File name:

2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe

Full analysis: https://app.any.run/tasks/1e2e7b53-ae5c-4ea1-a199-019d967f297c
Verdict: Malicious activity
Analysis date: July 15, 2025, 04:38:29
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
jeefo
auto-reg
python
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
MD5:

A0FAD5AA33AF175D3A2DF5D971A495B4

SHA1:

A46D7773620C84649BC4DD488B57EA69572472BC

SHA256:

2ABECB9C076C4DFBC186D6B287ED24B86B825ED28CC20221E232B28E67B09AE2

SSDEEP:

196608:jBq3bsG/qhW7QyreqdxhUcNKpGV7CGD/vNsdG:jObFqwJreqjh4pGVGGDnmdG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • JEEFO has been detected

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe (PID: 424)
      • icsys.icn.exe (PID: 6400)
      • svchost.exe (PID: 1336)
      • explorer.exe (PID: 5116)

    • Changes the autorun value in the registry

      • explorer.exe (PID: 5116)
      • svchost.exe (PID: 1336)

  • SUSPICIOUS

    • Starts itself from another location

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe (PID: 424)
      • icsys.icn.exe (PID: 6400)
      • spoolsv.exe (PID: 5564)
      • svchost.exe (PID: 1336)
      • explorer.exe (PID: 5116)

    • Executable content was dropped or overwritten

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe (PID: 424)
      • icsys.icn.exe (PID: 6400)
      • explorer.exe (PID: 5116)
      • spoolsv.exe (PID: 5564)
      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)

    • Starts application with an unusual extension

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe (PID: 424)
      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)

    • The process creates files with name similar to system file names

      • icsys.icn.exe (PID: 6400)
      • spoolsv.exe (PID: 5564)

    • Reads the BIOS version

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)
      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 4528)

    • Process drops python dynamic module

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)

    • Application launched itself

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)

    • The process drops C-runtime libraries

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)

    • Process drops legitimate windows executable

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)

    • Loads Python modules

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 4528)

    • Creates or modifies Windows services

      • svchost.exe (PID: 1336)

  • INFO

    • The sample compiled with english language support

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe (PID: 424)
      • icsys.icn.exe (PID: 6400)
      • explorer.exe (PID: 5116)
      • spoolsv.exe (PID: 5564)
      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)

    • Create files in a temporary directory

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe (PID: 424)
      • icsys.icn.exe (PID: 6400)
      • explorer.exe (PID: 5116)
      • svchost.exe (PID: 1336)
      • spoolsv.exe (PID: 2632)
      • spoolsv.exe (PID: 5564)
      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)

    • Checks supported languages

      • icsys.icn.exe (PID: 6400)
      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe (PID: 424)
      • explorer.exe (PID: 5116)
      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)
      • spoolsv.exe (PID: 5564)
      • svchost.exe (PID: 1336)
      • spoolsv.exe (PID: 2632)
      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 4528)

    • Process checks whether UAC notifications are on

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)
      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 4528)

    • Reads the computer name

      • svchost.exe (PID: 1336)
      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)

    • Launching a file from a Registry key

      • explorer.exe (PID: 5116)
      • svchost.exe (PID: 1336)

    • Creates files in the program directory

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 5720)

    • Manual execution by a user

      • explorer.exe (PID: 952)
      • svchost.exe (PID: 1036)
      • explorer.exe (PID: 684)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  (PID: 4528)

    • Checks proxy server information

      • slui.exe (PID: 1612)

    • Reads the software policy settings

      • slui.exe (PID: 1612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2013:04:01 07:08:22+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 106496
InitializedDataSize: 12288
UninitializedDataSize: -
EntryPoint: 0x290c
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
ProductName: Project1
FileVersion: 1
ProductVersion: 1
InternalName: TJprojMain
OriginalFileName: TJprojMain.exe
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
135
Monitored processes
14
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #JEEFO 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  #JEEFO icsys.icn.exe conhost.exe no specs #JEEFO explorer.exe spoolsv.exe #JEEFO svchost.exe spoolsv.exe no specs 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  no specs explorer.exe no specs svchost.exe no specs explorer.exe no specs slui.exe 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
424"C:\Users\admin\Desktop\2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe" C:\Users\admin\Desktop\2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
1.00
Modules
Images
c:\users\admin\desktop\2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
684c:\windows\resources\themes\explorer.exe ROC:\Windows\Resources\Themes\explorer.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
1.00
Modules
Images
c:\windows\resources\themes\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
952c:\windows\resources\themes\explorer.exe ROC:\Windows\Resources\Themes\explorer.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
1.00
Modules
Images
c:\windows\resources\themes\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1036c:\windows\resources\svchost.exe ROC:\Windows\Resources\svchost.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
1.00
Modules
Images
c:\windows\resources\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1336c:\windows\resources\svchost.exeC:\Windows\Resources\svchost.exe
spoolsv.exe
User:
admin
Integrity Level:
HIGH
Version:
1.00
Modules
Images
c:\windows\resources\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1612C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2632c:\windows\resources\spoolsv.exe PRC:\Windows\Resources\spoolsv.exesvchost.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
1.00
Modules
Images
c:\windows\resources\spoolsv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
4320"C:\Users\admin\Desktop\2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe" C:\Users\admin\Desktop\2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
1.00
Modules
Images
c:\users\admin\desktop\2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
4528c:\users\admin\desktop\2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe  C:\Users\admin\Desktop\2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe 
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\desktop\2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe 
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5060\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exe2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe 
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
4 142
Read events
4 123
Write events
15
Delete events
4

