File name:

iGearRaptor.exe

Full analysis: https://app.any.run/tasks/2d522efc-e55f-4510-9929-9567f546b319
Verdict: Malicious activity
Analysis date: June 23, 2025, 13:52:26
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
advancedinstaller
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

E2269BA1A8D80D31B76E7CFD2FFCB924

SHA1:

D5529A7CE46B6B6E9A9BB36C098C1F69E41C230A

SHA256:

5B3095D6FD25A01097FDD183A22DD808AE423E1E2CFBB2E96435C949CF561273

SSDEEP:

196608:589IlOnQBqY+7DZsY6sLH9Z9nIf67g2qkRKTmju+sKy:58JQxLYzL9Z9nIfogz/Tmy+sT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • ADVANCEDINSTALLER mutex has been found

      • iGearRaptor.exe (PID: 1068)

    • Reads the Windows owner or organization settings

      • iGearRaptor.exe (PID: 1068)
      • iGearRaptor.exe (PID: 432)
      • msiexec.exe (PID: 4892)

    • Process drops legitimate windows executable

      • iGearRaptor.exe (PID: 1068)
      • iGearRaptor.exe (PID: 432)

    • Executable content was dropped or overwritten

      • iGearRaptor.exe (PID: 1068)
      • iGearRaptor.exe (PID: 432)

    • Detects AdvancedInstaller (YARA)

      • iGearRaptor.exe (PID: 1068)
      • iGearRaptor.exe (PID: 432)

    • There is functionality for taking screenshot (YARA)

      • iGearRaptor.exe (PID: 1068)
      • iGearRaptor.exe (PID: 432)

    • Reads security settings of Internet Explorer

      • iGearRaptor.exe (PID: 1068)
      • iGearRaptor.exe (PID: 432)

    • Application launched itself

      • iGearRaptor.exe (PID: 1068)

    • Executes as Windows Service

      • VSSVC.exe (PID: 6796)

  • INFO

    • Checks supported languages

      • iGearRaptor.exe (PID: 1068)
      • msiexec.exe (PID: 4892)
      • msiexec.exe (PID: 5424)
      • iGearRaptor.exe (PID: 432)
      • msiexec.exe (PID: 6380)

    • The sample compiled with english language support

      • iGearRaptor.exe (PID: 1068)
      • iGearRaptor.exe (PID: 432)
      • msiexec.exe (PID: 4892)

    • Creates files or folders in the user directory

      • iGearRaptor.exe (PID: 1068)

    • Reads Environment values

      • iGearRaptor.exe (PID: 1068)
      • msiexec.exe (PID: 5424)
      • iGearRaptor.exe (PID: 432)
      • msiexec.exe (PID: 6380)

    • Reads the computer name

      • msiexec.exe (PID: 4892)
      • iGearRaptor.exe (PID: 1068)
      • msiexec.exe (PID: 5424)
      • iGearRaptor.exe (PID: 432)
      • msiexec.exe (PID: 6380)

    • Create files in a temporary directory

      • iGearRaptor.exe (PID: 1068)
      • iGearRaptor.exe (PID: 432)

    • Process checks computer location settings

      • iGearRaptor.exe (PID: 1068)

    • Reads the machine GUID from the registry

      • iGearRaptor.exe (PID: 432)

    • Manages system restore points

      • SrTasks.exe (PID: 3732)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4892)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4892)

    • The sample compiled with chinese language support

      • msiexec.exe (PID: 4892)

    • Checks proxy server information

      • slui.exe (PID: 1964)

    • Reads the software policy settings

      • slui.exe (PID: 1964)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:03:20 19:48:06+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 1505792
InitializedDataSize: 649728
UninitializedDataSize: -
EntryPoint: 0x121965
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.3.0
ProductVersionNumber: 1.0.3.0
FileFlagsMask: 0x003f
FileFlags: Debug
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Inc
FileDescription: iGear Raptor Installer
FileVersion: 1.0.3
InternalName: iGear Hawk
LegalCopyright: Copyright (C) 2023 Inc
OriginalFileName: iGear Hawk.exe
ProductName: iGear Raptor
ProductVersion: 1.0.3
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
9
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start igearraptor.exe msiexec.exe msiexec.exe no specs igearraptor.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
432"C:\Users\admin\Desktop\iGearRaptor.exe" /i "C:\Users\admin\AppData\Roaming\Inc\iGear Raptor 1.0.3\install\iGear Hawk.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Inc\iGear Raptor" CLIENTPROCESSID="1068" SECONDSEQUENCE="1" CHAINERUIPROCESSID="1068Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_DETECTED_DOTNET_VERSION="4.7.2" AI_SETUPEXEPATH="C:\Users\admin\Desktop\iGearRaptor.exe" SETUPEXEDIR="C:\Users\admin\Desktop\" EXE_CMD_LINE="/exenoupdates /forcecleanup " TARGETDIR="C:\" AI_INSTALL="1" AI_SETUPEXEPATH_ORIGINAL="C:\Users\admin\Desktop\iGearRaptor.exe"C:\Users\admin\Desktop\iGearRaptor.exe
iGearRaptor.exe
User:
admin
Company:
Inc
Integrity Level:
HIGH
Description:
iGear Raptor Installer
Exit code:
0
Version:
1.0.3
Modules
Images
c:\users\admin\desktop\igearraptor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1068"C:\Users\admin\Desktop\iGearRaptor.exe" C:\Users\admin\Desktop\iGearRaptor.exe
explorer.exe
User:
admin
Company:
Inc
Integrity Level:
MEDIUM
Description:
iGear Raptor Installer
Exit code:
0
Version:
1.0.3
Modules
Images
c:\users\admin\desktop\igearraptor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1964C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3732C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4892C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5116\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5424C:\Windows\syswow64\MsiExec.exe -Embedding 4CC9F001B802EC67BBF13DBDDA80F482 CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6380C:\Windows\syswow64\MsiExec.exe -Embedding 844EE87E335FEFC63ECBBF02B1139FC0C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6796C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
7 874
Read events
7 587
Write events
270
Delete events
17

