File name:

Setup.exe

Full analysis: https://app.any.run/tasks/1b94a25a-1632-40fc-93a4-c586da2d4eb7
Verdict: Malicious activity
Analysis date: June 17, 2024, 08:33:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

512D95966AC6E3A32190CC3150C0AB25

SHA1:

890624EEE5F51C91939E80370D87DB8D8A6D1C32

SHA256:

D961CC1DBDF3A9C22B9B790AFC8F58B952986C1361F3D2B34E0441903AC7BB4D

SSDEEP:

98304:Q+E8bCjumk44SJBy1ngCzCDkei07ssB4d55sWAc8NNzBn783FUhXoEFvidaVsaCZ:D2IPXAV9ZV36

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Setup.exe (PID: 1024)
      • pi.exe (PID: 1872)
      • irsetup.exe (PID: 864)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • irsetup.exe (PID: 864)
      • irsetup.exe (PID: 1756)

    • Reads the Internet Settings

      • irsetup.exe (PID: 864)
      • Setup.exe (PID: 1024)
      • pi.exe (PID: 1872)
      • irsetup.exe (PID: 1756)

    • Executable content was dropped or overwritten

      • pi.exe (PID: 1872)
      • irsetup.exe (PID: 864)
      • Setup.exe (PID: 1024)

    • Reads security settings of Internet Explorer

      • Setup.exe (PID: 1024)
      • irsetup.exe (PID: 864)
      • pi.exe (PID: 1872)

    • Reads settings of System Certificates

      • irsetup.exe (PID: 864)

    • Checks Windows Trust Settings

      • irsetup.exe (PID: 864)

    • Adds/modifies Windows certificates

      • irsetup.exe (PID: 864)

  • INFO

    • Create files in a temporary directory

      • Setup.exe (PID: 1024)
      • pi.exe (PID: 1872)
      • irsetup.exe (PID: 864)
      • irsetup.exe (PID: 1756)

    • Checks supported languages

      • Setup.exe (PID: 1024)
      • irsetup.exe (PID: 864)
      • pi.exe (PID: 1872)
      • irsetup.exe (PID: 1756)
      • wmpnscfg.exe (PID: 1080)

    • Reads the machine GUID from the registry

      • irsetup.exe (PID: 864)

    • Reads the computer name

      • Setup.exe (PID: 1024)
      • irsetup.exe (PID: 864)
      • pi.exe (PID: 1872)
      • irsetup.exe (PID: 1756)
      • wmpnscfg.exe (PID: 1080)

    • Checks proxy server information

      • irsetup.exe (PID: 864)

    • Reads the software policy settings

      • irsetup.exe (PID: 864)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1080)
      • msedge.exe (PID: 2336)

    • Creates files or folders in the user directory

      • irsetup.exe (PID: 864)

    • Application launched itself

      • msedge.exe (PID: 1792)
      • msedge.exe (PID: 2336)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.8)
.exe | Win32 EXE Yoda's Crypter (36.4)
.dll | Win32 Dynamic Link Library (generic) (9)
.exe | Win32 Executable (generic) (6.1)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:06:14 16:16:10+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 22528
InitializedDataSize: 57856
UninitializedDataSize: -
EntryPoint: 0x29e1
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 9.1.0.0
ProductVersionNumber: 9.1.0.0
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: Created with Setup Factory
FileDescription: Setup Application
FileVersion: 9.1.0.0
InternalName: suf_launch
LegalCopyright: Setup Engine Copyright © 2004-2012 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFileName: suf_launch.exe
ProductName: Setup Factory Runtime
ProductVersion: 9.1.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
65
Monitored processes
28
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start setup.exe irsetup.exe pi.exe irsetup.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
864"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1751922 "__IRAFN:C:\Users\admin\AppData\Local\Temp\Setup.exe" "__IRCT:2" "__IRTSS:0" "__IRSID:S-1-5-21-1302019708-1500728564-335382590-1000"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Setup.exe
User:
admin
Company:
Indigo Rose Corporation
Integrity Level:
HIGH
Description:
Setup Application
Exit code:
3221225620
Version:
9.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\irsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
1024"C:\Users\admin\AppData\Local\Temp\Setup.exe" C:\Users\admin\AppData\Local\Temp\Setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup Application
Exit code:
3221225620
Version:
9.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1080"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1248"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3840 --field-trial-handle=1284,i,8425948425799907663,3883993161240186834,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1344"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1228 --field-trial-handle=1284,i,8425948425799907663,3883993161240186834,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1676"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1276 --field-trial-handle=1240,i,3206387584188339338,3266576187523718640,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1756"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" __IRAOFF:1742194 "__IRAFN:C:\Users\admin\AppData\Local\Temp\pi.exe" "__IRCT:3" "__IRTSS:0" "__IRSID:S-1-5-21-1302019708-1500728564-335382590-1000"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exepi.exe
User:
admin
Company:
Indigo Rose Corporation
Integrity Level:
HIGH
Description:
Setup Application
Version:
9.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\_ir_sf_temp_1\irsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
1792"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument http://accessrequest.online/C:\Program Files\Microsoft\Edge\Application\msedge.exeirsetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1820"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1380 --field-trial-handle=1240,i,3206387584188339338,3266576187523718640,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1824"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6e61f598,0x6e61f5a8,0x6e61f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
14 416
Read events
14 294
Write events
104
Delete events
18

