File name:

AAct_x64.exe

Full analysis: https://app.any.run/tasks/7930bebc-61c2-49c4-8d93-5faefa4841ae
Verdict: Malicious activity
Analysis date: February 22, 2026, 13:00:08
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 3 sections
MD5:

2C0067EFBEA95E81C47F974C8610DCDC

SHA1:

A0197691C406CAC588BA97562C757718A653E618

SHA256:

1C01EB61A1C18AD030D7407D3369DDB9BD09E82DF055BEAE919F3526F64D068A

SSDEEP:

49152:Ggnc7JGb+COViYRfSLT4thP97H5W4eSJEwXsyx/y51rs6IPN2fuP1baAd8bTOGU6:Gqc7JGWnvPDBXJNXsyx/yI6IYmn8bTO4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • AAct_x64.exe (PID: 4856)
      • AAct_x64.exe (PID: 8412)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads Environment values

      • AAct_x64.exe (PID: 4856)

    • Reads product name

      • AAct_x64.exe (PID: 4856)

    • Checks supported languages

      • AAct_x64.exe (PID: 4856)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (47)
.exe | UPX compressed Win32 Executable (46)
.exe | Generic Win/DOS Executable (3.4)
.exe | DOS Executable Generic (3.4)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2018:07:31 15:12:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Large address aware
PEType: PE32+
LinkerVersion: 2.5
CodeSize: 1437696
InitializedDataSize: 73728
UninitializedDataSize: 1359872
EntryPoint: 0x2abc20
OSVersion: 4
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
FileVersionNumber: 3.9.1.0
ProductVersionNumber: 3.9.1.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileDescription: AAct x64
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
149
Monitored processes
3
Malicious processes
0
Suspicious processes
2

Behavior graph

Click at the process to see the details
start aact_x64.exe slui.exe no specs aact_x64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1136C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4856"C:\Users\admin\AppData\Local\Temp\AAct_x64.exe" C:\Users\admin\AppData\Local\Temp\AAct_x64.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
AAct x64
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\aact_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
8412"C:\Users\admin\AppData\Local\Temp\AAct_x64.exe" C:\Users\admin\AppData\Local\Temp\AAct_x64.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
AAct x64
Modules
Images
c:\users\admin\appdata\local\temp\aact_x64.exe
c:\windows\system32\ntdll.dll
Total events
208
Read events
207
Write events
1
Delete events
0

Modification events

(PID) Process:(4856) AAct_x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings
Operation:writeName:Enabled
Value:
1
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
25
DNS requests
18
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
US
whitelisted
8776
svchost.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
7020
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
7020
SIHClient.exe
GET
200
74.179.77.164:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
7020
SIHClient.exe
GET
200
74.178.76.128:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
7020
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
US
binary
314 b
whitelisted
356
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
356
svchost.exe
POST
200
20.190.159.23:443
https://login.live.com/RST2.srf
US
binary
10.3 Kb
whitelisted
8776
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
8776
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
7824
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
92.123.104.16:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
356
svchost.exe
20.190.159.23:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
self.events.data.microsoft.com
  • 13.69.239.72
whitelisted
google.com
  • 172.217.16.174
whitelisted
www.bing.com
  • 92.123.104.16
  • 92.123.104.19
  • 92.123.104.20
  • 92.123.104.26
  • 92.123.104.14
  • 92.123.104.30
  • 92.123.104.18
  • 92.123.104.17
  • 92.123.104.29
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 20.190.159.23
  • 40.126.31.130
  • 20.190.159.130
  • 40.126.31.131
  • 20.190.159.0
  • 20.190.159.71
  • 40.126.31.128
  • 20.190.159.64
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted

Threats

PID
Process
Class
Message
8776
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AAct_x64.exe