File name:

GenP-v3.6.8.exe

Full analysis: https://app.any.run/tasks/d1f712d7-19f7-4c5e-8eeb-4a362de48805
Verdict: Malicious activity
Analysis date: August 02, 2025, 02:46:01
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
upx
autoit
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 3 sections
MD5:

051E2A6A06B2828303EA464EB61BB868

SHA1:

60828060F25B8D97792290012DC61CD250067550

SHA256:

2E72B2CC740890B434B869E6682E9980C9582A8D7C54CEFB690AD5E60F81564C

SSDEEP:

49152:vetKmupSfNHjl4ClQaig25jSHY7GvXiADpB/XmPo3hIHib/KlNKYOJCTOB2U20wY:GtKDpSRjVKjg25j1Shp184hvOKYYCTOb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • GenP-v3.6.8.exe (PID: 6808)

  • INFO

    • Checks supported languages

      • GenP-v3.6.8.exe (PID: 6808)

    • Reads mouse settings

      • GenP-v3.6.8.exe (PID: 6808)

    • The sample compiled with english language support

      • GenP-v3.6.8.exe (PID: 6808)

    • Reads the computer name

      • GenP-v3.6.8.exe (PID: 6808)

    • Create files in a temporary directory

      • GenP-v3.6.8.exe (PID: 6808)

    • The process uses AutoIt

      • GenP-v3.6.8.exe (PID: 6808)

    • UPX packer has been detected

      • GenP-v3.6.8.exe (PID: 6808)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (87.1)
.exe | Generic Win/DOS Executable (6.4)
.exe | DOS Executable Generic (6.4)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:07:31 21:15:10+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.16
CodeSize: 421888
InitializedDataSize: 1105920
UninitializedDataSize: 1740800
EntryPoint: 0x20fe70
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
FileVersionNumber: 3.6.8.0
ProductVersionNumber: 3.6.8.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (British)
CharacterSet: Unicode
FileVersion: 3.6.8.0
Comments: GenP
FileDescription: GenP
ProductName: GenP
ProductVersion: 3.6.8
CompanyName: GenP
LegalCopyright: GenP 2025
LegalTradeMarks: GenP 2025
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start genp-v3.6.8.exe slui.exe no specs genp-v3.6.8.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1880C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5436"C:\Users\admin\AppData\Local\Temp\GenP-v3.6.8.exe" C:\Users\admin\AppData\Local\Temp\GenP-v3.6.8.exeexplorer.exe
User:
admin
Company:
GenP
Integrity Level:
MEDIUM
Description:
GenP
Exit code:
3221226540
Version:
3.6.8.0
Modules
Images
c:\users\admin\appdata\local\temp\genp-v3.6.8.exe
c:\windows\system32\ntdll.dll
6808"C:\Users\admin\AppData\Local\Temp\GenP-v3.6.8.exe" C:\Users\admin\AppData\Local\Temp\GenP-v3.6.8.exe
explorer.exe
User:
admin
Company:
GenP
Integrity Level:
HIGH
Description:
GenP
Exit code:
0
Version:
3.6.8.0
Modules
Images
c:\users\admin\appdata\local\temp\genp-v3.6.8.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
343
Read events
343
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
1
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
6808GenP-v3.6.8.exeC:\Users\admin\AppData\Local\Temp\autC5DB.tmpbinary
MD5:A7C593B86D7A8C26E6683C1AD90001FD
SHA256:CD1680B115EE923AB14C9A23317982B5EC0CFBC506DEFC1D4A23E04EDD6E5B79
6808GenP-v3.6.8.exeC:\Users\admin\AppData\Local\Temp\config.iniini
MD5:9E9E253A5B55B1C3E7406C95A90AAE58
SHA256:A712B27B3327D95A09AE7EE08672DF63B2A84731EAD829124CA4D0EF4B75F130
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
20
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
504
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5780
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5780
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5288
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
504
svchost.exe
40.126.32.134:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
504
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
1268
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.46
whitelisted
login.live.com
  • 40.126.32.134
  • 20.190.160.22
  • 40.126.32.76
  • 20.190.160.3
  • 20.190.160.131
  • 40.126.32.140
  • 40.126.32.138
  • 20.190.160.65
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted
self.events.data.microsoft.com
  • 20.42.65.84
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
GenP-v3.6.8.exe