download:

/windows/0install/DeepLSetup.exe

Full analysis: https://app.any.run/tasks/490ca1c0-a3ee-4ed7-910f-12f986ed2d02
Verdict: Malicious activity
Analysis date: November 16, 2024, 05:41:47
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

02A9A9A951A9122BB303E3D20A4132A4

SHA1:

9B5A7E0889F1AFFBB2478630A7CF158E1F426A53

SHA256:

C915FB81B980D874B62DF5D842F0C460C3D0B8A4B6F70CA827875D75FBAE6DA9

SSDEEP:

98304:CyU8099+Hwwp+S1RPIuRfkUujTq7LBKj/:M9+HwvkP0jZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Create files in the Startup directory

      • 0install-win.exe (PID: 300)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 5612)

    • Process drops legitimate windows executable

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 5612)

    • Executable content was dropped or overwritten

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Starts itself from another location

      • 0install-win.exe (PID: 2076)

    • Searches for installed software

      • 0install-win.exe (PID: 300)

    • Creates a software uninstall entry

      • 0install-win.exe (PID: 300)

    • Reads Internet Explorer settings

      • 0install-win.exe (PID: 5612)

    • The process drops C-runtime libraries

      • 0install-win.exe (PID: 5612)

    • Detected use of alternative data streams (AltDS)

      • 0install-win.exe (PID: 5612)

    • There is functionality for taking screenshot (YARA)

      • DeepL.exe (PID: 5976)

  • INFO

    • Checks supported languages

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Checks proxy server information

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Disables trace logs

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Creates files or folders in the user directory

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Reads the machine GUID from the registry

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Reads the computer name

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Reads Environment values

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Create files in a temporary directory

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 2076)

    • Process checks whether UAC notifications are on

      • DeepLSetup.exe (PID: 6808)

    • Reads the software policy settings

      • DeepLSetup.exe (PID: 6808)
      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 5612)

    • Creates files in the program directory

      • 0install-win.exe (PID: 300)
      • 0install-win.exe (PID: 2076)
      • 0install-win.exe (PID: 5612)

    • Application launched itself

      • msedge.exe (PID: 6256)

