File name:

Installer_TranslateAI_r1.7.9.exe

Full analysis: https://app.any.run/tasks/b8bc8f77-26fe-49b5-81d5-286bbc488911
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 09, 2025, 18:31:55
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
electron-js
nodejs
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

DE495C684CD792533B6B3489DD1F0412

SHA1:

F2F03BB13A055FDB14B1D671887C698FC5F5962E

SHA256:

55395BFDCF67BCECDF3C0E441090030DE8971DBEA32843C3AF845574E0DACFEC

SSDEEP:

98304:+gV9ooZ5bbo5iCa+0NB6WKt6vaBtpgdCdp+OifogLnuOPFzrH78A6sKoOrQzf6YJ:FLWQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process requests binary or script from the Internet

      • Installer_TranslateAI_r1.7.9.exe (PID: 5008)

    • The process creates files with name similar to system file names

      • __Package_TranslateAI.exe (PID: 1296)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • __Package_TranslateAI.exe (PID: 1296)

    • Potential Corporate Privacy Violation

      • Installer_TranslateAI_r1.7.9.exe (PID: 5008)

    • Executable content was dropped or overwritten

      • __Package_TranslateAI.exe (PID: 1296)

    • There is functionality for taking screenshot (YARA)

      • __Package_TranslateAI.exe (PID: 1296)

    • Process drops legitimate windows executable

      • __Package_TranslateAI.exe (PID: 1296)

    • Creates a software uninstall entry

      • __Package_TranslateAI.exe (PID: 1296)

    • Application launched itself

      • xunjietranslate.exe (PID: 6768)

    • Reads security settings of Internet Explorer

      • __Package_TranslateAI.exe (PID: 1296)

    • Starts CMD.EXE for commands execution

      • xunjietranslate.exe (PID: 6768)

    • The process deletes folder without confirmation

      • xunjietranslate.exe (PID: 6768)

  • INFO

    • The sample compiled with english language support

      • Installer_TranslateAI_r1.7.9.exe (PID: 5008)
      • __Package_TranslateAI.exe (PID: 1296)

    • Checks supported languages

      • Installer_TranslateAI_r1.7.9.exe (PID: 5008)
      • __Package_TranslateAI.exe (PID: 1296)
      • HdLaunchSplash.exe (PID: 7016)
      • xunjietranslate.exe (PID: 6768)
      • xunjietranslate.exe (PID: 1352)
      • xunjietranslate.exe (PID: 5244)
      • xunjietranslate.exe (PID: 5612)
      • xunjietranslate.exe (PID: 1036)
      • xunjietranslate.exe (PID: 480)
      • PDFConsole.exe (PID: 6700)
      • xunjietranslate.exe (PID: 4112)

    • Reads the computer name

      • Installer_TranslateAI_r1.7.9.exe (PID: 5008)
      • __Package_TranslateAI.exe (PID: 1296)
      • xunjietranslate.exe (PID: 6768)
      • xunjietranslate.exe (PID: 1352)
      • HdLaunchSplash.exe (PID: 7016)
      • xunjietranslate.exe (PID: 5612)
      • xunjietranslate.exe (PID: 480)
      • xunjietranslate.exe (PID: 5244)
      • PDFConsole.exe (PID: 6700)
      • xunjietranslate.exe (PID: 4112)

    • Creates files or folders in the user directory

      • Installer_TranslateAI_r1.7.9.exe (PID: 5008)
      • __Package_TranslateAI.exe (PID: 1296)
      • xunjietranslate.exe (PID: 6768)
      • PDFConsole.exe (PID: 6700)
      • xunjietranslate.exe (PID: 5612)
      • xunjietranslate.exe (PID: 5244)

    • The sample compiled with chinese language support

      • Installer_TranslateAI_r1.7.9.exe (PID: 5008)
      • __Package_TranslateAI.exe (PID: 1296)

    • Reads the software policy settings

      • slui.exe (PID: 1612)
      • xunjietranslate.exe (PID: 5244)

    • Checks proxy server information

      • slui.exe (PID: 1612)
      • xunjietranslate.exe (PID: 6768)

    • Create files in a temporary directory

      • __Package_TranslateAI.exe (PID: 1296)
      • xunjietranslate.exe (PID: 6768)

    • Creates files in the program directory

      • __Package_TranslateAI.exe (PID: 1296)

    • Process checks computer location settings

      • __Package_TranslateAI.exe (PID: 1296)
      • xunjietranslate.exe (PID: 6768)
      • xunjietranslate.exe (PID: 5612)
      • xunjietranslate.exe (PID: 4112)

    • ELECTRON JS mutex has been found

      • xunjietranslate.exe (PID: 6768)

    • Reads the machine GUID from the registry

      • xunjietranslate.exe (PID: 5244)

