File name:

TumiyaV77 Setup 1.0.0.exe

Full analysis: https://app.any.run/tasks/91a37120-31a8-412c-a233-e55b927fa28e
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: April 29, 2025, 16:10:56
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
arch-doc
discordgrabber
generic
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

3876628B466B7020EB81B480361F1141

SHA1:

673926E77072CFFE1C12714166A5C38D63B3BA1F

SHA256:

F8ED07483D2F2979E41FCD72974BFD75D0EF0F4D81D987CB86F07D99AFDA5C4D

SSDEEP:

786432:A5zJd8zq15D8wrcDaWhuqN7xvh0rI1pD3XyczRJICs5gq8nR2:cXG+8wrcdhus7xOrI3CczR6CWgq8c

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Suspicious browser debugging (Possible cookie theft)

      • chrome.exe (PID: 3096)
      • chrome.exe (PID: 7604)
      • chrome.exe (PID: 7596)
      • chrome.exe (PID: 6244)
      • msedge.exe (PID: 2140)

    • Actions looks like stealing of personal data

      • chrome.exe (PID: 6244)
      • msedge.exe (PID: 2140)
      • TumiyaV77.exe (PID: 8064)

    • Steals credentials from Web Browsers

      • TumiyaV77.exe (PID: 8064)

    • DISCORDGRABBER has been detected (YARA)

      • TumiyaV77.exe (PID: 8064)

    • Starts Visual C# compiler

      • cmd.exe (PID: 7488)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)

    • The process creates files with name similar to system file names

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)

    • Starts CMD.EXE for commands execution

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)
      • TumiyaV77.exe (PID: 8064)
      • cold_ebee0e216cb6a12c.exe (PID: 7592)

    • Get information on the list of running processes

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)
      • cmd.exe (PID: 7740)
      • TumiyaV77.exe (PID: 8064)
      • cmd.exe (PID: 4448)
      • cmd.exe (PID: 7632)
      • cmd.exe (PID: 4728)
      • cmd.exe (PID: 7840)
      • cmd.exe (PID: 7952)
      • cmd.exe (PID: 7240)
      • cmd.exe (PID: 4920)
      • cmd.exe (PID: 1096)
      • cmd.exe (PID: 6244)
      • cmd.exe (PID: 8152)

    • Drops 7-zip archiver for unpacking

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)

    • Executable content was dropped or overwritten

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)
      • cold_ebee0e216cb6a12c.exe (PID: 7592)
      • csc.exe (PID: 7388)

    • Process drops legitimate windows executable

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)

    • There is functionality for taking screenshot (YARA)

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)

    • Creates a software uninstall entry

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)

    • Uses TASKKILL.EXE to kill Browsers

      • cmd.exe (PID: 5956)
      • cmd.exe (PID: 2852)
      • cmd.exe (PID: 7476)
      • cmd.exe (PID: 7656)
      • cmd.exe (PID: 1512)
      • cmd.exe (PID: 6228)
      • cmd.exe (PID: 5868)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 1276)

    • Application launched itself

      • TumiyaV77.exe (PID: 8064)

    • Reads security settings of Internet Explorer

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 2140)

    • Multiple wallet extension IDs have been found

      • TumiyaV77.exe (PID: 8064)

    • Suspicious browser cookie database enumeration

      • TumiyaV77.exe (PID: 8064)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 5176)
      • cmd.exe (PID: 7224)
      • cmd.exe (PID: 4380)

    • The process executes VB scripts

      • cmd.exe (PID: 4880)

    • Executing commands from a ".bat" file

      • cold_ebee0e216cb6a12c.exe (PID: 7592)

    • The executable file from the user directory is run by the CMD process

      • screenCapture_1.3.2.exe (PID: 7552)

  • INFO

    • The sample compiled with english language support

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)

    • Checks supported languages

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)
      • TumiyaV77.exe (PID: 8064)
      • TumiyaV77.exe (PID: 6872)
      • chrome.exe (PID: 3096)
      • TumiyaV77.exe (PID: 1184)
      • chrome.exe (PID: 7604)
      • chrome.exe (PID: 7596)
      • chrome.exe (PID: 6244)
      • msedge.exe (PID: 2140)

