File name:

Windows10Upgrade9252 (1).exe

Full analysis: https://app.any.run/tasks/d57b33d5-fd04-43bf-9090-f59fdf1e9426
Verdict: Malicious activity
Analysis date: June 01, 2025, 18:06:41
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

C0B25DEF4312FBDDBCC4F01C6C0F5BA6

SHA1:

8D16A183D61233E7D6B6AF7B3CAFC6645AC2ACB1

SHA256:

C0424D0AE06CA1E6E0249B40D33AC40D74075856D543EC0924884664FBA52B79

SSDEEP:

98304:GgjXlctych4cCzJ8k2omX8sUf0ht5f/LyXtcH/B:JjKtych9CzJqXM32jyXE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 6988)
      • Windows10Upgrade9252 (1).exe (PID: 7768)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Process drops legitimate windows executable

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Executable content was dropped or overwritten

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Creates a software uninstall entry

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Reads security settings of Internet Explorer

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)
      • Windows10UpgraderApp.exe (PID: 7716)
      • Windows10UpgraderApp.exe (PID: 2332)

    • Reads Microsoft Outlook installation path

      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)

    • Reads Internet Explorer settings

      • Windows10UpgraderApp.exe (PID: 7716)
      • Windows10UpgraderApp.exe (PID: 2332)

  • INFO

    • The sample compiled with bulgarian language support

      • Windows10Upgrade9252 (1).exe (PID: 7816)

    • Create files in a temporary directory

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10Upgrade9252 (1).exe (PID: 7972)
      • Windows10UpgraderApp.exe (PID: 7716)

    • Reads the computer name

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10Upgrade9252 (1).exe (PID: 7972)
      • Windows10UpgraderApp.exe (PID: 7716)

    • Creates files in the program directory

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10Upgrade9252 (1).exe (PID: 7972)
      • Windows10UpgraderApp.exe (PID: 7716)

    • The sample compiled with english language support

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • The sample compiled with arabic language support

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Process checks computer location settings

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Checks supported languages

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Reads the machine GUID from the registry

      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)

    • Reads the software policy settings

      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)
      • slui.exe (PID: 5972)

    • Creates files or folders in the user directory

      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)

    • Manual execution by a user

      • Windows10Upgrade9252 (1).exe (PID: 7768)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Checks proxy server information

      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2046:06:23 08:08:25+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.2
CodeSize: 473600
InitializedDataSize: 295424
UninitializedDataSize: -
EntryPoint: 0x71a80
OSVersion: 10
ImageVersion: 10
SubsystemVersion: 10
Subsystem: Windows GUI
FileVersionNumber: 1.4.19041.2183
ProductVersionNumber: 1.4.19041.2183
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Bulgarian
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: WindowsInstallationAssistant
InternalName: WindowsInstallationAssistant.exe
LegalCopyright: © Microsoft Corporation. Всички права запазени.
OriginalFileName: WindowsInstallationAssistant.exe
ProductName: Помощник за инсталиране на Windows
FileVersion: 1.4.19041.2183
ProductVersion: 1.4.19041.2183
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
9
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start windows10upgrade9252 (1).exe windows10upgraderapp.exe sppextcomobj.exe no specs slui.exe windows10upgrade9252 (1).exe no specs windows10upgrade9252 (1).exe windows10upgraderapp.exe slui.exe no specs windows10upgrade9252 (1).exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2332"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe
Windows10Upgrade9252 (1).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Installation Assistant
Exit code:
0
Version:
1.4.19041.2183
Modules
Images
c:\program files (x86)\windowsinstallationassistant\windows10upgraderapp.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
3968C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
5972"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6988"C:\Users\admin\AppData\Local\Temp\Windows10Upgrade9252 (1).exe" C:\Users\admin\AppData\Local\Temp\Windows10Upgrade9252 (1).exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WindowsInstallationAssistant
Exit code:
3221226540
Version:
1.4.19041.2183
Modules
Images
c:\users\admin\appdata\local\temp\windows10upgrade9252 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7716"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe
Windows10Upgrade9252 (1).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Installation Assistant
Exit code:
0
Version:
1.4.19041.2183
Modules
Images
c:\program files (x86)\windowsinstallationassistant\windows10upgraderapp.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
7768"C:\Users\admin\Desktop\Windows10Upgrade9252 (1).exe" C:\Users\admin\Desktop\Windows10Upgrade9252 (1).exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WindowsInstallationAssistant
Exit code:
3221226540
Version:
1.4.19041.2183
Modules
Images
c:\users\admin\desktop\windows10upgrade9252 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7816"C:\Users\admin\AppData\Local\Temp\Windows10Upgrade9252 (1).exe" C:\Users\admin\AppData\Local\Temp\Windows10Upgrade9252 (1).exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WindowsInstallationAssistant
Exit code:
0
Version:
1.4.19041.2183
Modules
Images
c:\users\admin\appdata\local\temp\windows10upgrade9252 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7880C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7972"C:\Users\admin\Desktop\Windows10Upgrade9252 (1).exe" C:\Users\admin\Desktop\Windows10Upgrade9252 (1).exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WindowsInstallationAssistant
Exit code:
0
Version:
1.4.19041.2183
Modules
Images
c:\users\admin\desktop\windows10upgrade9252 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
3 119
Read events
3 066
Write events
48
Delete events
5

