download:

/windows/0install/DeepLSetup.exe

Full analysis: https://app.any.run/tasks/490ca1c0-a3ee-4ed7-910f-12f986ed2d02
Verdict: Malicious activity
Analysis date: November 16, 2024, 05:41:47
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

02A9A9A951A9122BB303E3D20A4132A4

SHA1:

9B5A7E0889F1AFFBB2478630A7CF158E1F426A53

SHA256:

C915FB81B980D874B62DF5D842F0C460C3D0B8A4B6F70CA827875D75FBAE6DA9

SSDEEP:

98304:CyU8099+Hwwp+S1RPIuRfkUujTq7LBKj/:M9+HwvkP0jZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Create files in the Startup directory

      • 0install-win.exe (PID: 300)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 5612)

    • Executable content was dropped or overwritten

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • The process creates files with name similar to system file names

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 5612)

    • Starts itself from another location

      • 0install-win.exe (PID: 2076)

    • Searches for installed software

      • 0install-win.exe (PID: 300)

    • Creates a software uninstall entry

      • 0install-win.exe (PID: 300)

    • Reads Internet Explorer settings

      • 0install-win.exe (PID: 5612)

    • The process drops C-runtime libraries

      • 0install-win.exe (PID: 5612)

    • Detected use of alternative data streams (AltDS)

      • 0install-win.exe (PID: 5612)

    • There is functionality for taking screenshot (YARA)

      • DeepL.exe (PID: 5976)

  • INFO

    • Reads the computer name

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Disables trace logs

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Checks proxy server information

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Reads Environment values

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Create files in a temporary directory

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)

    • Checks supported languages

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Creates files or folders in the user directory

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Process checks whether UAC notifications are on

      • DeepLSetup.exe (PID: 6808)

    • Reads the machine GUID from the registry

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 5612)
      • 0install-win.exe (PID: 300)

    • Reads the software policy settings

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Creates files in the program directory

      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Sends debugging messages

      • DeepL.exe (PID: 5976)
      • CefSharp.BrowserSubprocess.exe (PID: 6440)
      • CefSharp.BrowserSubprocess.exe (PID: 6456)
      • CefSharp.BrowserSubprocess.exe (PID: 3580)
      • CefSharp.BrowserSubprocess.exe (PID: 4308)
      • CefSharp.BrowserSubprocess.exe (PID: 2000)
      • CefSharp.BrowserSubprocess.exe (PID: 8136)
      • CefSharp.BrowserSubprocess.exe (PID: 7584)
      • CefSharp.BrowserSubprocess.exe (PID: 7460)
      • CefSharp.BrowserSubprocess.exe (PID: 8152)
      • CefSharp.BrowserSubprocess.exe (PID: 8416)
      • CefSharp.BrowserSubprocess.exe (PID: 8020)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4004)

    • Application launched itself

      • msedge.exe (PID: 6256)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2092:06:12 00:25:29+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 4307968
InitializedDataSize: 113152
UninitializedDataSize: -
EntryPoint: 0x41dbce
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.25.10.0
ProductVersionNumber: 2.25.10.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Downloads and runs Zero Install optionally showing a GUI.
CompanyName: zero-install
FileDescription: zero-install
FileVersion: 2.25.10.0
InternalName: zero-install.exe
LegalCopyright:
OriginalFileName: zero-install.exe
ProductName: Zero Install
ProductVersion: 2.25.10+dc9e71b7feda494f49256313ad5af690384d9d4d
AssemblyVersion: 2.25.10.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
200
Monitored processes
66
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details