    • Node.js compiler has been detected

      • xunjietranslate.exe (PID: 6768)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:05 02:00:07+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 1209856
InitializedDataSize: 1660928
UninitializedDataSize: -
EntryPoint: 0xdccaa
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 1.0.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: TranslateAI
CompanyName: Shanghai Hudun Information Technology Co., Ltd
FileDescription: TranslateAI
FileVersion: 1.7.9
InternalName: TranslateAI
LegalCopyright: Shanghai Hudun Information Technology Co., Ltd
LegalTrademarks: Hudun Technology
OriginalFileName: TranslateAI
PrivateBuild: TranslateAI
ProductName: TranslateAI
ProductVersion: 1.7.9
SpecialBuild: TranslateAI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
162
Monitored processes
25
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start installer_translateai_r1.7.9.exe slui.exe __package_translateai.exe no specs conhost.exe no specs xunjietranslate.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs xunjietranslate.exe no specs hdlaunchsplash.exe no specs pdfconsole.exe no specs xunjietranslate.exe conhost.exe no specs comppkgsrv.exe no specs xunjietranslate.exe no specs xunjietranslate.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs xunjietranslate.exe no specs xunjietranslate.exe no specs installer_translateai_r1.7.9.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
480"C:\Users\admin\AppData\Roaming\hudun\TranslateAI\xunjietranslate.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1844,8157396670880780645,15130137411964376954,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=audio --ignore-certificate-errors --ignore-certificate-errors --mojo-platform-channel-handle=3292 /prefetch:8C:\Users\admin\AppData\Roaming\hudun\TranslateAI\xunjietranslate.exexunjietranslate.exe
User:
admin
Company:
ShangHai Hudun Information Technology Co., Ltd
Integrity Level:
LOW
Description:
xunjietranslate
Version:
1.15.0
Modules
Images
c:\users\admin\appdata\roaming\hudun\translateai\xunjietranslate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
684C:\WINDOWS\system32\cmd.exe /d /s /c "rmdir /s /q C:\Users\admin\AppData\Local\Temp\pdfHelper"C:\Windows\SysWOW64\cmd.exexunjietranslate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
2
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1036"C:\Users\admin\AppData\Roaming\hudun\TranslateAI\xunjietranslate.exe" --type=utility --utility-sub-type=proxy_resolver.mojom.ProxyResolverFactory --field-trial-handle=1844,8157396670880780645,15130137411964376954,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=proxy_resolver --ignore-certificate-errors --ignore-certificate-errors --mojo-platform-channel-handle=3112 /prefetch:8C:\Users\admin\AppData\Roaming\hudun\TranslateAI\xunjietranslate.exexunjietranslate.exe
User:
admin
Company:
ShangHai Hudun Information Technology Co., Ltd
Integrity Level:
LOW
Description:
xunjietranslate
Version:
1.15.0
Modules
Images
c:\users\admin\appdata\roaming\hudun\translateai\xunjietranslate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
1160\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1296"C:\Users\admin\AppData\Roaming\hudun\TranslateAI\__Package_TranslateAI.exe" /S -console=show -version=1.0.0 -adminact=true -authorizationact=true -dsc=true -ssc=true -inslang="en-US" -instdir="C:\Users\admin\AppData\Roaming\hudun\TranslateAI" /D=C:\Users\admin\AppData\Roaming\hudun\TranslateAIC:\Users\admin\AppData\Roaming\hudun\TranslateAI\__Package_TranslateAI.exeInstaller_TranslateAI_r1.7.9.exe
User:
admin
Company:
上海互盾信息科技有限公司
Integrity Level:
HIGH
Description:
TranslateAI
Exit code:
0
Version:
1.15.0.0
Modules
Images
c:\users\admin\appdata\roaming\hudun\translateai\__package_translateai.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1352"C:\Users\admin\AppData\Roaming\hudun\TranslateAI\xunjietranslate.exe" --type=gpu-process --field-trial-handle=1844,8157396670880780645,15130137411964376954,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1812 /prefetch:2C:\Users\admin\AppData\Roaming\hudun\TranslateAI\xunjietranslate.exexunjietranslate.exe
User:
admin
Company:
ShangHai Hudun Information Technology Co., Ltd
Integrity Level:
LOW
Description:
xunjietranslate
Version:
1.15.0
Modules
Images
c:\users\admin\appdata\roaming\hudun\translateai\xunjietranslate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
1612C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1752C:\WINDOWS\system32\cmd.exe /d /s /c "rmdir /s /q C:\Users\admin\AppData\Local\Temp\photoRepair_pc"C:\Windows\SysWOW64\cmd.exexunjietranslate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
2
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1932C:\WINDOWS\system32\cmd.exe /d /s /c "rmdir /s /q C:\Users\admin\AppData\Roaming\hudun\TranslateAI\resources\tempImages"C:\Windows\SysWOW64\cmd.exexunjietranslate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
2
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
3580\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exe__Package_TranslateAI.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
9 251
Read events
9 222
Write events
11
Delete events
18