Modification events

(PID) Process:(4892) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
48000000000000002F1D871E46E4DB011C1300008C080000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4892) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
48000000000000002F1D871E46E4DB011C1300008C080000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4892) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
480000000000000080E48B1E46E4DB011C1300008C080000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4892) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
4800000000000000429BBB1E46E4DB011C1300008C080000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6796) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000B5F0C91E46E4DB018C1A0000FC170000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6796) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000B5F0C91E46E4DB018C1A0000FC120000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6796) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Leave)
Value:
4800000000000000F5A4CE1E46E4DB018C1A0000540E0000E80300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6796) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Leave)
Value:
48000000000000007E07D11E46E4DB018C1A0000E4140000E80300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6796) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Operation:delete keyName:(default)
Value:
(PID) Process:(6796) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Operation:writeName:Element
Value:
0000000000000000000000000000000006000000000000004800000000000000715E5C2FA985EB1190A89A9B763584210000000000000000745E5C2FA985EB1190A89A9B7635842100000000000000000000000000000000
Executable files
24
Suspicious files
11
Text files
109
Unknown types
9

Dropped files

PID
Process
Filename
Type
1068iGearRaptor.exeC:\Users\admin\AppData\Roaming\Inc\iGear Raptor 1.0.3\install\holder0.aiph
MD5:
SHA256:
1068iGearRaptor.exeC:\Users\admin\AppData\Roaming\Inc\iGear Raptor 1.0.3\install\iGear Hawk.msiexecutable
MD5:A41F3328B3590392C5744B7B1877D08D
SHA256:0EEC5DA2957136C17EAC992BE660B581D3EC57918215E54CB886C04269A98ACA
1068iGearRaptor.exeC:\Users\admin\AppData\Local\Temp\shi6B3D.tmpexecutable
MD5:84A34BF3486F7B9B7035DB78D78BDD1E
SHA256:F85911C910B660E528D2CF291BAA40A92D09961996D6D84E7A53A7095C7CD96E
1068iGearRaptor.exeC:\Users\admin\AppData\Local\Temp\MSI6B7C.tmpexecutable
MD5:3144225F1A2DCCFDA435970964158357
SHA256:A99D2C6FD1667942A085F01784BD599762182FCE8A8F866FA12AC93F52AE2ED1
1068iGearRaptor.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_1068\insticonimage
MD5:66C842AF0B4FC1C918F531D2E1087B82
SHA256:48278165490487EE414BE65E20501B19A65EDAF1B6F473EB7D8C55023175EC88
1068iGearRaptor.exeC:\Users\admin\AppData\Local\Temp\MSI6BDB.tmpexecutable
MD5:3DF1A130B263DAF320AABFC98B2F0206
SHA256:DB8CFAAFF769FA7117372E2C051A4A5E9646A20777C1C04CBF2F9A42E4799490
1068iGearRaptor.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_1068\tabbackimage
MD5:4C3DDA35E23D44E273D82F7F4C38470A
SHA256:E728F79439E07DF1AFBCF03E8788FA0B8B08CF459DB31FC8568BC511BF799537
1068iGearRaptor.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_1068\infoimage
MD5:554FF4C199562515D758C9ABFF5C2943
SHA256:9AE4A96BF2A349667E844ACC1E2AC4F89361A6182268438F4D063DF3A6FC47BC
1068iGearRaptor.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_1068\exclamicimage
MD5:3DBA38E7A6085876E79F162F9985618C
SHA256:593F94EF1405422B3E453F4422B22C990D84303668D60344C6FD257318E92428
1068iGearRaptor.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_1068\dialogimage
MD5:553DF955CB4B2E7BE5CEF99CB8EC9254
SHA256:F1FCB09DF932AEF09B24EEA796286CEAEDCBCECCD4D8F4536345163C4D3D9FF7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
38
TCP/UDP connections
53
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
184.24.77.16:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
184.24.77.16:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4984
RUXIMICS.exe
GET
200
184.24.77.16:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4984
RUXIMICS.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
20.190.160.64:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
POST
200
40.126.32.140:443
https://login.live.com/RST2.srf
unknown
xml
11.0 Kb
whitelisted
POST
200
40.126.32.133:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
GET
304
4.175.87.197:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4984
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
184.24.77.16:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
184.24.77.16:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4984
RUXIMICS.exe
184.24.77.16:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.238
whitelisted
crl.microsoft.com
  • 184.24.77.16
  • 184.24.77.6
  • 184.24.77.39
  • 184.24.77.34
  • 184.24.77.35
  • 184.24.77.14
  • 184.24.77.13
  • 184.24.77.26
  • 184.24.77.43
  • 184.24.77.37
  • 184.24.77.31
  • 184.24.77.25
  • 184.24.77.41
  • 184.24.77.27
  • 184.24.77.42
whitelisted
www.microsoft.com
  • 2.23.181.156
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
login.live.com
  • 40.126.32.74
  • 40.126.32.138
  • 20.190.160.64
  • 20.190.160.4
  • 40.126.32.140
  • 20.190.160.3
  • 20.190.160.17
  • 20.190.160.66
whitelisted
client.wns.windows.com
  • 172.211.123.249
  • 172.211.123.248
whitelisted
nexusrules.officeapps.live.com
  • 52.111.236.21
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
go.microsoft.com
  • 95.100.186.9
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
iGearRaptor.exe