    • Sends debugging messages

      • DeepL.exe (PID: 5976)
      • CefSharp.BrowserSubprocess.exe (PID: 6440)
      • CefSharp.BrowserSubprocess.exe (PID: 6456)
      • CefSharp.BrowserSubprocess.exe (PID: 3580)
      • CefSharp.BrowserSubprocess.exe (PID: 2000)
      • CefSharp.BrowserSubprocess.exe (PID: 4308)
      • CefSharp.BrowserSubprocess.exe (PID: 7460)
      • CefSharp.BrowserSubprocess.exe (PID: 8416)
      • CefSharp.BrowserSubprocess.exe (PID: 7584)
      • CefSharp.BrowserSubprocess.exe (PID: 8136)
      • CefSharp.BrowserSubprocess.exe (PID: 8152)
      • CefSharp.BrowserSubprocess.exe (PID: 8020)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4004)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2092:06:12 00:25:29+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 4307968
InitializedDataSize: 113152
UninitializedDataSize: -
EntryPoint: 0x41dbce
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.25.10.0
ProductVersionNumber: 2.25.10.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Downloads and runs Zero Install optionally showing a GUI.
CompanyName: zero-install
FileDescription: zero-install
FileVersion: 2.25.10.0
InternalName: zero-install.exe
LegalCopyright:
OriginalFileName: zero-install.exe
ProductName: Zero Install
ProductVersion: 2.25.10+dc9e71b7feda494f49256313ad5af690384d9d4d
AssemblyVersion: 2.25.10.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
200
Monitored processes
66
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start deeplsetup.exe 0install-win.exe 0install-win.exe 0install-win.exe deepl.exe 0install.exe no specs conhost.exe no specs cefsharp.browsersubprocess.exe cefsharp.browsersubprocess.exe cefsharp.browsersubprocess.exe 0install.exe no specs conhost.exe no specs 0install.exe no specs conhost.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs cefsharp.browsersubprocess.exe cefsharp.browsersubprocess.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cefsharp.browsersubprocess.exe cefsharp.browsersubprocess.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs cefsharp.browsersubprocess.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cefsharp.browsersubprocess.exe msedge.exe no specs cefsharp.browsersubprocess.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs cefsharp.browsersubprocess.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
300"C:\Users\admin\AppData\Roaming\Programs\Zero Install\0install-win.exe" --deployed integrate https://appdownload.deepl.com/windows/0install/deepl.xml --no-download --add-all --backgroundC:\Users\admin\AppData\Roaming\Programs\Zero Install\0install-win.exe
0install-win.exe
User:
admin
Company:
0install-win
Integrity Level:
MEDIUM
Description:
0install-win
Exit code:
0
Version:
2.25.11.0
Modules
Images
c:\users\admin\appdata\roaming\programs\zero install\0install-win.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
696\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exe0install.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
1248"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2256 --field-trial-handle=2188,i,14105407399004792426,16971210312955677949,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