Modification events

(PID) Process:(1296) __Package_TranslateAI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\xunjietranslate
Operation:writeName:name
Value:
C:\Users\admin\AppData\Roaming\hudun\TranslateAI\xunjietranslate.exe
(PID) Process:(1296) __Package_TranslateAI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\xunjietranslate
Operation:writeName:installpath
Value:
C:\Users\admin\AppData\Roaming\hudun\TranslateAI
(PID) Process:(1296) __Package_TranslateAI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TranslateAI
Operation:writeName:DisplayName
Value:
TranslateAI 1.15.0.0
(PID) Process:(1296) __Package_TranslateAI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TranslateAI
Operation:writeName:UninstallString
Value:
C:\Users\admin\AppData\Roaming\hudun\TranslateAI\uninst.exe
(PID) Process:(1296) __Package_TranslateAI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TranslateAI
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Roaming\hudun\TranslateAI\logo.ico
(PID) Process:(1296) __Package_TranslateAI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TranslateAI
Operation:writeName:DisplayVersion
Value:
1.15.0.0
(PID) Process:(1296) __Package_TranslateAI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TranslateAI
Operation:writeName:URLInfoAbout
Value:
https://www.workintool.com/
(PID) Process:(1296) __Package_TranslateAI.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TranslateAI
Operation:writeName:Publisher
Value:
上海互盾信息科技有限公司
(PID) Process:(1296) __Package_TranslateAI.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Operation:writeName:C:\Users\admin\AppData\Roaming\hudun\TranslateAI\xunjietranslate.exe
Value:
WIN10RTM
(PID) Process:(5008) Installer_TranslateAI_r1.7.9.exeKey:HKEY_CURRENT_USER\SOFTWARE\HuDunSoft\TranslateAI
Operation:writeName:InstallPath
Value:
C:\Users\admin\AppData\Roaming\hudun\TranslateAI
Executable files
43
Suspicious files
243
Text files
295
Unknown types
86

Dropped files

PID
Process
Filename
Type
5008Installer_TranslateAI_r1.7.9.exeC:\Users\admin\AppData\Roaming\hudun\TranslateAI\__Package_TranslateAI.exe.part
MD5:
SHA256:
5008Installer_TranslateAI_r1.7.9.exeC:\Users\admin\AppData\Roaming\hudun\TranslateAI\__Package_TranslateAI.exe
MD5:
SHA256:
5008Installer_TranslateAI_r1.7.9.exeC:\Users\admin\AppData\Roaming\HuDunData\TranslateAI\HDSensorsAnalytics.initext
MD5:D12419B75865C3577FAF42BA24DDF97F
SHA256:C9BFF7F37D52A3974C77A39C4432C17BA98325CA00CDB646520FAE9DA3B827C6
5008Installer_TranslateAI_r1.7.9.exeC:\Users\admin\AppData\Roaming\hudun\TranslateAI\set.initext
MD5:90BDE857098E493D138D9AEC17665A91
SHA256:5015CB49400B1DE6BAE9F0B79968194F700570D7105B001D8F1C119712842A07
1296__Package_TranslateAI.exeC:\Users\admin\AppData\Roaming\hudun\TranslateAI\releasenotestext
MD5:BE171FC1D15B485E5323A99D592ED778
SHA256:C55D807464F0AC6F9CF03D41143E319662ECEA0A295869656ACC4586B619DBAC
1296__Package_TranslateAI.exeC:\Users\admin\AppData\Local\Temp\nsnAC3B.tmp\KillProcDLL.dllexecutable
MD5:1CC87D2B5A79B18F133B4F944E2F2F74
SHA256:DE1177A4BD1C56C3555F366D40B37D7DD9CB25E16C4973D0A4D22BF9A8AF7AED
1296__Package_TranslateAI.exeC:\Users\admin\AppData\Local\Temp\nsnAC3B.tmp\System.dllexecutable
MD5:8CF2AC271D7679B1D68EEFC1AE0C5618
SHA256:6950991102462D84FDC0E3B0AE30C95AF8C192F77CE3D78E8D54E6B22F7C09BA
1296__Package_TranslateAI.exeC:\Users\admin\AppData\Roaming\hudun\TranslateAI\locales\am.pakpgc
MD5:4E7DB89A9F5C07A295DE43B745E5658B
SHA256:4C0B4273DC4103C666FF01ED8B9DB995F68C5C178973465BB25CD5CDF99EF01A
1296__Package_TranslateAI.exeC:\Users\admin\AppData\Roaming\hudun\TranslateAI\locales\ar.pakpgc
MD5:70BB1C831327B26E4DD74097F59A55B0
SHA256:776DB47DD91BCE8BC813A54A815BE3E73B6E58E9FE5F24DB7BF0D8C06A240F6A
1296__Package_TranslateAI.exeC:\Users\admin\AppData\Roaming\hudun\TranslateAI\locales\bn.pakpgc
MD5:138A560F045E2F0F20A093B254CC2A86
SHA256:2FA9FA7D2A69818846FF28E05F0F48817A7CD1C608315AC84E4EF3CA43F70CA4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
142
TCP/UDP connections
104
DNS requests
45
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6368
RUXIMICS.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6368
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5008
Installer_TranslateAI_r1.7.9.exe
HEAD
302
43.152.25.74:80
http://tj2.sjhfrj.com/software/447
unknown
unknown
5008
Installer_TranslateAI_r1.7.9.exe
HEAD
200
163.181.58.170:80
http://download2.huduntech.com/application/workspace/40/40063d2117712840000a817b6988542c/setup_TranslateAI_1.15.0.0.exe
unknown
whitelisted
5008
Installer_TranslateAI_r1.7.9.exe
GET
200
163.181.58.170:80
http://download2.huduntech.com/application/workspace/40/40063d2117712840000a817b6988542c/setup_TranslateAI_1.15.0.0.exe
unknown
whitelisted
GET
304
4.245.163.56:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6368
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6368
RUXIMICS.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 172.217.16.142
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
  • 2.16.168.124
  • 2.16.168.114
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 95.101.149.131
whitelisted
tj2.sjhfrj.com
  • 43.152.25.74
  • 101.33.5.30
  • 43.152.43.121
  • 172.235.157.124
unknown
download2.huduntech.com
  • 163.181.58.170
  • 163.181.58.174
  • 163.181.58.175
  • 163.181.58.172
  • 163.181.58.171
  • 163.181.58.176
  • 163.181.58.173
  • 163.181.58.177
whitelisted
login.live.com
  • 40.126.32.72
  • 20.190.160.17
  • 20.190.160.20
  • 20.190.160.65
  • 40.126.32.74
  • 20.190.160.67
  • 20.190.160.66
  • 40.126.32.134
whitelisted
nexusrules.officeapps.live.com
  • 52.111.227.13
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted

