File name:

Windows10Upgrade9252 (1).exe

Full analysis: https://app.any.run/tasks/d57b33d5-fd04-43bf-9090-f59fdf1e9426
Verdict: Malicious activity
Analysis date: June 01, 2025, 18:06:41
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

C0B25DEF4312FBDDBCC4F01C6C0F5BA6

SHA1:

8D16A183D61233E7D6B6AF7B3CAFC6645AC2ACB1

SHA256:

C0424D0AE06CA1E6E0249B40D33AC40D74075856D543EC0924884664FBA52B79

SSDEEP:

98304:GgjXlctych4cCzJ8k2omX8sUf0ht5f/LyXtcH/B:JjKtych9CzJqXM32jyXE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 6988)
      • Windows10Upgrade9252 (1).exe (PID: 7768)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Executable content was dropped or overwritten

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Creates a software uninstall entry

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Reads security settings of Internet Explorer

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Reads Internet Explorer settings

      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)

    • Process drops legitimate windows executable

      • Windows10Upgrade9252 (1).exe (PID: 7972)
      • Windows10Upgrade9252 (1).exe (PID: 7816)

    • Reads Microsoft Outlook installation path

      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)

  • INFO

    • Reads the computer name

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • The sample compiled with bulgarian language support

      • Windows10Upgrade9252 (1).exe (PID: 7816)

    • Creates files in the program directory

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • The sample compiled with arabic language support

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Create files in a temporary directory

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Process checks computer location settings

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • The sample compiled with english language support

      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Checks supported languages

      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10Upgrade9252 (1).exe (PID: 7816)
      • Windows10Upgrade9252 (1).exe (PID: 7972)
      • Windows10UpgraderApp.exe (PID: 7716)

    • Checks proxy server information

      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)

    • Reads the machine GUID from the registry

      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)

    • Creates files or folders in the user directory

      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)

    • Manual execution by a user

      • Windows10Upgrade9252 (1).exe (PID: 7768)
      • Windows10Upgrade9252 (1).exe (PID: 7972)

    • Reads the software policy settings

      • Windows10UpgraderApp.exe (PID: 2332)
      • Windows10UpgraderApp.exe (PID: 7716)
      • slui.exe (PID: 5972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2046:06:23 08:08:25+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.2
CodeSize: 473600
InitializedDataSize: 295424
UninitializedDataSize: -
EntryPoint: 0x71a80
OSVersion: 10
ImageVersion: 10
SubsystemVersion: 10
Subsystem: Windows GUI
FileVersionNumber: 1.4.19041.2183
ProductVersionNumber: 1.4.19041.2183
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Bulgarian
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: WindowsInstallationAssistant
InternalName: WindowsInstallationAssistant.exe
LegalCopyright: © Microsoft Corporation. Всички права запазени.
OriginalFileName: WindowsInstallationAssistant.exe
ProductName: Помощник за инсталиране на Windows
FileVersion: 1.4.19041.2183
ProductVersion: 1.4.19041.2183
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
9
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start windows10upgrade9252 (1).exe windows10upgraderapp.exe sppextcomobj.exe no specs slui.exe windows10upgrade9252 (1).exe no specs windows10upgrade9252 (1).exe windows10upgraderapp.exe slui.exe no specs windows10upgrade9252 (1).exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2332"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe
Windows10Upgrade9252 (1).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Installation Assistant
Exit code:
0
Version:
1.4.19041.2183
Modules
Images
c:\program files (x86)\windowsinstallationassistant\windows10upgraderapp.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
3968C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
5972"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6988"C:\Users\admin\AppData\Local\Temp\Windows10Upgrade9252 (1).exe" C:\Users\admin\AppData\Local\Temp\Windows10Upgrade9252 (1).exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WindowsInstallationAssistant
Exit code:
3221226540
Version:
1.4.19041.2183
Modules
Images
c:\users\admin\appdata\local\temp\windows10upgrade9252 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7716"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe" C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe
Windows10Upgrade9252 (1).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Installation Assistant
Exit code:
0
Version:
1.4.19041.2183
Modules
Images
c:\program files (x86)\windowsinstallationassistant\windows10upgraderapp.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
7768"C:\Users\admin\Desktop\Windows10Upgrade9252 (1).exe" C:\Users\admin\Desktop\Windows10Upgrade9252 (1).exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WindowsInstallationAssistant
Exit code:
3221226540
Version:
1.4.19041.2183
Modules
Images
c:\users\admin\desktop\windows10upgrade9252 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7816"C:\Users\admin\AppData\Local\Temp\Windows10Upgrade9252 (1).exe" C:\Users\admin\AppData\Local\Temp\Windows10Upgrade9252 (1).exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WindowsInstallationAssistant
Exit code:
0
Version:
1.4.19041.2183
Modules
Images
c:\users\admin\appdata\local\temp\windows10upgrade9252 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7880C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7972"C:\Users\admin\Desktop\Windows10Upgrade9252 (1).exe" C:\Users\admin\Desktop\Windows10Upgrade9252 (1).exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WindowsInstallationAssistant
Exit code:
0
Version:
1.4.19041.2183
Modules
Images
c:\users\admin\desktop\windows10upgrade9252 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
3 119
Read events
3 066
Write events
48
Delete events
5

