File name:

helper.exe

Full analysis: https://app.any.run/tasks/cbd57633-004f-4e58-b974-d300605fbeb9
Verdict: Malicious activity
Analysis date: June 30, 2024, 21:44:35
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
vmprotect
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

E3F2F378468FB94E45ED6A20AD1FA451

SHA1:

A5865838873E6F51421FE2B7F467EE9867779ED5

SHA256:

0AE1235B400D4B04B27ABAD5EFDDB58EDEAC732C24590AE74749D98943600C3A

SSDEEP:

1536:/maCszB5r41TrPnMaqpqIZZZZZNOh5bMw2EndJyMjnx4HnFxbj/1L6ogziEapms:/R1aTrPnVqpNOh5Hpdt12VO/OEapb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • helper.exe (PID: 1592)
      • package.exe (PID: 4912)
      • OfficeTab.exe (PID: 4324)
      • package.tmp (PID: 188)

    • Registers / Runs the DLL via REGSVR32.EXE

      • package.tmp (PID: 188)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • OfficeTab.exe (PID: 4324)
      • package.exe (PID: 4912)
      • package.tmp (PID: 188)

    • Reads security settings of Internet Explorer

      • OfficeTab.exe (PID: 4324)

    • Process drops legitimate windows executable

      • package.tmp (PID: 188)

    • Adds/modifies Windows certificates

      • package.tmp (PID: 188)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 5316)
      • regsvr32.exe (PID: 2064)
      • regsvr32.exe (PID: 2308)
      • regsvr32.exe (PID: 1960)

    • Searches for installed software

      • OfficeTab.exe (PID: 4324)

    • Reads the Windows owner or organization settings

      • package.tmp (PID: 188)

  • INFO

    • Checks supported languages

      • helper.exe (PID: 1592)
      • OfficeTab.exe (PID: 4324)
      • package.exe (PID: 4912)
      • package.tmp (PID: 188)
      • _setup64.tmp (PID: 1064)
      • TabsforOfficeCenter1316.exe (PID: 1192)

    • Reads the computer name

      • helper.exe (PID: 1592)
      • OfficeTab.exe (PID: 4324)
      • package.tmp (PID: 188)
      • TabsforOfficeCenter1316.exe (PID: 1192)

    • Create files in a temporary directory

      • helper.exe (PID: 1592)
      • OfficeTab.exe (PID: 4324)
      • package.tmp (PID: 188)
      • package.exe (PID: 4912)

    • Manual execution by a user

      • OfficeTab.exe (PID: 4324)
      • OfficeTab.exe (PID: 4628)

    • Creates files in the program directory

      • package.tmp (PID: 188)

    • VMProtect protector has been detected

      • package.tmp (PID: 188)

    • Reads Microsoft Office registry keys

      • package.tmp (PID: 188)
      • TabsforOfficeCenter1316.exe (PID: 1192)

    • Creates a software uninstall entry

      • package.tmp (PID: 188)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:02:24 19:19:59+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 28672
InitializedDataSize: 445952
UninitializedDataSize: 16896
EntryPoint: 0x39e3
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Cyrillic
Comments: -
CompanyName: KpoJIuK
FileDescription: Office Install Helper
FileVersion: 1.0.0.0
LegalCopyright: © KpoJIuK
ProductName: Office Install Helper
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
146
Monitored processes
13
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start helper.exe officetab.exe no specs officetab.exe package.exe THREAT package.tmp _setup64.tmp no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs tabsforofficecenter1316.exe no specs helper.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\Users\admin\AppData\Local\Temp\is-MGIRL.tmp\package.tmp" /SL5="$8027A,19854278,119296,C:\Users\admin\AppData\Local\Temp\nskF3EA.tmp\package.exe" C:\Users\admin\AppData\Local\Temp\is-MGIRL.tmp\package.tmp
package.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-mgirl.tmp\package.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
964"C:\Users\admin\AppData\Local\Temp\helper.exe" C:\Users\admin\AppData\Local\Temp\helper.exeexplorer.exe
User:
admin
Company:
KpoJIuK
Integrity Level:
MEDIUM
Description:
Office Install Helper
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\helper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1064helper 105 0x568C:\Users\admin\AppData\Local\Temp\is-AMJ1J.tmp\_isetup\_setup64.tmppackage.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\is-amj1j.tmp\_isetup\_setup64.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
1192"C:\Program Files\Detong\Office Tab\TabsforOfficeCenter1316.exe"C:\Program Files\Detong\Office Tab\TabsforOfficeCenter1316.exepackage.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
13.1.0.228
Modules
Images
c:\program files\detong\office tab\tabsforofficecenter1316.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
1592"C:\Users\admin\AppData\Local\Temp\helper.exe" C:\Users\admin\AppData\Local\Temp\helper.exe
explorer.exe
User:
admin
Company:
KpoJIuK
Integrity Level:
HIGH
Description:
Office Install Helper
Exit code:
2
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\helper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1960"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Detong\Office Tab\TabsforOfficeHelper32.dll"C:\Windows\SysWOW64\regsvr32.exepackage.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2064"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Detong\Office Tab\TabsforOfficeHelper64.dll"C:\Windows\System32\regsvr32.exepackage.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2288\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exe_setup64.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2308"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Detong\Office Tab\TabsforOffice1316x32.dll"C:\Windows\SysWOW64\regsvr32.exepackage.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4324"C:\Users\admin\Desktop\OfficeTab.exe" C:\Users\admin\Desktop\OfficeTab.exe
explorer.exe
User:
admin
Company:
Detong Technology Ltd.
Integrity Level:
HIGH
Description:
Office Tab Enterprise v13.10
Exit code:
0
Version:
13.10.0.0
Modules
Images
c:\users\admin\desktop\officetab.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
6 374
Read events
6 057
Write events
298
Delete events
19