1344"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7356 --field-trial-handle=2188,i,14105407399004792426,16971210312955677949,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1432"C:\Users\admin\AppData\Roaming\Programs\Zero Install\0install.exe" list-apps --batch --xml https://appdownload.deepl.com/windows/0install/deepl.xmlC:\Users\admin\AppData\Roaming\Programs\Zero Install\0install.exeDeepL.exe
User:
admin
Company:
Bastian Eicher
Integrity Level:
MEDIUM
Description:
0install
Exit code:
0
Version:
2.25.11.0
1552"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=2188,i,14105407399004792426,16971210312955677949,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
2000"C:\Users\admin\AppData\Local\0install.net\implementations\sha256new_NX54BP3MSRHNDMB5N5YOFJZWO5QE5I5W7JTPGB4XC7MEJNSXCC3A\.\CefSharp.BrowserSubprocess.exe" --type=renderer --user-agent="DeepL/24.11.2.14283 (Microsoft Windows NT 10.0.19045.0; x64)" --enable-chrome-runtime --user-data-dir="C:\Users\admin\AppData\Local\DeepL_SE\cache" --uncaught-exception-stack-size=10 --cefsharpexitsub --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=8120,i,12801241288322762277,15032818624834365,262144 --variations-seed-version --enable-logging=handle --log-file=8116 --mojo-platform-channel-handle=7972 --host-process-id=5976 /prefetch:1C:\Users\admin\AppData\Local\0install.net\implementations\sha256new_NX54BP3MSRHNDMB5N5YOFJZWO5QE5I5W7JTPGB4XC7MEJNSXCC3A\CefSharp.BrowserSubprocess.exe
DeepL.exe
User:
admin
Company:
The CefSharp Authors
Integrity Level:
MEDIUM
Description:
CefSharp.BrowserSubprocess
Exit code:
0
Version:
127.3.50.0
2076"C:\Users\admin\AppData\Local\0install.net\implementations\sha256new_LJSMAY6P6KOIG5DIGRK3GSLPP3BYX2N5G7PA5EAJM4GY6EXVUKQA\0install-win.exe" integrate https://appdownload.deepl.com/windows/0install/deepl.xml --no-download --add-all --backgroundC:\Users\admin\AppData\Local\0install.net\implementations\sha256new_LJSMAY6P6KOIG5DIGRK3GSLPP3BYX2N5G7PA5EAJM4GY6EXVUKQA\0install-win.exe
DeepLSetup.exe
User:
admin
Company:
0install-win
Integrity Level:
MEDIUM
Description:
0install-win
Exit code:
0
Version:
2.25.11.0
Modules
Images
c:\users\admin\appdata\local\0install.net\implementations\sha256new_ljsmay6p6koig5digrk3gslpp3byx2n5g7pa5eajm4gy6exvukqa\0install-win.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3580"C:\Users\admin\AppData\Local\0install.net\implementations\sha256new_NX54BP3MSRHNDMB5N5YOFJZWO5QE5I5W7JTPGB4XC7MEJNSXCC3A\.\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-agent="DeepL/24.11.2.14283 (Microsoft Windows NT 10.0.19045.0; x64)" --enable-chrome-runtime --user-data-dir="C:\Users\admin\AppData\Local\DeepL_SE\cache" --cefsharpexitsub --field-trial-handle=5380,i,12801241288322762277,15032818624834365,262144 --variations-seed-version --enable-logging=handle --log-file=5400 --mojo-platform-channel-handle=5396 /prefetch:8 --host-process-id=5976C:\Users\admin\AppData\Local\0install.net\implementations\sha256new_NX54BP3MSRHNDMB5N5YOFJZWO5QE5I5W7JTPGB4XC7MEJNSXCC3A\CefSharp.BrowserSubprocess.exe
DeepL.exe
User:
admin
Company:
The CefSharp Authors
Integrity Level:
MEDIUM
Description:
CefSharp.BrowserSubprocess
Version:
127.3.50.0
3924"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4896 --field-trial-handle=2188,i,14105407399004792426,16971210312955677949,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Total events
16 411
Read events
16 289
Write events
112
Delete events
10