Process information

PID
CMD
Path
Indicators
Parent process
300"C:\Users\admin\AppData\Roaming\Programs\Zero Install\0install-win.exe" --deployed integrate https://appdownload.deepl.com/windows/0install/deepl.xml --no-download --add-all --backgroundC:\Users\admin\AppData\Roaming\Programs\Zero Install\0install-win.exe
0install-win.exe
User:
admin
Company:
0install-win
Integrity Level:
MEDIUM
Description:
0install-win
Exit code:
0
Version:
2.25.11.0
Modules
Images
c:\users\admin\appdata\roaming\programs\zero install\0install-win.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
696\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exe0install.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
1248"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2256 --field-trial-handle=2188,i,14105407399004792426,16971210312955677949,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
1344"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7356 --field-trial-handle=2188,i,14105407399004792426,16971210312955677949,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1432"C:\Users\admin\AppData\Roaming\Programs\Zero Install\0install.exe" list-apps --batch --xml https://appdownload.deepl.com/windows/0install/deepl.xmlC:\Users\admin\AppData\Roaming\Programs\Zero Install\0install.exeDeepL.exe
User:
admin
Company:
Bastian Eicher
Integrity Level:
MEDIUM
Description:
0install
Exit code:
0
Version:
2.25.11.0
1552"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=2188,i,14105407399004792426,16971210312955677949,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
2000"C:\Users\admin\AppData\Local\0install.net\implementations\sha256new_NX54BP3MSRHNDMB5N5YOFJZWO5QE5I5W7JTPGB4XC7MEJNSXCC3A\.\CefSharp.BrowserSubprocess.exe" --type=renderer --user-agent="DeepL/24.11.2.14283 (Microsoft Windows NT 10.0.19045.0; x64)" --enable-chrome-runtime --user-data-dir="C:\Users\admin\AppData\Local\DeepL_SE\cache" --uncaught-exception-stack-size=10 --cefsharpexitsub --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=8120,i,12801241288322762277,15032818624834365,262144 --variations-seed-version --enable-logging=handle --log-file=8116 --mojo-platform-channel-handle=7972 --host-process-id=5976 /prefetch:1C:\Users\admin\AppData\Local\0install.net\implementations\sha256new_NX54BP3MSRHNDMB5N5YOFJZWO5QE5I5W7JTPGB4XC7MEJNSXCC3A\CefSharp.BrowserSubprocess.exe
DeepL.exe
User:
admin
Company:
The CefSharp Authors
Integrity Level:
MEDIUM
Description:
CefSharp.BrowserSubprocess
Exit code:
0
Version:
127.3.50.0
2076"C:\Users\admin\AppData\Local\0install.net\implementations\sha256new_LJSMAY6P6KOIG5DIGRK3GSLPP3BYX2N5G7PA5EAJM4GY6EXVUKQA\0install-win.exe" integrate https://appdownload.deepl.com/windows/0install/deepl.xml --no-download --add-all --backgroundC:\Users\admin\AppData\Local\0install.net\implementations\sha256new_LJSMAY6P6KOIG5DIGRK3GSLPP3BYX2N5G7PA5EAJM4GY6EXVUKQA\0install-win.exe
DeepLSetup.exe
User:
admin
Company:
0install-win
Integrity Level:
MEDIUM
Description:
0install-win
Exit code:
0
Version:
2.25.11.0
Modules
Images
c:\users\admin\appdata\local\0install.net\implementations\sha256new_ljsmay6p6koig5digrk3gslpp3byx2n5g7pa5eajm4gy6exvukqa\0install-win.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3580"C:\Users\admin\AppData\Local\0install.net\implementations\sha256new_NX54BP3MSRHNDMB5N5YOFJZWO5QE5I5W7JTPGB4XC7MEJNSXCC3A\.\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-agent="DeepL/24.11.2.14283 (Microsoft Windows NT 10.0.19045.0; x64)" --enable-chrome-runtime --user-data-dir="C:\Users\admin\AppData\Local\DeepL_SE\cache" --cefsharpexitsub --field-trial-handle=5380,i,12801241288322762277,15032818624834365,262144 --variations-seed-version --enable-logging=handle --log-file=5400 --mojo-platform-channel-handle=5396 /prefetch:8 --host-process-id=5976C:\Users\admin\AppData\Local\0install.net\implementations\sha256new_NX54BP3MSRHNDMB5N5YOFJZWO5QE5I5W7JTPGB4XC7MEJNSXCC3A\CefSharp.BrowserSubprocess.exe
DeepL.exe
User:
admin
Company:
The CefSharp Authors
Integrity Level:
MEDIUM
Description:
CefSharp.BrowserSubprocess
Version:
127.3.50.0
3924"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4896 --field-trial-handle=2188,i,14105407399004792426,16971210312955677949,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Total events
16 411
Read events
16 289
Write events
112
Delete events
10

Modification events

(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
1 694
Suspicious files
706
Text files
232
Unknown types
41

