File name:

_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe

Full analysis: https://app.any.run/tasks/179dde65-18ab-41b0-9d52-d586d790a462
Verdict: Malicious activity
Analysis date: December 14, 2025, 09:53:36
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

567D34CDBA3B1D77F1DE8A9A3EBAE983

SHA1:

A1B6A9B06FFA8634BABE73F780E08A7AFAE894AD

SHA256:

1C19AB0611DAF084A84FDB7B472600E1B7C9E5885130A827C3E1111EAB08931D

SSDEEP:

98304:CPXS+DPCqpT/nobF7L79C1bDT/TVqsNDr8NFQPthE6ZfuWkCJoKxcMr5e1LbQUFt:O0oV4cjNA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • kxetray.exe (PID: 8184)
      • kxetray.exe (PID: 7908)
      • kxetray.exe (PID: 7284)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe (PID: 7504)
      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7668)
      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7792)
      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe (PID: 7764)

    • Reads the Windows owner or organization settings

      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7668)
      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7792)

    • Reads security settings of Internet Explorer

      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7668)

    • The process drops C-runtime libraries

      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7792)

    • Process drops legitimate windows executable

      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7792)

    • The process executes via Task Scheduler

      • kxetray.exe (PID: 8184)
      • kxetray.exe (PID: 7284)

    • Connects to unusual port

      • kxetray.exe (PID: 7908)

  • INFO

    • Checks supported languages

      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe (PID: 7504)
      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7668)
      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7792)
      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe (PID: 7764)
      • kxetray.exe (PID: 7908)
      • kxetray.exe (PID: 8184)
      • kxetray.exe (PID: 7284)

    • Create files in a temporary directory

      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe (PID: 7504)
      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7668)
      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7792)
      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe (PID: 7764)

    • Process checks computer location settings

      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7668)

    • Reads the computer name

      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7792)
      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7668)
      • kxetray.exe (PID: 7908)
      • kxetray.exe (PID: 8184)
      • kxetray.exe (PID: 7284)

    • Creates files in the program directory

      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7792)
      • kxetray.exe (PID: 7908)

    • The sample compiled with english language support

      • _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp (PID: 7792)

    • UPX packer has been detected

      • kxetray.exe (PID: 7908)

    • Reads the machine GUID from the registry

      • kxetray.exe (PID: 7908)

    • Checks proxy server information

      • slui.exe (PID: 8008)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:09:23 05:03:52+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 716800
InitializedDataSize: 147456
UninitializedDataSize: -
EntryPoint: 0xb0028
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Microsoft Corporation
FileDescription: Whitby Group Setup
FileVersion:
LegalCopyright: Microsoft Corporation. All rights reserved.
OriginalFileName:
ProductName: Whitby Group
ProductVersion: 10.0.14393.01
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
141
Monitored processes
8
Malicious processes
2
Suspicious processes
4

Behavior graph

Click at the process to see the details
start _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe _1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp kxetray.exe slui.exe kxetray.exe no specs kxetray.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
7284"C:\ProgramData\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\kxetray.exe" -ScanTypeC:\ProgramData\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\kxetray.exesvchost.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
MEDIUM
Description:
KXEngine Security Center Tray manager
Exit code:
3221225547
Version:
2010,08,10,224
Modules
Images
c:\programdata\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\kxetray.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
7504"C:\Users\admin\Desktop\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe" C:\Users\admin\Desktop\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Whitby Group Setup
Exit code:
1
Version:
Modules
Images
c:\users\admin\desktop\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
7668"C:\Users\admin\AppData\Local\Temp\is-702VM.tmp\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp" /SL5="$50030,3531273,865280,C:\Users\admin\Desktop\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe" C:\Users\admin\AppData\Local\Temp\is-702VM.tmp\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp
_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
1
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-702vm.tmp\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
7764"C:\Users\admin\Desktop\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe" /VERYSILENT /PASSWORD=544c1fac-5e7f-49d9-bca2-4da26e7d3885C:\Users\admin\Desktop\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe
_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Whitby Group Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
7792"C:\Users\admin\AppData\Local\Temp\is-4R306.tmp\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp" /SL5="$60030,3531273,865280,C:\Users\admin\Desktop\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe" /VERYSILENT /PASSWORD=544c1fac-5e7f-49d9-bca2-4da26e7d3885C:\Users\admin\AppData\Local\Temp\is-4R306.tmp\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp
_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-4r306.tmp\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
7908"C:\ProgramData\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\kxetray.exe" -ScanTypeC:\ProgramData\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\kxetray.exe
_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmp
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
MEDIUM
Description:
KXEngine Security Center Tray manager
Version:
2010,08,10,224
Modules
Images
c:\programdata\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\kxetray.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
8008C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
8184"C:\ProgramData\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\kxetray.exe" -ScanTypeC:\ProgramData\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\kxetray.exesvchost.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
MEDIUM
Description:
KXEngine Security Center Tray manager
Exit code:
3221225547
Version:
2010,08,10,224
Modules
Images
c:\programdata\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\kxetray.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
Total events
4 157
Read events
4 157
Write events
0
Delete events
0