Modification events

(PID) Process:(7816) Windows10Upgrade9252 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5C69738-B486-402E-85AC-2456D98A64E4}
Operation:writeName:Publisher
Value:
Microsoft Corporation
(PID) Process:(7816) Windows10Upgrade9252 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5C69738-B486-402E-85AC-2456D98A64E4}
Operation:writeName:DisplayName
Value:
Windows 10 Update Assistant
(PID) Process:(7816) Windows10Upgrade9252 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5C69738-B486-402E-85AC-2456D98A64E4}
Operation:writeName:DisplayIcon
Value:
"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe"
(PID) Process:(7816) Windows10Upgrade9252 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5C69738-B486-402E-85AC-2456D98A64E4}
Operation:writeName:DisplayVersion
Value:
1.4.19041.2183
(PID) Process:(7816) Windows10Upgrade9252 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5C69738-B486-402E-85AC-2456D98A64E4}
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe" /ForceUninstall
(PID) Process:(7816) Windows10Upgrade9252 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5C69738-B486-402E-85AC-2456D98A64E4}
Operation:writeName:EstimatedSize
Value:
5120
(PID) Process:(2332) Windows10UpgraderApp.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\UpdateAssistantApp\LocalState\TelemetryUpdateAssistant
Operation:writeName:GlobalEventCounter
Value:
0200000000000000
(PID) Process:(2332) Windows10UpgraderApp.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\UpdateAssistantApp\LocalState\TelemetryUpdateAssistant
Operation:writeName:GlobalEventCounter
Value:
0300000000000000
(PID) Process:(2332) Windows10UpgraderApp.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2332) Windows10UpgraderApp.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
32
Suspicious files
41
Text files
57
Unknown types
0

Dropped files

PID
Process
Filename
Type
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\Windows10UpgraderApp.exeexecutable
MD5:AB38A78503D8AD3CE7D69F937D71A99C
SHA256:F635CD1996967C2297E3F20C4838D2F45D1535CFEA38971909683E26158FB782
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\appraiserxp.dllexecutable
MD5:CBB270591C9A1BFB1B10559AB672F705
SHA256:770A9A15E1EB8E2729F23A3D262B55BEF16E4BB7822A2D16EEAC3DB35A116D7F
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\GetCurrentRollback.EXEexecutable
MD5:D705A34A869AC46E3F07C9BE3EA1693A
SHA256:0436DEDA2DBBD46D74E4A83B5897BA26A3EC35A9AB77D4B46E7477D9CDD213B8
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\GetCurrentDeploy.dllexecutable
MD5:410FAC98056AB0BE74E4539A4C0EAAFF
SHA256:09EC6DC5CB94160B2C4D9F1F4224A7DC1951F227DD311ACB1BC4335F23DB9B24
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\ESDHelper.dllexecutable
MD5:C61DCF4DB82482A4498FCCA646A6C640
SHA256:C98289454CDCB2266E82204AF73A799B09458A899CDD8366E24FBB613273C0FF
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\resources\ux\default.htmhtml
MD5:B2A06AF2867A2BB3D4B198A22F7936B3
SHA256:40F468006AB37EF4FCC54C5FF25005644F15D696F1269F67B450C9E3CE5E8D23
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\downloader.dllexecutable
MD5:5B62AD6AE42F32806062AD1BCB3E2DE5
SHA256:96F7B268820511ABEEB6BBFAD0918CF9161366BC2F558EF7F011331E7DE1D6F3
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\resources\ux\default.csstext
MD5:7F5FCAC447CC2150AC90020F8DC8C98B
SHA256:453D8CA4F52FB8FD40D5B4596596911B9FB0794BB89FBF9B60DC27AF3EAA2850
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\resources\ux\eula.csstext
MD5:B81D1E97C529AC3D7F5A699AFCE27080
SHA256:35C6E30C7954F7E4B806C883576218621E2620166C8940701B33157BDD0BA225
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\resources\ux\pass.pngimage
MD5:5A7499645619886BFE949250E1807415
SHA256:DB27BAD6E59128D58031706C83210AE780A9261E01AF6FDE6323BD30F7A97B12
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
23
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.158:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5608
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5608
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2332
Windows10UpgraderApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
472
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.158:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7872
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2332
Windows10UpgraderApp.exe
95.100.186.9:443
go.microsoft.com
AKAMAI-AS
FR
whitelisted
2332
Windows10UpgraderApp.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2332
Windows10UpgraderApp.exe
184.30.24.206:443
download.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.48.23.158
  • 23.48.23.155
  • 23.48.23.156
  • 23.48.23.174
  • 23.48.23.173
  • 23.48.23.160
  • 23.48.23.175
  • 23.48.23.168
  • 23.48.23.166
whitelisted
google.com
  • 142.250.186.110
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 95.101.149.131
whitelisted
go.microsoft.com
  • 95.100.186.9
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
download.microsoft.com
  • 184.30.24.206
whitelisted
login.live.com
  • 40.126.31.69
  • 40.126.31.2
  • 20.190.159.73
  • 40.126.31.3
  • 40.126.31.129
  • 20.190.159.129
  • 40.126.31.71
  • 20.190.159.130
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Windows10Upgrade9252 (1).exe