File name:

Setup.exe

Full analysis: https://app.any.run/tasks/2e48716d-832d-46cb-8cb6-f8c67439fcd2
Verdict: Malicious activity
Analysis date: June 14, 2024, 18:46:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

A81B585F0D38A6EF4337D555049D1920

SHA1:

4CFBF137F42F5A51C3A9D4D31606FC48E1C531D8

SHA256:

9BEE813F5E21837CD4C0F7CDAD6680ACE4A68F47C08CB0D01DA1B318307B9CA9

SSDEEP:

98304:o3AqBonuWEQ3HiaSk7QSW7iatlLskduaT5JDJfHXslgbodepWlfxEXyqohg2FNXI:uos

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Setup.exe (PID: 4088)
      • unins000.exe (PID: 1136)
      • _iu14D2N.tmp (PID: 124)
      • Setup.tmp (PID: 1200)
      • Setup.tmp (PID: 1120)
      • Setup.exe (PID: 2104)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Setup.exe (PID: 4088)
      • Setup.tmp (PID: 1200)
      • unins000.exe (PID: 1136)
      • _iu14D2N.tmp (PID: 124)
      • Setup.exe (PID: 2104)
      • Setup.tmp (PID: 1120)

    • Process drops legitimate windows executable

      • Setup.tmp (PID: 1200)
      • _iu14D2N.tmp (PID: 124)
      • Setup.tmp (PID: 1120)

    • Reads the Windows owner or organization settings

      • Setup.tmp (PID: 1200)
      • _iu14D2N.tmp (PID: 124)
      • Setup.tmp (PID: 1120)

    • Starts itself from another location

      • unins000.exe (PID: 1136)

    • Starts application with an unusual extension

      • unins000.exe (PID: 1136)

    • Reads the Internet Settings

      • Setup.tmp (PID: 1200)

  • INFO

    • Checks supported languages

      • Setup.exe (PID: 4088)
      • Setup.tmp (PID: 1200)
      • unins000.exe (PID: 1136)
      • _iu14D2N.tmp (PID: 124)
      • wmpnscfg.exe (PID: 1240)
      • Setup.tmp (PID: 1120)
      • Setup.exe (PID: 2104)

    • Reads the computer name

      • Setup.tmp (PID: 1200)
      • wmpnscfg.exe (PID: 1240)
      • Setup.tmp (PID: 1120)

    • Creates files in the program directory

      • Setup.tmp (PID: 1200)

    • Create files in a temporary directory

      • Setup.tmp (PID: 1200)
      • Setup.exe (PID: 4088)
      • unins000.exe (PID: 1136)
      • _iu14D2N.tmp (PID: 124)
      • Setup.tmp (PID: 1120)
      • Setup.exe (PID: 2104)

    • Creates a software uninstall entry

      • Setup.tmp (PID: 1200)

    • Application launched itself

      • msedge.exe (PID: 2028)
      • msedge.exe (PID: 1588)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1240)
      • msedge.exe (PID: 1588)
      • taskmgr.exe (PID: 3104)
      • explorer.exe (PID: 3464)
      • Setup.exe (PID: 3812)
      • Setup.exe (PID: 2104)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (81.5)
.exe | Win32 Executable Delphi generic (10.5)
.exe | Win32 Executable (generic) (3.3)
.exe | Win16/32 Executable Delphi generic (1.5)
.exe | Generic Win/DOS Executable (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:10:02 05:04:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 86016
InitializedDataSize: 140800
UninitializedDataSize: -
EntryPoint: 0x16478
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: DODI-Repacks
FileDescription: PC Building Simulator 2 Setup
FileVersion: 0.0.0
LegalCopyright: DODI-Repacks
ProductName: PC Building Simulator 2
ProductVersion: 0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
65
Monitored processes
26
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start setup.exe setup.tmp unins000.exe _iu14d2n.tmp msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs taskmgr.exe no specs explorer.exe no specs setup.exe no specs setup.exe setup.tmp setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Users\admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Program Files\DODI-Repacks\PC Building Simulator 2\Uninstall\unins000.exe" /FIRSTPHASEWND=$201F8 /verysilentC:\Users\admin\AppData\Local\Temp\_iu14D2N.tmp
unins000.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\_iu14d2n.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
824"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1224 --field-trial-handle=1308,i,4777320262419056647,3595648738572492894,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
860"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1636 --field-trial-handle=1308,i,4777320262419056647,3595648738572492894,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1120"C:\Users\admin\AppData\Local\Temp\is-V9V1R.tmp\Setup.tmp" /SL5="$601C2,1979341,227840,C:\Users\admin\Downloads\Setup.exe" C:\Users\admin\AppData\Local\Temp\is-V9V1R.tmp\Setup.tmp
Setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-v9v1r.tmp\setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1136"C:\Program Files\DODI-Repacks\PC Building Simulator 2\Uninstall\unins000.exe" /verysilentC:\Program Files\DODI-Repacks\PC Building Simulator 2\Uninstall\unins000.exe
Setup.tmp
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\program files\dodi-repacks\pc building simulator 2\uninstall\unins000.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1200"C:\Users\admin\AppData\Local\Temp\is-9105N.tmp\Setup.tmp" /SL5="$30138,1979341,227840,C:\Users\admin\Downloads\Setup.exe" C:\Users\admin\AppData\Local\Temp\is-9105N.tmp\Setup.tmp
Setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-9105n.tmp\setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1240"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1284"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6e05f598,0x6e05f5a8,0x6e05f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1408"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3284 --field-trial-handle=1308,i,4777320262419056647,3595648738572492894,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1588"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate http://www.dodi-repacks.site/C:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
4 758
Read events
4 683
Write events
66
Delete events
9