Modification events

(PID) Process:(424) 2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exeKey:HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Explorer\Process
Operation:writeName:LO
Value:
1
(PID) Process:(6400) icsys.icn.exeKey:HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Explorer\Process
Operation:writeName:LO
Value:
1
(PID) Process:(5116) explorer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Explorer
Value:
c:\windows\resources\themes\explorer.exe RO
(PID) Process:(5116) explorer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Svchost
Value:
c:\windows\resources\svchost.exe RO
(PID) Process:(5116) explorer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Explorer
Value:
(PID) Process:(5116) explorer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Svchost
Value:
(PID) Process:(1336) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Explorer
Value:
c:\windows\resources\themes\explorer.exe RO
(PID) Process:(1336) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Svchost
Value:
c:\windows\resources\svchost.exe RO
(PID) Process:(1336) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Explorer
Value:
(PID) Process:(1336) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Svchost
Value:
Executable files
68
Suspicious files
11
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
5116explorer.exeC:\Windows\Resources\spoolsv.exeexecutable
MD5:AB68A2A3B887C638689F327D65452FB1
SHA256:EC7127A30D0A658BB6E2BDDC57779ED99FF25856099054A04C95B24EEDF12ABD
6400icsys.icn.exeC:\Users\admin\AppData\Local\Temp\~DF85DD1660D70CF5AF.TMPbinary
MD5:3F69E7C6F0385782065776DBC70F8399
SHA256:E451A47DD14032D02523FC8B8DEC4A9327EDA712C4B5E14598A987E9B87FE77E
4242025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exeC:\Users\admin\Desktop\2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe executable
MD5:8D729B942ECE6A70E2918FF694195EBA
SHA256:4D3994F552DEAA0577CF21FD08FAEE0EF304F9FDC63CE890192AB0516C9C3EEE
6400icsys.icn.exeC:\Windows\Resources\Themes\explorer.exeexecutable
MD5:4676A38F750EF888A5F122134EFE90E1
SHA256:80A47CDBC9FB168F17BB271E82CD873BEAC7D5112B000576151D4D887739BA83
4242025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exeC:\Windows\Resources\Themes\icsys.icn.exeexecutable
MD5:6B0F617735A16B2950D01C3B2D862529
SHA256:175920B3115BE6079F7897FD8D89FCFB886F0B1AC54FB01B2D1D626D3CE9D271
5564spoolsv.exeC:\Windows\Resources\svchost.exeexecutable
MD5:F8C90073C66708EE5928F5C85CAC402F
SHA256:88120C00E857CADE6DE5408B218BA7058827FE27AF3DAF098947A187C4C54E09
2632spoolsv.exeC:\Users\admin\AppData\Local\Temp\~DF79A5983EC866DFDD.TMPbinary
MD5:120FD4C9BCDB3CB34AC61F621DC2076F
SHA256:19C1BF536ED75CA96A258F5DACC060B7DD97234217D0D9398B0C3C0BE9741A7C
5564spoolsv.exeC:\Users\admin\AppData\Local\Temp\~DF8D19626707DDB416.TMPbinary
MD5:963A8A6893A263E49C56E3EC97C54B57
SHA256:EA058C980A22571E8F9BE7F4F994BB8174E798F735F1FC72131A0848658EA022
57202025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI57202\_socket.pydexecutable
MD5:9C6283CC17F9D86106B706EC4EA77356
SHA256:5CC62AAC52EDF87916DEB4EBBAD9ABB58A6A3565B32E7544F672ACA305C38027
57202025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI57202\_uuid.pydexecutable
MD5:7A00FF38D376ABAAA1394A4080A6305B
SHA256:720E9B68C41C8D9157865E4DD243FB1731F627F3AF29C43250804A5995A82016
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
27
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
40.69.42.241:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
unknown
6940
SIHClient.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
6940
SIHClient.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
6940
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6940
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
6940
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
6940
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
GET
200
20.109.210.53:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6176
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1612
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.238
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
self.events.data.microsoft.com
  • 104.208.16.89
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-07-15_a0fad5aa33af175d3a2df5d971a495b4_black-basta_elex_luca-stealer_swisyn.exe