download:

/installer/9979413715838047/03782294

Full analysis: https://app.any.run/tasks/2180a658-32b0-4be9-a552-23492a132b69
Verdict: Malicious activity
Analysis date: August 03, 2024, 19:46:22
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
installer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

609FEA742D34DC1D53F0EEB4873B1A0A

SHA1:

3232C52DA3CB8F47A870162A35CDD75FCAE60AEA

SHA256:

E2E15826B69778E381F25AC8F2B109A377B23F7CF79B5F482E81F4D28C30F95E

SSDEEP:

98304:wSiW4opH4opH4op4U9tNz9RGa/xlbLP/h4:ZDBDBD1t3Hbb+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • 03782294.exe (PID: 6476)
      • 03782294.exe (PID: 6568)
      • 03782294.tmp (PID: 6592)
      • CheatEngine75.exe (PID: 6316)
      • CheatEngine75.tmp (PID: 3180)

    • Starts NET.EXE for service management

      • net.exe (PID: 5880)
      • CheatEngine75.tmp (PID: 3180)
      • net.exe (PID: 6384)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 03782294.exe (PID: 6476)
      • 03782294.exe (PID: 6568)
      • 03782294.tmp (PID: 6592)
      • CheatEngine75.exe (PID: 6316)
      • CheatEngine75.tmp (PID: 3180)

    • Reads security settings of Internet Explorer

      • 03782294.tmp (PID: 6496)
      • Cheat Engine.exe (PID: 3476)
      • cheatengine-x86_64-SSE4-AVX2.exe (PID: 964)

    • Reads the date of Windows installation

      • 03782294.tmp (PID: 6496)
      • Cheat Engine.exe (PID: 3476)

    • Reads the Windows owner or organization settings

      • 03782294.tmp (PID: 6592)
      • CheatEngine75.tmp (PID: 3180)

    • Starts SC.EXE for service management

      • CheatEngine75.tmp (PID: 3180)

    • Uses ICACLS.EXE to modify access control lists

      • CheatEngine75.tmp (PID: 3180)

    • Process drops SQLite DLL files

      • CheatEngine75.tmp (PID: 3180)

    • Detected use of alternative data streams (AltDS)

      • cheatengine-x86_64-SSE4-AVX2.exe (PID: 964)

    • Checks Windows Trust Settings

      • cheatengine-x86_64-SSE4-AVX2.exe (PID: 964)

    • Process drops legitimate windows executable

      • CheatEngine75.tmp (PID: 3180)

  • INFO

    • Reads the computer name

      • 03782294.tmp (PID: 6496)
      • 03782294.tmp (PID: 6592)
      • CheatEngine75.tmp (PID: 3180)
      • Kernelmoduleunloader.exe (PID: 6988)
      • Cheat Engine.exe (PID: 3476)
      • cheatengine-x86_64-SSE4-AVX2.exe (PID: 964)

    • Checks supported languages

      • 03782294.exe (PID: 6476)
      • 03782294.tmp (PID: 6496)
      • 03782294.exe (PID: 6568)
      • 03782294.tmp (PID: 6592)
      • CheatEngine75.exe (PID: 6316)
      • CheatEngine75.tmp (PID: 3180)
      • _setup64.tmp (PID: 5372)
      • windowsrepair.exe (PID: 6224)
      • Cheat Engine.exe (PID: 3476)
      • cheatengine-x86_64-SSE4-AVX2.exe (PID: 964)
      • Kernelmoduleunloader.exe (PID: 6988)

    • Process checks computer location settings

      • 03782294.tmp (PID: 6496)
      • Cheat Engine.exe (PID: 3476)

    • Create files in a temporary directory

      • 03782294.exe (PID: 6568)
      • 03782294.exe (PID: 6476)
      • 03782294.tmp (PID: 6592)
      • CheatEngine75.exe (PID: 6316)
      • CheatEngine75.tmp (PID: 3180)
      • cheatengine-x86_64-SSE4-AVX2.exe (PID: 964)

    • Reads the software policy settings

      • 03782294.tmp (PID: 6592)
      • cheatengine-x86_64-SSE4-AVX2.exe (PID: 964)

    • Checks proxy server information

      • 03782294.tmp (PID: 6592)
      • cheatengine-x86_64-SSE4-AVX2.exe (PID: 964)

    • Creates files in the program directory

      • CheatEngine75.tmp (PID: 3180)
      • cheatengine-x86_64-SSE4-AVX2.exe (PID: 964)

    • Reads the machine GUID from the registry

      • 03782294.tmp (PID: 6592)
      • cheatengine-x86_64-SSE4-AVX2.exe (PID: 964)

