File name:

08e28fcfec5b597b69198243f0e0641eaddf4eddb01bfa67a118fba4f4d5fc97.exe

Full analysis: https://app.any.run/tasks/757dccad-3300-4490-b2a1-4fe7600e63e7
Verdict: Malicious activity
Analysis date: December 08, 2025, 10:07:34
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
m0yv
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
MD5:

A8696C2C432809672A587CC201B2D55D

SHA1:

12A4CB103734741F946ABC5FF4219DD342D18B9C

SHA256:

08E28FCFEC5B597B69198243F0E0641EADDF4EDDB01BFA67A118FBA4F4D5FC97

SSDEEP:

98304:0EZ8gC4LIV1PcgoMbRIc7akv3v1UA3KOlvvzjaSIWWFiZK:Z+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • M0YV mutex has been found

      • 08e28fcfec5b597b69198243f0e0641eaddf4eddb01bfa67a118fba4f4d5fc97.exe (PID: 7372)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • 08e28fcfec5b597b69198243f0e0641eaddf4eddb01bfa67a118fba4f4d5fc97.exe (PID: 7372)

    • Checks proxy server information

      • slui.exe (PID: 7876)

    • Reads the computer name

      • 08e28fcfec5b597b69198243f0e0641eaddf4eddb01bfa67a118fba4f4d5fc97.exe (PID: 7372)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:10:01 22:33:09+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.43
CodeSize: 1242624
InitializedDataSize: 757248
UninitializedDataSize: -
EntryPoint: 0x11b3f4
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
LegalCopyright: Copyright (c) 2025 Discord Inc. All rights reserved.
FileVersion: 0.1.0
ProductVersion: 0.1.0
InternalName: DiscordSystemHelper.exe
CompanyName: Discord Inc.
ProductName: Discord System Helper
FileDescription: Discord System Helper
OriginalFileName: DiscordSystemHelper.exe
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
137
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #M0YV 08e28fcfec5b597b69198243f0e0641eaddf4eddb01bfa67a118fba4f4d5fc97.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
7372"C:\Users\admin\Desktop\08e28fcfec5b597b69198243f0e0641eaddf4eddb01bfa67a118fba4f4d5fc97.exe" C:\Users\admin\Desktop\08e28fcfec5b597b69198243f0e0641eaddf4eddb01bfa67a118fba4f4d5fc97.exe
explorer.exe
User:
admin
Company:
Discord Inc.
Integrity Level:
MEDIUM
Description:
Discord System Helper
Exit code:
2
Version:
0.1.0
Modules
Images
c:\users\admin\desktop\08e28fcfec5b597b69198243f0e0641eaddf4eddb01bfa67a118fba4f4d5fc97.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
7876C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
3 502
Read events
3 502
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
22
DNS requests
7
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5752
svchost.exe
GET
200
2.16.164.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
2.16.164.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5356
RUXIMICS.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
5356
RUXIMICS.exe
GET
200
2.16.164.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5752
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
POST
500
4.154.185.43:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
US
xml
512 b
unknown
POST
500
4.154.185.43:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
US
xml
512 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
5752
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5356
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
5752
svchost.exe
2.16.164.114:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5356
RUXIMICS.exe
2.16.164.114:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
2.16.164.114:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5356
RUXIMICS.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
5752
svchost.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.18.14
whitelisted
crl.microsoft.com
  • 2.16.164.114
  • 2.16.164.24
whitelisted
www.microsoft.com
  • 23.52.181.212
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
activation-v2.sls.microsoft.com
  • 4.154.185.43
whitelisted
self.events.data.microsoft.com
  • 52.168.117.174
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
08e28fcfec5b597b69198243f0e0641eaddf4eddb01bfa67a118fba4f4d5fc97.exe