020
msedge.exe
95.100.242.153:443
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
Akamai International B.V.
IT
unknown
2020
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2020
msedge.exe
35.190.80.1:443
a.nel.cloudflare.com
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
collect.installeranalytics.com
  • 54.211.30.217
  • 54.227.134.57
unknown
telixsearch.com
  • 104.21.79.52
  • 172.67.142.97
unknown
config.edge.skype.com
  • 52.123.243.211
  • 52.123.243.200
  • 52.123.224.64
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 95.100.242.153
  • 173.222.245.96
whitelisted
a.nel.cloudflare.com
  • 35.190.80.1
whitelisted
campaigns5.cfd
  • 188.114.96.3
  • 188.114.97.3
unknown
campaigns7.cfd
  • 188.114.97.3
  • 188.114.96.3
unknown
www.bing.com
  • 2.16.135.186
  • 2.16.135.185
  • 2.17.101.26
  • 2.17.101.33
  • 2.16.135.225
  • 2.16.135.224
  • 2.16.135.219
  • 2.16.135.200
  • 2.17.101.48
whitelisted

Threats

PID
Process
Class
Message
2020
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
146 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
setup.msi