    • Creates a software uninstall entry

      • CheatEngine75.tmp (PID: 3180)

    • Creates files or folders in the user directory

      • cheatengine-x86_64-SSE4-AVX2.exe (PID: 964)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (51.8)
.exe | InstallShield setup (20.3)
.exe | Win32 EXE PECompact compressed (generic) (19.6)
.dll | Win32 Dynamic Link Library (generic) (3.1)
.exe | Win32 Executable (generic) (2.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:11:15 09:48:30+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741376
InitializedDataSize: 38400
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 7.5.0.0
ProductVersionNumber: 7.5.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: EngineGame Installer
FileVersion: 7.5.0
LegalCopyright: © EngineGame
OriginalFileName:
ProductName: EngineGame
ProductVersion: 7.5.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
159
Monitored processes
26
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 03782294.exe 03782294.tmp no specs 03782294.exe 03782294.tmp cheatengine75.exe cheatengine75.tmp net.exe no specs conhost.exe no specs net1.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs _setup64.tmp no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs kernelmoduleunloader.exe windowsrepair.exe no specs icacls.exe no specs conhost.exe no specs cheat engine.exe no specs cheatengine-x86_64-sse4-avx2.exe

Process information

PID
CMD
Path
Indicators
Parent process
904\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
964"sc" delete BadlionAnticheatC:\Windows\System32\sc.exeCheatEngine75.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
964"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe" C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
Cheat Engine.exe
User:
admin
Company:
Cheat Engine
Integrity Level:
HIGH
Description:
Cheat Engine
Version:
7.5.0.7431
Modules
Images
c:\program files\cheat engine 7.5\cheatengine-x86_64-sse4-avx2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2360"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)C:\Windows\System32\icacls.exeCheatEngine75.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2728"sc" delete BadlionAnticC:\Windows\System32\sc.exeCheatEngine75.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
2876\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeicacls.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3180"C:\Users\admin\AppData\Local\Temp\is-U0J5P.tmp\CheatEngine75.tmp" /SL5="$502C4,26511452,832512,C:\Users\admin\AppData\Local\Temp\is-I24B1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDISTC:\Users\admin\AppData\Local\Temp\is-U0J5P.tmp\CheatEngine75.tmp
CheatEngine75.exe
User:
admin
Company:
Cheat Engine
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-u0j5p.tmp\cheatengine75.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
3476"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe03782294.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
6.3.0.0
Modules
Images
c:\program files\cheat engine 7.5\cheat engine.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
3568C:\WINDOWS\system32\net1 stop BadlionAnticC:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
3812\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeicacls.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
8 600
Read events
8 538
Write events
52
Delete events
10

Modification events

(PID) Process:(6592) 03782294.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
C0190000B78B39D6DDE5DA01
(PID) Process:(6592) 03782294.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
FE985BD6D5F8C0E53AB6543F235C0C6C22D7C1695EC46083D11294C700178354
(PID) Process:(6592) 03782294.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3180) CheatEngine75.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:Owner
Value:
6C0C0000DDEFD8E4DDE5DA01
(PID) Process:(3180) CheatEngine75.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:SessionHash
Value:
5EFB6512E38EFB3EE767EB414525A1A1C10FB73021D119036EEF317DD995B38F
(PID) Process:(3180) CheatEngine75.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:Sequence
Value:
1
(PID) Process:(3180) CheatEngine75.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:RegFiles0000
Value:
C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
(PID) Process:(3180) CheatEngine75.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:RegFilesHash
Value:
902F6979C64987E69E272E7D799580160829E3CE83B995C43382A506744FC142
(PID) Process:(3180) CheatEngine75.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cheat Engine_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.1
(PID) Process:(3180) CheatEngine75.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cheat Engine_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Cheat Engine 7.5
Executable files
126
Suspicious files
56
Text files
420
Unknown types
7