    • Reads the computer name

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)
      • TumiyaV77.exe (PID: 8064)
      • TumiyaV77.exe (PID: 6872)
      • TumiyaV77.exe (PID: 1184)
      • chrome.exe (PID: 3096)
      • chrome.exe (PID: 7604)
      • chrome.exe (PID: 7596)
      • chrome.exe (PID: 6244)
      • msedge.exe (PID: 2140)

    • Creates files or folders in the user directory

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)
      • msedge.exe (PID: 2140)
      • TumiyaV77.exe (PID: 8064)
      • chrome.exe (PID: 6244)

    • Create files in a temporary directory

      • TumiyaV77 Setup 1.0.0.exe (PID: 7704)
      • chrome.exe (PID: 6244)
      • msedge.exe (PID: 2140)
      • TumiyaV77.exe (PID: 8064)

    • Reads Environment values

      • TumiyaV77.exe (PID: 8064)
      • chrome.exe (PID: 7596)
      • chrome.exe (PID: 6244)
      • msedge.exe (PID: 2140)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 2140)
      • notepad.exe (PID: 5048)

    • Process checks computer location settings

      • TumiyaV77.exe (PID: 8064)
      • chrome.exe (PID: 6244)
      • msedge.exe (PID: 2140)

    • Reads the machine GUID from the registry

      • TumiyaV77.exe (PID: 8064)
      • chrome.exe (PID: 6244)
      • msedge.exe (PID: 2140)

    • Checks proxy server information

      • TumiyaV77.exe (PID: 8064)
      • msedge.exe (PID: 2140)
      • chrome.exe (PID: 6244)

    • Application launched itself

      • chrome.exe (PID: 3096)
      • chrome.exe (PID: 7604)
      • chrome.exe (PID: 7596)
      • chrome.exe (PID: 6244)
      • msedge.exe (PID: 2140)

    • Manual execution by a user

      • TumiyaV77.exe (PID: 8064)
      • notepad.exe (PID: 5048)
      • OpenWith.exe (PID: 7544)
      • OpenWith.exe (PID: 7616)
      • OpenWith.exe (PID: 7204)
      • OpenWith.exe (PID: 7600)
      • OpenWith.exe (PID: 6468)
      • OpenWith.exe (PID: 2096)
      • OpenWith.exe (PID: 1600)
      • OpenWith.exe (PID: 7232)
      • OpenWith.exe (PID: 7996)
      • OpenWith.exe (PID: 6192)
      • OpenWith.exe (PID: 5548)
      • OpenWith.exe (PID: 5084)
      • OpenWith.exe (PID: 6456)
      • OpenWith.exe (PID: 7508)
      • OpenWith.exe (PID: 3956)

    • Reads product name

      • TumiyaV77.exe (PID: 8064)

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 7544)
      • OpenWith.exe (PID: 7616)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: TumiyaV77
FileDescription: Tumiya
FileVersion: 1.0.0
LegalCopyright: Copyright © 2025 TumiyaV77
ProductName: TumiyaV77
ProductVersion: 1.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
244
Monitored processes
121
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
start tumiyav77 setup 1.0.0.exe cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs #DISCORDGRABBER tumiyav77.exe cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs taskkill.exe no specs chrome.exe no specs tumiyav77.exe no specs tumiyav77.exe no specs chrome.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs where.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs tasklist.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs where.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs tasklist.exe no specs tasklist.exe no specs notepad.exe no specs openwith.exe no specs openwith.exe no specs slui.exe openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs cmd.exe no specs conhost.exe no specs cscript.exe no specs cold_ebee0e216cb6a12c.exe conhost.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs csc.exe cvtres.exe no specs screencapture_1.3.2.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1040\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
1040cscript //B "C:\Users\admin\AppData\Local\Temp\open.vbs"C:\Windows\System32\cscript.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Console Based Script Host
Exit code:
0
Version:
5.812.10240.16384
1096C:\WINDOWS\system32\cmd.exe /d /s /c "tasklist"C:\Windows\System32\cmd.exeTumiyaV77.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
1128"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1724 --field-trial-handle=1444,i,8360746119255833736,13140446979313617614,262144 --disable-features=PaintHolding --variations-seed-version /prefetch:3C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
1184"C:\Users\admin\AppData\Local\Programs\tumiyav77\TumiyaV77.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\tumiyav77" --mojo-platform-channel-handle=1996 --field-trial-handle=1932,i,18382453480832110982,14826830643637726982,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Users\admin\AppData\Local\Programs\tumiyav77\TumiyaV77.exeTumiyaV77.exe
User:
admin
Company:
TumiyaV77
Integrity Level:
MEDIUM
Description:
TumiyaV77
Version:
1.0.0
1244\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
1276C:\WINDOWS\system32\cmd.exe /d /s /c "wmic csproduct get uuid"C:\Windows\System32\cmd.exeTumiyaV77.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
1512C:\WINDOWS\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"C:\Windows\System32\cmd.exeTumiyaV77.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
1600"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\Replace.csC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
2092tasklistC:\Windows\System32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
31
Suspicious files
174
Text files
88
Unknown types
2