Modification events

(PID) Process:(1200) Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
B004000072CB30208BBEDA01
(PID) Process:(1200) Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
70585011183C2D0E9968E63968E75D08B506AFE7D812CBC64E0A3112CA9C750A
(PID) Process:(1200) Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.1.ee2 (u)
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\DODI-Repacks\PC Building Simulator 2
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\DODI-Repacks\PC Building Simulator 2\
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:Inno Setup: Icon Group
Value:
PC Building Simulator 2
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:Inno Setup: Language
Value:
default
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:DisplayName
Value:
PC Building Simulator 2
Executable files
21
Suspicious files
67
Text files
78
Unknown types
4

Dropped files

PID
Process
Filename
Type
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\Lockscreen.jpgimage
MD5:E2E8D9CF6EA611DAA36F2CE8D317DD68
SHA256:39F9BD663A47D53EA758A5C7F178DB0E328D86997282B4BCBC7CF4D799980182
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\Lockscreen_overlay.pngimage
MD5:F5F4FE2B811E5A07AE1184579CF36557
SHA256:D66BBF3A8D5F5890C3DBC95E77068ABB10F3DB4EBD0C71AE5DBF15D99174889C
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\Dark.pngimage
MD5:185D31C702A861FD7026C693513EB3FB
SHA256:56E1B926B344EF760FEA6A4FD862E066EA5295F7E5671FC7C0D1F1BC148E2009
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\Light.pngimage
MD5:5036FBDD45FEC2AD2F18C0FA51A584BE
SHA256:9813C13B925CA95D4038C827E5EFA1BF6C00AED41C65B7E7D5907DDF68866847
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\ISDone.dllexecutable
MD5:4FEAFA8B5E8CDB349125C8AF0AC43974
SHA256:BB8A0245DCC5C10A1C7181BAD509B65959855009A8105863EF14F2BB5B38AC71
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\Setup1.jpgimage
MD5:2A3DB2E2A56020C57376F20E178254DA
SHA256:F1C6C85594D7DAEF39A1B39DFB4F80BB41344194CA47D8CC276DACDB765645BC
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\Autorun1.jpgimage
MD5:C2DA05D210B31C216E94A6E47D5CB40F
SHA256:48E31BFD2182143C50E5BE20AFC289B6E5053C79519A5B3CBF03141EF86DAD56
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\logo.pngimage
MD5:5B97ED539EEFA61A38C5D8BD75BA431E
SHA256:B0034F812FF8F9A71D5E2B21ED1630ACE13FE24D70CF558573A4204FB7ED96D3
4088Setup.exeC:\Users\admin\AppData\Local\Temp\is-9105N.tmp\Setup.tmpexecutable
MD5:6E4E83302159EC46E10280ABE1D62CE1
SHA256:BB22238B9DE45D10013CDF18B66D13646137BF5DDC075C781A160EF8739B2FD7
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\botva2.dllexecutable
MD5:619BF9DDCB5FE39EE9E5B0167E7F4F0D
SHA256:609661A14733F6E9C2C2F2FF9C274F8A4CBEDAFF4DD32049AA5161F8D7083D6A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
24
DNS requests
31
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
1600
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1588
msedge.exe
239.255.255.250:1900
unknown
1600
msedge.exe
104.21.58.252:443
www.dodi-repacks.site
CLOUDFLARENET
unknown
1600
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1600
msedge.exe
37.230.117.113:443
i4.imageban.ru
JSC IOT
RU
unknown
1600
msedge.exe
92.63.103.84:443
i1.imageban.ru
JSC IOT
RU
unknown
1600
msedge.exe
62.109.31.142:443
i2.imageban.ru
JSC IOT
RU
unknown

DNS requests

Domain
IP
Reputation
www.dodi-repacks.site
  • 104.21.58.252
  • 172.67.166.133
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
dodi-repacks.site
  • 104.21.58.252
  • 172.67.166.133
unknown
i2.imageban.ru
  • 62.109.31.142
unknown
i7.imageban.ru
  • 62.109.19.95
unknown
i4.imageban.ru
  • 37.230.117.113
unknown
i6.imageban.ru
  • 80.87.200.35
unknown
i1.imageban.ru
  • 92.63.103.84
unknown
i5.imageban.ru
  • 62.109.5.15
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup.exe