Modification events

(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6808) DeepLSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DeepLSetup_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
1 694
Suspicious files
706
Text files
232
Unknown types
41

Dropped files

PID
Process
Filename
Type
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\injector\implementation-dirs
MD5:
SHA256:
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\temp.0q2qtzqh.zlz.catalog-sourcestext
MD5:085F4C9F480A808BE427574573138250
SHA256:8A770C09F2E020A1056C204DD66E16B180878EF17DF94A1694E57AF535A19240
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\injector\globaltext
MD5:C21FB6102DF78A20A75B5F0B9F8544D2
SHA256:A5A650E2E7FE8EC0B6E5F57FE03F96491016580A268D91303A3906B060057B4D
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\injector\temp.ax3it4ax.ffc.trustdb.xmlxml
MD5:96B45CB4BC25586320AA84E9C3EFE5A1
SHA256:E3FA8145F6108A9D43BABBB421105909A2647538290AB900FDA0DCA34D617193
6808DeepLSetup.exeC:\Users\admin\AppData\Local\0install.net\implementations\5vqqdmrn.5scbinary
MD5:0CC175B9C0F1B6A831C399E269772661
SHA256:
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\injector\feeds\temp.xyiuv0te.zpx.https%3a##appdownload.deepl.com#windows#0install#0install-win.xmlxml
MD5:094DC10DCCCFC9947656E5F7D0268D1D
SHA256:3C31D4475F9F71670AF42C48C421F355D1BEFEFA3090CDDF2FA3B1EB92391D6B
6808DeepLSetup.exeC:\Users\admin\AppData\Roaming\0install.net\injector\trustdb.xmlxml
MD5:96B45CB4BC25586320AA84E9C3EFE5A1
SHA256:E3FA8145F6108A9D43BABBB421105909A2647538290AB900FDA0DCA34D617193
6808DeepLSetup.exeC:\Users\admin\AppData\Local\0install.net\implementations\0install-extract-um14lq0k.ekr\0store-service.exeexecutable
MD5:66EEFF49858B1B4508F307ABFC075D5A
SHA256:5E6A5FC58EAD10310E8EEF0B57307E1B098F6C2A2D46FEC8466C0581C57D54E2
6808DeepLSetup.exeC:\Users\admin\AppData\Local\0install.net\temp.cetxyrvz.qs3.pubring.gpgbinary
MD5:7026ECF7EC95BD247FF60161046EFFF0
SHA256:806EE394D2831E991707792CE5E53B0795E5993F07CD6D732CFEB7A496CE220E
6808DeepLSetup.exeC:\Users\admin\AppData\Local\0install.net\implementations\0install-extract-um14lq0k.ekr\System.Threading.Tasks.Extensions.dllexecutable
MD5:E1E9D7D46E5CD9525C5927DC98D9ECC7
SHA256:4F81FFD0DC7204DB75AFC35EA4291769B07C440592F28894260EEA76626A23C6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
88
TCP/UDP connections
159
DNS requests
160
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
23.216.77.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5976
DeepL.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAc2N7ckVHzYR6z9KGYqXls%3D
unknown
whitelisted
5976
DeepL.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDFois1hItl2R2J%2FivQ%3D%3D
unknown
whitelisted
9000
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ayim2tsbmisph4ffqg42t33qem_2024.11.13.0/niikhdgajlphfehepabhhblakbdgeefj_2024.11.13.00_all_admrs2maglxk27cggfv2sj6uqkrq.crx3
unknown
whitelisted
9000
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ayim2tsbmisph4ffqg42t33qem_2024.11.13.0/niikhdgajlphfehepabhhblakbdgeefj_2024.11.13.00_all_admrs2maglxk27cggfv2sj6uqkrq.crx3
unknown
whitelisted
9000
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ayim2tsbmisph4ffqg42t33qem_2024.11.13.0/niikhdgajlphfehepabhhblakbdgeefj_2024.11.13.00_all_admrs2maglxk27cggfv2sj6uqkrq.crx3
unknown
whitelisted
5976
DeepL.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTjzY2p9Pa8oibmj%2BNSMWsz63kmWgQUuhbZbU2FL3MpdpovdYxqII%2BeyG8CEAuuZrxaun%2BVh8b56QTjMwQ%3D
unknown
whitelisted
9000
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ayim2tsbmisph4ffqg42t33qem_2024.11.13.0/niikhdgajlphfehepabhhblakbdgeefj_2024.11.13.00_all_admrs2maglxk27cggfv2sj6uqkrq.crx3
unknown
whitelisted
9000
svchost.exe
GET
206
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1731863942&P2=404&P3=2&P4=K4FuFLZCWk%2fu%2bLSmBffXIqO016rqCFxyasVur9Uah3ulKU9nWMK7NYDRxBJePJiUp4VN5jLkQpvq7l1cB38s%2bw%3d%3d
unknown
whitelisted
9000
svchost.exe
GET
206
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1731863942&P2=404&P3=2&P4=K4FuFLZCWk%2fu%2bLSmBffXIqO016rqCFxyasVur9Uah3ulKU9nWMK7NYDRxBJePJiUp4VN5jLkQpvq7l1cB38s%2bw%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
104.126.37.147:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.216.77.42:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
5488
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
816
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
www.bing.com
  • 104.126.37.147
  • 104.126.37.178
  • 104.126.37.130
  • 104.126.37.170
  • 104.126.37.186
  • 104.126.37.144
  • 104.126.37.155
  • 104.126.37.179
  • 104.126.37.153
  • 104.126.37.131
  • 104.126.37.137
  • 104.126.37.171
  • 104.126.37.123
  • 104.126.37.154
  • 2.23.209.189
  • 2.23.209.185
  • 2.23.209.176
  • 2.23.209.149
  • 2.23.209.193
  • 2.23.209.140
  • 2.23.209.133
  • 2.23.209.130
  • 2.23.209.177
whitelisted
crl.microsoft.com
  • 23.216.77.42
  • 23.216.77.36
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 216.58.206.46
whitelisted
login.live.com
  • 40.126.32.74
  • 40.126.32.133
  • 40.126.32.76
  • 40.126.32.72
  • 40.126.32.134
  • 20.190.160.14
  • 40.126.32.140
  • 40.126.32.136
whitelisted
appdownload.deepl.com
  • 172.64.151.134
  • 104.18.36.122
whitelisted
th.bing.com
  • 104.126.37.137
  • 104.126.37.178
  • 104.126.37.170
  • 104.126.37.162
  • 104.126.37.155
  • 104.126.37.171
  • 104.126.37.130
  • 104.126.37.186
  • 104.126.37.154
whitelisted
go.microsoft.com
  • 184.30.17.189
  • 184.28.89.167
whitelisted