Dropped files

PID
Process
Filename
Type
7704TumiyaV77 Setup 1.0.0.exeC:\Users\admin\AppData\Local\Temp\nskCF59.tmp\app-64.7z
MD5:
SHA256:
7704TumiyaV77 Setup 1.0.0.exeC:\Users\admin\AppData\Local\Temp\nskCF59.tmp\7z-out\icudtl.dat
MD5:
SHA256:
7704TumiyaV77 Setup 1.0.0.exeC:\Users\admin\AppData\Local\Temp\nskCF59.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
7704TumiyaV77 Setup 1.0.0.exeC:\Users\admin\AppData\Local\Temp\nskCF59.tmp\7z-out\chrome_200_percent.pakpgc
MD5:C37BD7A6B677A37313B7ECC4FF01B6F5
SHA256:8C1AE81D19FD6323A02EB460E075E2F25ABA322BC7D46F2E6EDB1C4600E6537A
7704TumiyaV77 Setup 1.0.0.exeC:\Users\admin\AppData\Local\Temp\nskCF59.tmp\7z-out\chrome_100_percent.pakbinary
MD5:A0E681FDD4613E0FFF6FB8BF33A00EF1
SHA256:86F6B8FFA8788603A433D425A4BC3C4031E5D394762FD53257B0D4B1CFB2FFA2
7704TumiyaV77 Setup 1.0.0.exeC:\Users\admin\AppData\Local\Temp\nskCF59.tmp\7z-out\locales\en-GB.pakbinary
MD5:9D9121BDC9AF59B5899CE3C5927B55D8
SHA256:F4D45CCC89834376F35D4D83FE5B2D5112B8CC315FCB03228720749AAE31C805
7704TumiyaV77 Setup 1.0.0.exeC:\Users\admin\AppData\Local\Temp\nskCF59.tmp\7z-out\locales\af.pakbinary
MD5:917A688D64ECCF67FEF5A5EB0908B6D4
SHA256:6981249837AD767FC030EDC8838878A5E493FB08CC49982CFFAED16CFBEB564D
7704TumiyaV77 Setup 1.0.0.exeC:\Users\admin\AppData\Local\Temp\nskCF59.tmp\nsis7z.dllexecutable
MD5:80E44CE4895304C6A3A831310FBF8CD0
SHA256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
7704TumiyaV77 Setup 1.0.0.exeC:\Users\admin\AppData\Local\Temp\nskCF59.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
7704TumiyaV77 Setup 1.0.0.exeC:\Users\admin\AppData\Local\Temp\nskCF59.tmp\7z-out\locales\am.pakbinary
MD5:3CFD7C5BB92AB72C63E003208A9E4529
SHA256:12E9E1BEC1C46E5EA706157726E17A4429ACF288A5754FA183BD9B4CF7D3853B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
33
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7200
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.29:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7200
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.29:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7200
SIHClient.exe
4.245.163.56:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7200
SIHClient.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7200
SIHClient.exe
52.165.164.15:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.216.77.29
  • 23.216.77.23
  • 23.216.77.10
  • 23.216.77.21
  • 23.216.77.26
  • 23.216.77.35
  • 23.216.77.30
  • 23.216.77.8
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
mail.google.com
  • 142.250.186.165
whitelisted
accounts.google.com
  • 142.250.110.84
whitelisted
beta.coldmeowcats.site
  • 172.67.170.128
  • 104.21.87.180
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
TumiyaV77 Setup 1.0.0.exe