Modification events

No data
Executable files
16
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
7764_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exeC:\Users\admin\AppData\Local\Temp\is-4R306.tmp\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmpexecutable
MD5:94FF312DA8DFD14399273DF238806154
SHA256:4C43F63081589C0B12C8D7C4382D9893D8948007C9ED0C7946F0E42CC8BC536F
7668_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmpC:\Users\admin\AppData\Local\Temp\is-QVROK.tmp\_isetup\_isdecmp.dllexecutable
MD5:077CB4461A2767383B317EB0C50F5F13
SHA256:8287D0E287A66EE78537C8D1D98E426562B95C50F569B92CEA9CE36A9FA57E64
7504_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exeC:\Users\admin\AppData\Local\Temp\is-702VM.tmp\_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmpexecutable
MD5:94FF312DA8DFD14399273DF238806154
SHA256:4C43F63081589C0B12C8D7C4382D9893D8948007C9ED0C7946F0E42CC8BC536F
7668_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmpC:\Users\admin\AppData\Local\Temp\is-QVROK.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7792_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmpC:\ProgramData\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\is-7S6HT.tmpexecutable
MD5:CAE6861B19A2A7E5D42FEFC4DFDF5CCF
SHA256:C4C8C2D251B90D77D1AC75CBD39C3F0B18FC170D5A95D1C13A0266F7260B479D
7792_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmpC:\ProgramData\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\kis.dllexecutable
MD5:B909F24A5608EF9461C0169773182B9F
SHA256:E10BF5AC9D1EBF7781F02971774299E94188824F0C3F2861E8BE96C83181507F
7792_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmpC:\ProgramData\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\is-5O6VE.tmpexecutable
MD5:B909F24A5608EF9461C0169773182B9F
SHA256:E10BF5AC9D1EBF7781F02971774299E94188824F0C3F2861E8BE96C83181507F
7792_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmpC:\ProgramData\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\is-5N302.tmpexecutable
MD5:B737D6208D2CE716DD781F04B1982FFE
SHA256:F1332DC08BB3249461551D22D74BA8C52E6BF6A6540C39C2377A1F6471584D9A
7792_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmpC:\ProgramData\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\is-TCJNG.tmpxml
MD5:89CA53AE1155058A5F93234B13B17C7D
SHA256:D736C413543B6B168DC59769840AE95B5726D428F69A23AF1659DEA8FB4236C8
7792_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.tmpC:\ProgramData\2f88ec0c-df83-41b7-a2cc-06a1dc5b6edd\microsoft.vc80.crt.manifestxml
MD5:89CA53AE1155058A5F93234B13B17C7D
SHA256:D736C413543B6B168DC59769840AE95B5726D428F69A23AF1659DEA8FB4236C8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
27
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1348
svchost.exe
GET
200
2.16.164.90:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.164.90:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
2.16.164.90:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1348
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6932
slui.exe
POST
500
128.24.231.65:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
8008
slui.exe
POST
500
128.24.231.64:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
POST
500
128.24.231.64:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
unknown
POST
500
128.24.231.65:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
1348
svchost.exe
2.16.164.90:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
2.16.164.90:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
2.16.164.90:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
1348
svchost.exe
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
6768
MoUsoCoreWorker.exe
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
whitelisted
google.com
  • 142.251.140.174
whitelisted
crl.microsoft.com
  • 2.16.164.90
  • 2.16.164.112
  • 2.16.164.89
  • 2.16.164.128
  • 2.16.164.114
  • 2.16.164.130
  • 2.16.164.91
  • 2.16.164.83
  • 2.16.164.88
whitelisted
www.microsoft.com
  • 23.59.18.102
whitelisted
activation-v2.sls.microsoft.com
  • 128.24.231.65
  • 128.24.231.64
whitelisted
self.events.data.microsoft.com
  • 20.42.73.31
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
_1c19ab0611daf084a84fdb7b472600e1b7c9e5885130a827c3e1111eab08931d.exe