Threats

No threats detected
Process
Message
DeepL.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 5976. Message ID: [0x2509].
DeepL.exe
[05:43:30 WRN] Exception during loading options: System.IO.DirectoryNotFoundException: Could not find a part of the path 'C:\Users\admin\AppData\Roaming\DeepL_SE\settings.json'. at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options) at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize) at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize) at System.IO.Strategies.FileStreamHelpers.ChooseStrategyCore(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize) at System.IO.Strategies.FileStreamHelpers.ChooseStrategy(FileStream fileStream, String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, Int64 preallocationSize) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) at DeepL.Persistence.FileStreamProvider.GetStream(StreamModes modes) at DeepL.Persistence.RepositoryBase`1.LoadCore() at DeepL.Persistence.RepositoryBase`1.Load()
DeepL.exe
[05:43:30 INF] Read app configuration (LocalSettings): proxy.active = False
DeepL.exe
[05:43:30 INF] Loaded user settings: {"schema_version":2,"version":"24.11.2.14283","configuration":{"dialog":{"is_manual_first_start":false,"has_document_translation_onboarding_been_shown":false,"wants_to_show_onboarding":false,"wants_to_show_translation_history_opt_in":false,"has_onboarding_screen_been_shown_at_start":false,"has_desktop_survey_baloon_been_shown":false,"has_translation_history_privacy_hint_been_shown":false,"last_stay_logged_in":true,"visited_features_modal_page_identifiers":[],"has_image_translation_nudge_been_shown":false,"walled_state":1,"last_preferences_page_index":0,"has_assistant_nudge_been_shown":false,"text_translator_tab_promotion_banner_close_timestamp":"0001-01-01T00:00:00+00:00","write_tab_promotion_banner_close_timestamp":"0001-01-01T00:00:00+00:00","image_translator_tab_promotion_banner_close_timestamp":"0001-01-01T00:00:00+00:00","document_translation_tab_promotion_banner_close_timestamp":"0001-01-01T00:00:00+00:00","has_quick_translate_nudge_been_shown":false,"has_new_global_saved_translations_prompt_been_shown":false,"has_quick_write_nudge_been_shown":false},"window":{"last_window_state":0,"window_left":null,"window_top":null,"window_height":null,"window_width":null,"set_default_window_size":false},"app":{"updated_from_version":null,"updated_to_version":null,"install_voice_at_startup":null}},"UserPreferences":{"exit_from_menu_without_prompt":false,"custom_shortcut":{},"is_custom_shortcut_enabled":false,"is_shortcut_disabled":false,"screen_capture_shortcut":{},"is_screen_capture_enabled":false,"screen_capture_languages":["de","en"],"doc_trans_save_folder_strategy":0,"doc_trans_last_target_language":"","doc_trans_last_source_language":"","recently_used_doc_trans_target_languages":[],"recently_used_doc_trans_source_languages":[],"doc_trans_last_formality":3,"proxy_preferences":{"use_proxy":false},"user_ui_theme":1,"last_quick_translate_target_language":"","recently_used_quick_translate_target_languages":[],"use_quick_translate_on_shortcut":true,"use_app_on_shortcut":false,"image_translation_last_source_language":"","image_translation_last_target_language":"","image_translation_last_formality":3,"use_assistant":true,"general_preferences":{"behaviour_on_closing":0},"is_rewrite_text_enabled":true,"rewrite_text_shortcut":{},"last_used_quick_write_style":"","use_document_translation_web_view":true},"account_preferences":{},"web_view_configuration":{},"write_configuration":{},"doc_trans_configuration":{}}
DeepL.exe
[05:43:31 INF] No webproxy for http request handler in use
DeepL.exe
[05:43:31 INF] No webproxy for http request handler in use
DeepL.exe
[05:43:31 INF] Using GRPC address for AbExperimentationRpc: https://s.deepl.com/
DeepL.exe
[05:43:31 INF] Created new gRPC channel for 'https://s.deepl.com/'
DeepL.exe
[05:43:31 INF] New session "5232ecfa-f194-4934-991e-85e7669a65a5"
DeepL.exe
[05:43:31 INF] gRPC-Method: AsyncUnaryCall - /deepl.pb.analytics.experimentation.ExperimentationService/GetExperiments
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/windows/0install/DeepLSetup.exe