Dropped files

PID
Process
Filename
Type
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\injector\implementation-dirs
MD5:
SHA256:
6808DeepLSetup.exeC:\Users\admin\AppData\Local\0install.net\implementations\5vqqdmrn.5scbinary
MD5:0CC175B9C0F1B6A831C399E269772661
SHA256:CA978112CA1BBDCAFAC231B39A23DC4DA786EFF8147C4E72B9807785AFEE48BB
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\temp.0q2qtzqh.zlz.catalog-sourcestext
MD5:085F4C9F480A808BE427574573138250
SHA256:8A770C09F2E020A1056C204DD66E16B180878EF17DF94A1694E57AF535A19240
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\injector\temp.u3ldlgsv.21z.globaltext
MD5:C21FB6102DF78A20A75B5F0B9F8544D2
SHA256:A5A650E2E7FE8EC0B6E5F57FE03F96491016580A268D91303A3906B060057B4D
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\injector\globaltext
MD5:C21FB6102DF78A20A75B5F0B9F8544D2
SHA256:A5A650E2E7FE8EC0B6E5F57FE03F96491016580A268D91303A3906B060057B4D
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\catalog-sourcestext
MD5:085F4C9F480A808BE427574573138250
SHA256:8A770C09F2E020A1056C204DD66E16B180878EF17DF94A1694E57AF535A19240
6808DeepLSetup.exeC:\Users\admin\AppData\Local\0install.net\interfaces\temp.34gkjzzn.bxq.https%3a%2f%2fappdownload.deepl.com%2fwindows%2f0install%2f0install-win.xmlxml
MD5:33E94BA4E605B70B4EBD174D93241523
SHA256:2E2D6061B379CE941F309935F07A688B2E4494667A5D23052691251DFBCE1385
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\injector\feeds\temp.xyiuv0te.zpx.https%3a##appdownload.deepl.com#windows#0install#0install-win.xmlxml
MD5:094DC10DCCCFC9947656E5F7D0268D1D
SHA256:3C31D4475F9F71670AF42C48C421F355D1BEFEFA3090CDDF2FA3B1EB92391D6B
6808DeepLSetup.exeC:\Users\admin\AppData\Local\0install.net\implementations\0install-extract-um14lq0k.ekr\0store-service.exeexecutable
MD5:66EEFF49858B1B4508F307ABFC075D5A
SHA256:5E6A5FC58EAD10310E8EEF0B57307E1B098F6C2A2D46FEC8466C0581C57D54E2
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\injector\feeds\https%3a##appdownload.deepl.com#windows#0install#0install-win.xmlxml
MD5:094DC10DCCCFC9947656E5F7D0268D1D
SHA256:3C31D4475F9F71670AF42C48C421F355D1BEFEFA3090CDDF2FA3B1EB92391D6B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
88
TCP/UDP connections
159
DNS requests
160
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
US
binary
314 b
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
whitelisted
6088
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
US
binary
471 b
whitelisted
4224
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
DE
binary
418 b
whitelisted
5976
DeepL.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
binary
1.67 Kb
whitelisted
4224
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
DE
binary
408 b
whitelisted
5976
DeepL.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAc2N7ckVHzYR6z9KGYqXls%3D
US
binary
727 b
whitelisted
5976
DeepL.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
US
binary
471 b
whitelisted
5976
DeepL.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTjzY2p9Pa8oibmj%2BNSMWsz63kmWgQUuhbZbU2FL3MpdpovdYxqII%2BeyG8CEAuuZrxaun%2BVh8b56QTjMwQ%3D
US
binary
727 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
104.126.37.147:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.216.77.42:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
5488
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
816
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
www.bing.com
  • 104.126.37.147
  • 104.126.37.178
  • 104.126.37.130
  • 104.126.37.170
  • 104.126.37.186
  • 104.126.37.144
  • 104.126.37.155
  • 104.126.37.179
  • 104.126.37.153
  • 104.126.37.131
  • 104.126.37.137
  • 104.126.37.171
  • 104.126.37.123
  • 104.126.37.154
  • 2.23.209.189
  • 2.23.209.185
  • 2.23.209.176
  • 2.23.209.149
  • 2.23.209.193
  • 2.23.209.140
  • 2.23.209.133
  • 2.23.209.130
  • 2.23.209.177
whitelisted
crl.microsoft.com
  • 23.216.77.42
  • 23.216.77.36
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 216.58.206.46
whitelisted
login.live.com
  • 40.126.32.74
  • 40.126.32.133
  • 40.126.32.76
  • 40.126.32.72
  • 40.126.32.134
  • 20.190.160.14
  • 40.126.32.140
  • 40.126.32.136
whitelisted
appdownload.deepl.com
  • 172.64.151.134
  • 104.18.36.122
whitelisted
th.bing.com
  • 104.126.37.137
  • 104.126.37.178
  • 104.126.37.170
  • 104.126.37.162
  • 104.126.37.155
  • 104.126.37.171
  • 104.126.37.130
  • 104.126.37.186
  • 104.126.37.154
whitelisted
go.microsoft.com
  • 184.30.17.189
  • 184.28.89.167
whitelisted

