File name:

Setup.exe

Full analysis: https://app.any.run/tasks/2e48716d-832d-46cb-8cb6-f8c67439fcd2
Verdict: Malicious activity
Analysis date: June 14, 2024, 18:46:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

A81B585F0D38A6EF4337D555049D1920

SHA1:

4CFBF137F42F5A51C3A9D4D31606FC48E1C531D8

SHA256:

9BEE813F5E21837CD4C0F7CDAD6680ACE4A68F47C08CB0D01DA1B318307B9CA9

SSDEEP:

98304:o3AqBonuWEQ3HiaSk7QSW7iatlLskduaT5JDJfHXslgbodepWlfxEXyqohg2FNXI:uos

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Setup.exe (PID: 4088)
      • Setup.tmp (PID: 1200)
      • unins000.exe (PID: 1136)
      • _iu14D2N.tmp (PID: 124)
      • Setup.tmp (PID: 1120)
      • Setup.exe (PID: 2104)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • Setup.tmp (PID: 1200)
      • _iu14D2N.tmp (PID: 124)
      • Setup.tmp (PID: 1120)

    • Process drops legitimate windows executable

      • Setup.tmp (PID: 1200)
      • _iu14D2N.tmp (PID: 124)
      • Setup.tmp (PID: 1120)

    • Executable content was dropped or overwritten

      • Setup.exe (PID: 4088)
      • Setup.tmp (PID: 1200)
      • unins000.exe (PID: 1136)
      • _iu14D2N.tmp (PID: 124)
      • Setup.tmp (PID: 1120)
      • Setup.exe (PID: 2104)

    • Starts itself from another location

      • unins000.exe (PID: 1136)

    • Starts application with an unusual extension

      • unins000.exe (PID: 1136)

    • Reads the Internet Settings

      • Setup.tmp (PID: 1200)

  • INFO

    • Checks supported languages

      • Setup.exe (PID: 4088)
      • Setup.tmp (PID: 1200)
      • unins000.exe (PID: 1136)
      • _iu14D2N.tmp (PID: 124)
      • wmpnscfg.exe (PID: 1240)
      • Setup.tmp (PID: 1120)
      • Setup.exe (PID: 2104)

    • Create files in a temporary directory

      • Setup.exe (PID: 4088)
      • Setup.tmp (PID: 1200)
      • unins000.exe (PID: 1136)
      • _iu14D2N.tmp (PID: 124)
      • Setup.exe (PID: 2104)
      • Setup.tmp (PID: 1120)

    • Reads the computer name

      • Setup.tmp (PID: 1200)
      • wmpnscfg.exe (PID: 1240)
      • Setup.tmp (PID: 1120)

    • Creates files in the program directory

      • Setup.tmp (PID: 1200)

    • Creates a software uninstall entry

      • Setup.tmp (PID: 1200)

    • Manual execution by a user

      • msedge.exe (PID: 1588)
      • wmpnscfg.exe (PID: 1240)
      • taskmgr.exe (PID: 3104)
      • explorer.exe (PID: 3464)
      • Setup.exe (PID: 2104)
      • Setup.exe (PID: 3812)

    • Application launched itself

      • msedge.exe (PID: 2028)
      • msedge.exe (PID: 1588)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (81.5)
.exe | Win32 Executable Delphi generic (10.5)
.exe | Win32 Executable (generic) (3.3)
.exe | Win16/32 Executable Delphi generic (1.5)
.exe | Generic Win/DOS Executable (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:10:02 05:04:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 86016
InitializedDataSize: 140800
UninitializedDataSize: -
EntryPoint: 0x16478
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: DODI-Repacks
FileDescription: PC Building Simulator 2 Setup
FileVersion: 0.0.0
LegalCopyright: DODI-Repacks
ProductName: PC Building Simulator 2
ProductVersion: 0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
65
Monitored processes
26
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start setup.exe setup.tmp unins000.exe _iu14d2n.tmp msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs taskmgr.exe no specs explorer.exe no specs setup.exe no specs setup.exe setup.tmp setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Users\admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Program Files\DODI-Repacks\PC Building Simulator 2\Uninstall\unins000.exe" /FIRSTPHASEWND=$201F8 /verysilentC:\Users\admin\AppData\Local\Temp\_iu14D2N.tmp
unins000.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\_iu14d2n.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
824"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1224 --field-trial-handle=1308,i,4777320262419056647,3595648738572492894,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
860"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1636 --field-trial-handle=1308,i,4777320262419056647,3595648738572492894,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1120"C:\Users\admin\AppData\Local\Temp\is-V9V1R.tmp\Setup.tmp" /SL5="$601C2,1979341,227840,C:\Users\admin\Downloads\Setup.exe" C:\Users\admin\AppData\Local\Temp\is-V9V1R.tmp\Setup.tmp
Setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-v9v1r.tmp\setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1136"C:\Program Files\DODI-Repacks\PC Building Simulator 2\Uninstall\unins000.exe" /verysilentC:\Program Files\DODI-Repacks\PC Building Simulator 2\Uninstall\unins000.exe
Setup.tmp
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\program files\dodi-repacks\pc building simulator 2\uninstall\unins000.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1200"C:\Users\admin\AppData\Local\Temp\is-9105N.tmp\Setup.tmp" /SL5="$30138,1979341,227840,C:\Users\admin\Downloads\Setup.exe" C:\Users\admin\AppData\Local\Temp\is-9105N.tmp\Setup.tmp
Setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-9105n.tmp\setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1240"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1284"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6e05f598,0x6e05f5a8,0x6e05f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1408"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3284 --field-trial-handle=1308,i,4777320262419056647,3595648738572492894,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1588"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate http://www.dodi-repacks.site/C:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
4 758
Read events
4 683
Write events
66
Delete events
9