Threats

PID
Process
Class
Message
5008
Installer_TranslateAI_r1.7.9.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Process
Message
Installer_TranslateAI_r1.7.9.exe
<P05008><T04960><2025-07-09 18:32:07.707>(CDownloadInstaller::Start)<0189>: DL_TYPE=1
Installer_TranslateAI_r1.7.9.exe
<P05008><T00888><2025-07-09 18:32:07.723>(Utils::Thread::CallBack)<0101>: THREAD BEGIN
Installer_TranslateAI_r1.7.9.exe
<P05008><T00888><2025-07-09 18:32:07.723>(CDownloadInstaller::Start::<lambda_1ef34beec4aa6ee6dcdb475b7b5e6dc9>::operator ())<0074>: DL_CODE_START
Installer_TranslateAI_r1.7.9.exe
<P05008><T00888><2025-07-09 18:32:07.723>(CurlClient::Start)<0060>: start download
Installer_TranslateAI_r1.7.9.exe
<P05008><T00888><2025-07-09 18:32:11.426>(CurlClient::Head)<0338>: error:0:No error
Installer_TranslateAI_r1.7.9.exe
<P05008><T00888><2025-07-09 18:32:11.426>(CurlClient::GetDownloadFileLength)<0349>: error:0:No error
Installer_TranslateAI_r1.7.9.exe
<P05008><T00888><2025-07-09 18:32:11.988>(CDownloadInstaller::Start::<lambda_1ef34beec4aa6ee6dcdb475b7b5e6dc9>::operator ())<0079>: DL_CODE_PROGRESS
Installer_TranslateAI_r1.7.9.exe
<P05008><T00888><2025-07-09 18:32:11.988>(CurlClient::ProgressCallback)<0270>: 0M 153M progress:0.003671% speed:10.592773
Installer_TranslateAI_r1.7.9.exe
<P05008><T00888><2025-07-09 18:32:13.051>(CDownloadInstaller::Start::<lambda_1ef34beec4aa6ee6dcdb475b7b5e6dc9>::operator ())<0079>: DL_CODE_PROGRESS
Installer_TranslateAI_r1.7.9.exe
<P05008><T00888><2025-07-09 18:32:13.051>(CurlClient::ProgressCallback)<0270>: 0M 153M progress:0.164316% speed:160.913086
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Installer_TranslateAI_r1.7.9.exe