Modification events

(PID) Process:(1024) Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1024) Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1024) Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1024) Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(864) irsetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(864) irsetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(864) irsetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(864) irsetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(864) irsetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(864) irsetup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
5
Suspicious files
50
Text files
33
Unknown types
0

Dropped files

PID
Process
Filename
Type
1024Setup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dllexecutable
MD5:B5FC476C1BF08D5161346CC7DD4CB0BA
SHA256:12CB9B8F59C00EF40EA8F28BFC59A29F12DC28332BF44B1A5D8D6A8823365650
1024Setup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exeexecutable
MD5:DEC931E86140139380EA0DF57CD132B6
SHA256:5FFD4B20DCCFB84C8890ABDB780184A7651E760AEFBA4AB0C6FBA5B2A81F97D9
1756irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG1.JPGimage
MD5:8E769DBE0E7CF528E30A245ABB4DEFBC
SHA256:4ABBA5414055F45D541F2D4A7D8450091C39CE4990ED0D32FB67A0625102800C
1756irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.datbinary
MD5:5DEE2720655DECD7D8B898689E75181D
SHA256:A05B111FBB4248E4E2AA4911C54D9EE8EB3208FF403E11D62BC9249FC2FDA643
864irsetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:3A4752EC27DF423D5FE69D48A35BA162
SHA256:11A4A78BC1CD2937AFBC22CA8E417379DCEB31F4A9ED6BAA6C35A9AEB93FC22A
864irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.JPGimage
MD5:3220A6AEFB4FC719CC8849F060859169
SHA256:988CF422CBF400D41C48FBE491B425A827A1B70691F483679C1DF02FB9352765
864irsetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:4F8B3E9D4A6213B2D1AAC6D957339E20
SHA256:775EC0BF8FFBF039CF43F3B48671A8AE69F21F38A3A1B4EA8BE69C929263D245
864irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.datbinary
MD5:09575CDB293D9317906DD27CB6FAEB6F
SHA256:4E108DB2658A4C2A7111EA3D4575A2FCC4FFB32B17AC82098173AE91CEE8B486
1756irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG2.JPGimage
MD5:6A89ADC2BE43E619AAD8EB7F74B778BD
SHA256:9862FC5877F5C15DF854035285DF151C66E17C076B04A05D93B00BBF0D247A3C
864irsetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:F440118C755D510B508A1B5D114884DC
SHA256:5669B19B59DA541C237228EFE9356B3B790AC0A0BD6288F0BB097599036B9C7F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
23
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
864
irsetup.exe
GET
304
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?19e8781d1f039093
unknown
unknown
864
irsetup.exe
GET
200
142.250.184.195:80
http://c.pki.goog/r/gsr1.crl
unknown
unknown
864
irsetup.exe
GET
200
142.250.184.195:80
http://c.pki.goog/r/r4.crl
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
864
irsetup.exe
172.67.19.24:443
pastebin.com
CLOUDFLARENET
US
unknown
864
irsetup.exe
23.50.131.200:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
864
irsetup.exe
142.250.184.195:80
c.pki.goog
GOOGLE
US
whitelisted
2336
msedge.exe
239.255.255.250:1900
unknown
1888
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1888
msedge.exe
49.13.77.253:80
accessrequest.online
Hetzner Online GmbH
DE
unknown
1888
msedge.exe
13.107.22.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
pastebin.com
  • 172.67.19.24
  • 104.20.3.235
  • 104.20.4.235
shared
ctldl.windowsupdate.com
  • 23.50.131.200
  • 23.50.131.196
whitelisted
c.pki.goog
  • 142.250.184.195
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
accessrequest.online
  • 49.13.77.253
unknown
edge.microsoft.com
  • 13.107.22.239
  • 131.253.33.239
whitelisted
www.bing.com
  • 184.86.251.13
  • 184.86.251.7
  • 184.86.251.14
  • 184.86.251.30
  • 184.86.251.29
  • 184.86.251.8
  • 184.86.251.9
  • 184.86.251.5
  • 184.86.251.31
whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 152.199.21.175
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup.exe