Modification events

(PID) Process:(4324) OfficeTab.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4324) OfficeTab.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4324) OfficeTab.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4324) OfficeTab.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(188) package.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
BC000000AF6F5B3337CBDA01
(PID) Process:(188) package.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
B9A58F4076CF4BFBB821773EDF28F4ECEC051511E6D86353935D8BB6E7A17D5C
(PID) Process:(188) package.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(188) package.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\Detong\Office Tab\TabsforOfficeHelper32.dll
(PID) Process:(188) package.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
590248AA02DFC7560D99E1AE7BD4BDFF2793FC3EA1EC4A098DE9406277807338
(PID) Process:(188) package.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\AppV\Subsystem\VirtualRegistry
Operation:writeName:PassThroughPaths
Value:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
Executable files
33
Suspicious files
7
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
1592helper.exeC:\Users\admin\AppData\Local\Temp\nsjD15C.tmpbinary
MD5:EE368A52CAADB2168ED0445B0BFD07EB
SHA256:7D9964B8389027400BCE333D6066BFE531CF4396CD232F60A00A230C398EE3A5
188package.tmpC:\Users\admin\AppData\Local\Temp\is-AMJ1J.tmp\_isetup\_setup64.tmpexecutable
MD5:526426126AE5D326D0A24706C77D8C5C
SHA256:B20A8D88C550981137ED831F2015F5F11517AEB649C29642D9D61DEA5EBC37D1
4912package.exeC:\Users\admin\AppData\Local\Temp\is-MGIRL.tmp\package.tmpexecutable
MD5:4DE6F44810BAD050AC81F45549D58F34
SHA256:CF8A77F4CBD38F6AB44FCFF738F81EC8DFDAA7EF5A64D62FDD84C6FE897ADFF5
188package.tmpC:\Users\admin\AppData\Local\Temp\is-AMJ1J.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
188package.tmpC:\Program Files\Detong\Office Tab\unins000.exeexecutable
MD5:A36B4338CF3FBA1EC26F409EFAAAA1A9
SHA256:2B16783E3E1A59B1144BCA0E87488CF0621FEFE5E9F3AD55957046589B034121
188package.tmpC:\Users\admin\AppData\Local\Temp\is-AMJ1J.tmp\UserData.datexecutable
MD5:10BB37DF77547BC8B85D28615E8505A1
SHA256:4EF087CF546A746B7BA77AC8F7956BAFA3C78491D7C10F61741463F614847D4F
188package.tmpC:\Program Files\Detong\Office Tab\is-F64AR.tmpexecutable
MD5:A36B4338CF3FBA1EC26F409EFAAAA1A9
SHA256:2B16783E3E1A59B1144BCA0E87488CF0621FEFE5E9F3AD55957046589B034121
188package.tmpC:\Users\admin\AppData\Local\Temp\is-AMJ1J.tmp\OfficeTabLoader.dllexecutable
MD5:5046587E2BFE3289F01362E4E4EF4EB8
SHA256:002F214E4C4AE31C8A51C5E338828D24CBF7A43268F75E843B711886B0F60002
188package.tmpC:\Program Files\Detong\Office Tab\TabsforOfficeHelper32.dllexecutable
MD5:5E1D8E6C0309B98EB52FB159E3D02F83
SHA256:3234822E04B1AB4CC394AA814E1BEB1D14E508D95EC89E79909160D37A493AA0
188package.tmpC:\Program Files\Detong\Office Tab\TabsforOfficeHelper64.dllexecutable
MD5:3E7AC1D4D411CF03FACF3F62434E35B7
SHA256:730E46FC60754221C02095AC08B8E1850EC5D0CF7DB6A363F6D7473EA694F850
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
70
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1544
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
4656
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
unknown
5524
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
3040
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
unknown
4084
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
4524
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
4084
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4032
svchost.exe
239.255.255.250:1900
whitelisted
2336
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6068
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
4656
SearchApp.exe
104.126.37.161:443
www.bing.com
Akamai International B.V.
DE
unknown
4656
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1544
svchost.exe
40.126.32.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
1544
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4656
SearchApp.exe
104.126.37.153:443
www.bing.com
Akamai International B.V.
DE
unknown
1060
svchost.exe
184.30.17.189:443
go.microsoft.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 104.126.37.161
  • 104.126.37.136
  • 104.126.37.160
  • 104.126.37.128
  • 104.126.37.170
  • 104.126.37.139
  • 104.126.37.130
  • 104.126.37.153
  • 104.126.37.168
  • 104.126.37.177
  • 104.126.37.144
  • 104.126.37.131
  • 104.126.37.171
  • 104.126.37.186
  • 104.126.37.184
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.68
  • 40.126.32.76
  • 20.190.160.17
  • 40.126.32.136
  • 40.126.32.72
  • 20.190.160.20
  • 40.126.32.74
  • 40.126.32.140
whitelisted
r.bing.com
  • 104.126.37.153
  • 104.126.37.136
  • 104.126.37.130
  • 104.126.37.128
  • 104.126.37.168
  • 104.126.37.161
  • 104.126.37.139
  • 104.126.37.170
  • 104.126.37.160
whitelisted
go.microsoft.com
  • 184.30.17.189
whitelisted
self.events.data.microsoft.com
  • 40.79.141.153
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted
slscr.update.microsoft.com
  • 20.114.59.183
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
helper.exe