Threats

No threats detected
Process
Message
DeepL.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 5976. Message ID: [0x2509].
DeepL.exe
[05:43:30 WRN] Exception during loading options: System.IO.DirectoryNotFoundException: Could not find a part of the path 'C:\Users\admin\AppData\Roaming\DeepL_SE\settings.json'. at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options) at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize) at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize) at System.IO.Strategies.FileStreamHelpers.ChooseStrategyCore(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize) at System.IO.Strategies.FileStreamHelpers.ChooseStrategy(FileStream fileStream, String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, Int64 preallocationSize) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at DeepL.Persistence.FileStreamProvider.GetStream(StreamModes modes) at DeepL.Persistence.RepositoryBase`1.LoadCore() at DeepL.Persistence.RepositoryBase`1.Load()
DeepL.exe
[05:43:30 INF] Read app configuration (LocalSettings): proxy.active = False
DeepL.exe
[05:43:30 INF] Loaded user settings: {"schema_version":2,"version":"24.11.2.14283","configuration":{"dialog":{"is_manual_first_start":false,"has_document_translation_onboarding_been_shown":false,"wants_to_show_onboarding":false,"wants_to_show_translation_history_opt_in":false,"has_onboarding_screen_been_shown_at_start":false,"has_desktop_survey_baloon_been_shown":false,"has_translation_history_privacy_hint_been_shown":false,"last_stay_logged_in":true,"visited_features_modal_page_identifiers":[],"has_image_translation_nudge_been_shown":false,"walled_state":1,"last_preferences_page_index":0,"has_assistant_nudge_been_shown":false,"text_translator_tab_promotion_banner_close_timestamp":"0001-01-01T00:00:00+00:00","write_tab_promotion_banner_close_timestamp":"0001-01-01T00:00:00+00:00","image_translator_tab_promotion_banner_close_timestamp":"0001-01-01T00:00:00+00:00","document_translation_tab_promotion_banner_close_timestamp":"0001-01-01T00:00:00+00:00","has_quick_translate_nudge_been_shown":false,"has_new_global_saved_translations_prompt_been_shown":false,"has_quick_write_nudge_been_shown":false},"window":{"last_window_state":0,"window_left":null,"window_top":null,"window_height":null,"window_width":null,"set_default_window_size":false},"app":{"updated_from_version":null,"updated_to_version":null,"install_voice_at_startup":null}},"UserPreferences":{"exit_from_menu_without_prompt":false,"custom_shortcut":{},"is_custom_shortcut_enabled":false,"is_shortcut_disabled":false,"screen_capture_shortcut":{},"is_screen_capture_enabled":false,"screen_capture_languages":["de","en"],"doc_trans_save_folder_strategy":0,"doc_trans_last_target_language":"","doc_trans_last_source_language":"","recently_used_doc_trans_target_languages":[],"recently_used_doc_trans_source_languages":[],"doc_trans_last_formality":3,"proxy_preferences":{"use_proxy":false},"user_ui_theme":1,"last_quick_translate_target_language":"","recently_used_quick_translate_target_languages":[],"use_quick_translate_on_shortcut":true,"use_app_on_shortcut":false,"image_translation_last_source_language":"","image_translation_last_target_language":"","image_translation_last_formality":3,"use_assistant":true,"general_preferences":{"behaviour_on_closing":0},"is_rewrite_text_enabled":true,"rewrite_text_shortcut":{},"last_used_quick_write_style":"","use_document_translation_web_view":true},"account_preferences":{},"web_view_configuration":{},"write_configuration":{},"doc_trans_configuration":{}}
DeepL.exe
[05:43:31 INF] No webproxy for http request handler in use
DeepL.exe
[05:43:31 INF] No webproxy for http request handler in use
DeepL.exe
[05:43:31 INF] Using GRPC address for AbExperimentationRpc: https://s.deepl.com/
DeepL.exe
[05:43:31 INF] Created new gRPC channel for 'https://s.deepl.com/'
DeepL.exe
[05:43:31 INF] New session "5232ecfa-f194-4934-991e-85e7669a65a5"
DeepL.exe
[05:43:31 INF] gRPC-Method: AsyncUnaryCall - /deepl.pb.analytics.experimentation.ExperimentationService/GetExperiments
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/windows/0install/DeepLSetup.exe