Dropped files

PID
Process
Filename
Type
659203782294.tmpC:\Users\admin\AppData\Local\Temp\is-I24B1.tmp\botva2.dllexecutable
MD5:67965A5957A61867D661F05AE1F4773E
SHA256:450B9B0BA25BF068AFBC2B23D252585A19E282939BF38326384EA9112DFD0105
659203782294.tmpC:\Users\admin\AppData\Local\Temp\is-I24B1.tmp\logo.pngimage
MD5:6B7CB2A5A8B301C788C3792802696FE8
SHA256:3EED2E41BC6CA0AE9A5D5EE6D57CA727E5CBA6AC8E8C5234AC661F9080CEDADF
659203782294.tmpC:\Users\admin\AppData\Local\Temp\is-I24B1.tmp\is-J6M09.tmpexecutable
MD5:E0F666FE4FF537FB8587CCD215E41E5F
SHA256:F88B0E5A32A395AB9996452D461820679E55C19952EFFE991DEE8FEDEA1968AF
3180CheatEngine75.tmpC:\Program Files\Cheat Engine 7.5\Cheat Engine.exeexecutable
MD5:F921416197C2AE407D53BA5712C3930A
SHA256:E31B233DDF070798CC0381CC6285F6F79EA0C17B99737F7547618DCFD36CDC0E
659203782294.tmpC:\Users\admin\AppData\Local\Temp\is-I24B1.tmp\error.pngimage
MD5:6B7CB2A5A8B301C788C3792802696FE8
SHA256:3EED2E41BC6CA0AE9A5D5EE6D57CA727E5CBA6AC8E8C5234AC661F9080CEDADF
659203782294.tmpC:\Users\admin\AppData\Local\Temp\is-I24B1.tmp\finish.pngimage
MD5:6B7CB2A5A8B301C788C3792802696FE8
SHA256:3EED2E41BC6CA0AE9A5D5EE6D57CA727E5CBA6AC8E8C5234AC661F9080CEDADF
659203782294.tmpC:\Users\admin\AppData\Local\Temp\is-I24B1.tmp\CheatEngine75.exeexecutable
MD5:E0F666FE4FF537FB8587CCD215E41E5F
SHA256:F88B0E5A32A395AB9996452D461820679E55C19952EFFE991DEE8FEDEA1968AF
6316CheatEngine75.exeC:\Users\admin\AppData\Local\Temp\is-U0J5P.tmp\CheatEngine75.tmpexecutable
MD5:9AA2ACD4C96F8BA03BB6C3EA806D806F
SHA256:1B81562FDAEAA1BC22CBAA15C92BAB90A12080519916CFA30C843796021153BB
647603782294.exeC:\Users\admin\AppData\Local\Temp\is-A4AS1.tmp\03782294.tmpexecutable
MD5:1CDBF6DA4DEFE32C9CB5908968A02FAB
SHA256:87C1BB2236A874C97369B2CCA0D55559FA917707CEBDDF7A5EABC691F8302487
5504icacls.exeC:\Program Files\Cheat Engine 7.5\is-IOCMI.tmpgmc
MD5:2BAF742D40B474017C584BACFA311EE4
SHA256:D2214598EF4A0CFC3497AE92B68F52302EFB3B03AF43F834CD66FC5FD6304EAD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
37
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4168
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6984
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6924
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
964
cheatengine-x86_64-SSE4-AVX2.exe
GET
200
216.58.206.35:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
964
cheatengine-x86_64-SSE4-AVX2.exe
GET
200
216.58.206.35:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
3140
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1884
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6592
03782294.tmp
18.66.137.114:443
d2oq4dwfbh6gxl.cloudfront.net
AMAZON-02
US
unknown
4
System
192.168.100.255:137
whitelisted
5336
SearchApp.exe
104.126.37.128:443
www.bing.com
Akamai International B.V.
DE
unknown
5336
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3260
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.238
whitelisted
d2oq4dwfbh6gxl.cloudfront.net
  • 18.66.137.114
  • 18.66.137.45
  • 18.66.137.198
  • 18.66.137.70
whitelisted
www.bing.com
  • 104.126.37.128
  • 104.126.37.178
  • 104.126.37.129
  • 104.126.37.179
  • 104.126.37.177
  • 104.126.37.137
  • 104.126.37.185
  • 104.126.37.130
  • 104.126.37.184
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 40.126.32.134
  • 40.126.32.72
  • 40.126.32.76
  • 20.190.160.14
  • 40.126.32.138
  • 40.126.32.68
  • 40.126.32.133
  • 20.190.160.22
whitelisted
th.bing.com
  • 104.126.37.123
  • 104.126.37.185
  • 104.126.37.155
  • 104.126.37.186
  • 104.126.37.162
  • 104.126.37.161
  • 104.126.37.163
  • 104.126.37.177
  • 104.126.37.171
whitelisted
fd.api.iris.microsoft.com
  • 20.199.58.43
whitelisted
arc.msn.com
  • 20.103.156.88
whitelisted

Threats

No threats detected
Process
Message
Kernelmoduleunloader.exe
Kernelmodule unloader
Kernelmoduleunloader.exe
Running in wow64
Kernelmoduleunloader.exe
Setup. So do not show messages
Kernelmoduleunloader.exe
attempting to unload
Kernelmoduleunloader.exe
SCManager opened
Kernelmoduleunloader.exe
count=0
Kernelmoduleunloader.exe
setup=true
cheatengine-x86_64-SSE4-AVX2.exe
Lua thread terminated
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
/installer/9979413715838047/03782294