Modification events

(PID) Process:(7816) Windows10Upgrade9252 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5C69738-B486-402E-85AC-2456D98A64E4}
Operation:writeName:Publisher
Value:
Microsoft Corporation
(PID) Process:(7816) Windows10Upgrade9252 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5C69738-B486-402E-85AC-2456D98A64E4}
Operation:writeName:DisplayName
Value:
Windows 10 Update Assistant
(PID) Process:(7816) Windows10Upgrade9252 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5C69738-B486-402E-85AC-2456D98A64E4}
Operation:writeName:DisplayIcon
Value:
"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe"
(PID) Process:(7816) Windows10Upgrade9252 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5C69738-B486-402E-85AC-2456D98A64E4}
Operation:writeName:DisplayVersion
Value:
1.4.19041.2183
(PID) Process:(7816) Windows10Upgrade9252 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5C69738-B486-402E-85AC-2456D98A64E4}
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe" /ForceUninstall
(PID) Process:(7816) Windows10Upgrade9252 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5C69738-B486-402E-85AC-2456D98A64E4}
Operation:writeName:EstimatedSize
Value:
5120
(PID) Process:(2332) Windows10UpgraderApp.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\UpdateAssistantApp\LocalState\TelemetryUpdateAssistant
Operation:writeName:GlobalEventCounter
Value:
0200000000000000
(PID) Process:(2332) Windows10UpgraderApp.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\UpdateAssistantApp\LocalState\TelemetryUpdateAssistant
Operation:writeName:GlobalEventCounter
Value:
0300000000000000
(PID) Process:(2332) Windows10UpgraderApp.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2332) Windows10UpgraderApp.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
32
Suspicious files
41
Text files
57
Unknown types
0

Dropped files

PID
Process
Filename
Type
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\resources\ux\eula.csstext
MD5:B81D1E97C529AC3D7F5A699AFCE27080
SHA256:35C6E30C7954F7E4B806C883576218621E2620166C8940701B33157BDD0BA225
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\appraiserxp.dllexecutable
MD5:CBB270591C9A1BFB1B10559AB672F705
SHA256:770A9A15E1EB8E2729F23A3D262B55BEF16E4BB7822A2D16EEAC3DB35A116D7F
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\ESDHelper.dllexecutable
MD5:C61DCF4DB82482A4498FCCA646A6C640
SHA256:C98289454CDCB2266E82204AF73A799B09458A899CDD8366E24FBB613273C0FF
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\resources\ux\default.csstext
MD5:7F5FCAC447CC2150AC90020F8DC8C98B
SHA256:453D8CA4F52FB8FD40D5B4596596911B9FB0794BB89FBF9B60DC27AF3EAA2850
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\GetCurrentRollback.EXEexecutable
MD5:D705A34A869AC46E3F07C9BE3EA1693A
SHA256:0436DEDA2DBBD46D74E4A83B5897BA26A3EC35A9AB77D4B46E7477D9CDD213B8
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\GetCurrentDeploy.dllexecutable
MD5:410FAC98056AB0BE74E4539A4C0EAAFF
SHA256:09EC6DC5CB94160B2C4D9F1F4224A7DC1951F227DD311ACB1BC4335F23DB9B24
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\GetCurrentOOBE.dllexecutable
MD5:C062B03A177CF1D25B91D0A911784533
SHA256:396DF40ADAC039F8A6847B7C8EFFF7DFEAD7A77B93E12B0B141A4CFA808C0035
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\resources\ux\logo.pngimage
MD5:AFEED45DF4D74D93C260A86E71E09102
SHA256:F5FB1E3A7BCA4E2778903E8299C63AB34894E810A174B0143B79183C0FA5072F
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\resources\ux\default_sunvalley.htmhtml
MD5:66B63E270CC9186F7186B316606F541F
SHA256:00F8F3E4534146858326D6D2524F3360DFC9E5D149E207D61CABAC17AD7A5F9F
7816Windows10Upgrade9252 (1).exeC:\Users\admin\AppData\Local\Temp\WXUF77C.tmp\resources\ux\loading.gifimage
MD5:1A276CB116BDECE96ADF8E32C4AF4FEE
SHA256:9D9A156C6CA2929F0F22C310260723E28428CB38995C0F940F2617B25E15B618
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
23
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.158:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2332
Windows10UpgraderApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5608
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5608
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
472
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.158:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7872
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2332
Windows10UpgraderApp.exe
95.100.186.9:443
go.microsoft.com
AKAMAI-AS
FR
whitelisted
2332
Windows10UpgraderApp.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2332
Windows10UpgraderApp.exe
184.30.24.206:443
download.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.48.23.158
  • 23.48.23.155
  • 23.48.23.156
  • 23.48.23.174
  • 23.48.23.173
  • 23.48.23.160
  • 23.48.23.175
  • 23.48.23.168
  • 23.48.23.166
whitelisted
google.com
  • 142.250.186.110
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 95.101.149.131
whitelisted
go.microsoft.com
  • 95.100.186.9
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
download.microsoft.com
  • 184.30.24.206
whitelisted
login.live.com
  • 40.126.31.69
  • 40.126.31.2
  • 20.190.159.73
  • 40.126.31.3
  • 40.126.31.129
  • 20.190.159.129
  • 40.126.31.71
  • 20.190.159.130
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Windows10Upgrade9252 (1).exe