Modification events

(PID) Process:(1200) Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
B004000072CB30208BBEDA01
(PID) Process:(1200) Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
70585011183C2D0E9968E63968E75D08B506AFE7D812CBC64E0A3112CA9C750A
(PID) Process:(1200) Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.1.ee2 (u)
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\DODI-Repacks\PC Building Simulator 2
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\DODI-Repacks\PC Building Simulator 2\
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:Inno Setup: Icon Group
Value:
PC Building Simulator 2
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:Inno Setup: Language
Value:
default
(PID) Process:(1200) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Building Simulator 2_is1
Operation:writeName:DisplayName
Value:
PC Building Simulator 2
Executable files
21
Suspicious files
67
Text files
78
Unknown types
4

Dropped files

PID
Process
Filename
Type
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\Dark.pngimage
MD5:185D31C702A861FD7026C693513EB3FB
SHA256:56E1B926B344EF760FEA6A4FD862E066EA5295F7E5671FC7C0D1F1BC148E2009
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\ISDone.dllexecutable
MD5:4FEAFA8B5E8CDB349125C8AF0AC43974
SHA256:BB8A0245DCC5C10A1C7181BAD509B65959855009A8105863EF14F2BB5B38AC71
4088Setup.exeC:\Users\admin\AppData\Local\Temp\is-9105N.tmp\Setup.tmpexecutable
MD5:6E4E83302159EC46E10280ABE1D62CE1
SHA256:BB22238B9DE45D10013CDF18B66D13646137BF5DDC075C781A160EF8739B2FD7
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\logo.pngimage
MD5:5B97ED539EEFA61A38C5D8BD75BA431E
SHA256:B0034F812FF8F9A71D5E2B21ED1630ACE13FE24D70CF558573A4204FB7ED96D3
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\Tile1_Background.jpgimage
MD5:5E25FC73867C51BB749FA958B7C04FDF
SHA256:36CF201C5171646A151B7FF5518078D6068F5437B52557784E4163A8E87A13A1
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\Uninstall.pngimage
MD5:1DBEC7E15BB3FE912EA362C7F5305CB8
SHA256:43BFE50A575E87237ABE4F65EEE18B23E667C0A6C9FA1FD6FC2176948EDFA527
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\Install.pngimage
MD5:3A104B9FF4B59BBA6DC3B30114C5B31B
SHA256:1A72008C2393B330C3A9E05BCBA070E538D9D5078767ADC49A86A05473226CED
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\cls.iniini
MD5:3A0A9EE1BDEA8710547EF36EF5320183
SHA256:4AC50ED1C47CF3AC7CC63FFE995ECB72A929DD6015F13AAAB3B099EB3C58085B
1200Setup.tmpC:\Users\admin\AppData\Local\Temp\is-RPA97.tmp\Exit.pngimage
MD5:91F97AA4B051E7B2991E5456D2C8655B
SHA256:0FF3FBFBB177D5FFC8B577F821A91F9D39F13F5F548F9570C12CB85CCEF526E3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
24
DNS requests
31
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
1600
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1588
msedge.exe
239.255.255.250:1900
unknown
1600
msedge.exe
104.21.58.252:443
www.dodi-repacks.site
CLOUDFLARENET
unknown
1600
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1600
msedge.exe
37.230.117.113:443
i4.imageban.ru
JSC IOT
RU
unknown
1600
msedge.exe
92.63.103.84:443
i1.imageban.ru
JSC IOT
RU
unknown
1600
msedge.exe
62.109.31.142:443
i2.imageban.ru
JSC IOT
RU
unknown

DNS requests

Domain
IP
Reputation
www.dodi-repacks.site
  • 104.21.58.252
  • 172.67.166.133
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
dodi-repacks.site
  • 104.21.58.252
  • 172.67.166.133
unknown
i2.imageban.ru
  • 62.109.31.142
unknown
i7.imageban.ru
  • 62.109.19.95
unknown
i4.imageban.ru
  • 37.230.117.113
unknown
i6.imageban.ru
  • 80.87.200.35
unknown
i1.imageban.ru
  • 92.63.103.84
unknown
i5.imageban.ru
  • 62.109.5.15
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup.exe