File name:

_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe

Full analysis: https://app.any.run/tasks/ef4d9f70-81a6-428a-81e4-8a65849ab0a2
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: December 13, 2025, 14:56:05
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

22EFCA03C72A9138012ABCCF517D42E0

SHA1:

F22A314B94E5CB46E0A4B3C68689C82B39D6C4D3

SHA256:

64B97D63AF694192E4D6BA57C278EC324EAF6C8700C0F7CADE06F5A08DA81F5A

SSDEEP:

98304:bPXS+DPCqpT/nobF7L79C1bDyRJ0tk9E8kjGHAJjEFiD5sIbpbV/ZDgyxQTGfSwD:P3OtdOWlk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe (PID: 7672)
      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe (PID: 7920)
      • kxetray.exe (PID: 8072)
      • kxetray.exe (PID: 7460)
      • kxetray.exe (PID: 7376)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe (PID: 7672)
      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7712)
      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe (PID: 7920)
      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7960)

    • Reads the Windows owner or organization settings

      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7712)
      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7960)

    • Reads security settings of Internet Explorer

      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7712)

    • The process drops C-runtime libraries

      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7960)

    • Multiple wallet extension IDs have been found

      • kxetray.exe (PID: 8072)

    • Connects to unusual port

      • kxetray.exe (PID: 8072)

    • The process executes via Task Scheduler

      • kxetray.exe (PID: 7460)
      • kxetray.exe (PID: 7376)

    • Process drops legitimate windows executable

      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7960)

  • INFO

    • Checks supported languages

      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe (PID: 7672)
      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7712)
      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe (PID: 7920)
      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7960)
      • kxetray.exe (PID: 8072)
      • kxetray.exe (PID: 7460)
      • kxetray.exe (PID: 7376)

    • Create files in a temporary directory

      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe (PID: 7672)
      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7712)
      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe (PID: 7920)
      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7960)

    • Reads the computer name

      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7712)
      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7960)
      • kxetray.exe (PID: 8072)
      • kxetray.exe (PID: 7460)
      • kxetray.exe (PID: 7376)

    • Process checks computer location settings

      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7712)

    • Creates files in the program directory

      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7960)
      • kxetray.exe (PID: 8072)

    • The sample compiled with english language support

      • _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp (PID: 7960)

    • Reads the machine GUID from the registry

      • kxetray.exe (PID: 8072)

    • UPX packer has been detected

      • kxetray.exe (PID: 8072)

    • Checks proxy server information

      • slui.exe (PID: 2860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:09:23 05:03:52+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 716800
InitializedDataSize: 176128
UninitializedDataSize: -
EntryPoint: 0xb0028
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Microsoft Corporation
FileDescription: Compact Bronze Router Service Setup
FileVersion:
LegalCopyright: Microsoft Corporation. All rights reserved.
OriginalFileName:
ProductName: Compact Bronze Router Service
ProductVersion: 10.0.19041.1
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
8
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe _64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp kxetray.exe slui.exe kxetray.exe no specs kxetray.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2860C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7376"C:\ProgramData\fea97c4b-86e9-4778-b6c7-6d228dba5f11\kxetray.exe" -ScanTypeC:\ProgramData\fea97c4b-86e9-4778-b6c7-6d228dba5f11\kxetray.exesvchost.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
MEDIUM
Description:
KXEngine Security Center Tray manager
Exit code:
3221225547
Version:
2010,08,10,224
Modules
Images
c:\programdata\fea97c4b-86e9-4778-b6c7-6d228dba5f11\kxetray.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
7460"C:\ProgramData\fea97c4b-86e9-4778-b6c7-6d228dba5f11\kxetray.exe" -ScanTypeC:\ProgramData\fea97c4b-86e9-4778-b6c7-6d228dba5f11\kxetray.exesvchost.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
MEDIUM
Description:
KXEngine Security Center Tray manager
Exit code:
3221225547
Version:
2010,08,10,224
Modules
Images
c:\programdata\fea97c4b-86e9-4778-b6c7-6d228dba5f11\kxetray.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
7672"C:\Users\admin\Desktop\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe" C:\Users\admin\Desktop\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Compact Bronze Router Service Setup
Exit code:
1
Version:
Modules
Images
c:\users\admin\desktop\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
7712"C:\Users\admin\AppData\Local\Temp\is-JGVI5.tmp\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp" /SL5="$50030,3906421,893952,C:\Users\admin\Desktop\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe" C:\Users\admin\AppData\Local\Temp\is-JGVI5.tmp\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp
_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
1
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-jgvi5.tmp\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
7920"C:\Users\admin\Desktop\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe" /VERYSILENT /PASSWORD=5ade01c6-833a-458e-893f-68f2d9f26e22C:\Users\admin\Desktop\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe
_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Compact Bronze Router Service Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
7960"C:\Users\admin\AppData\Local\Temp\is-E83GR.tmp\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp" /SL5="$60030,3906421,893952,C:\Users\admin\Desktop\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe" /VERYSILENT /PASSWORD=5ade01c6-833a-458e-893f-68f2d9f26e22C:\Users\admin\AppData\Local\Temp\is-E83GR.tmp\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp
_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-e83gr.tmp\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
8072"C:\ProgramData\fea97c4b-86e9-4778-b6c7-6d228dba5f11\kxetray.exe" -ScanTypeC:\ProgramData\fea97c4b-86e9-4778-b6c7-6d228dba5f11\kxetray.exe
_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmp
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
MEDIUM
Description:
KXEngine Security Center Tray manager
Version:
2010,08,10,224
Modules
Images
c:\programdata\fea97c4b-86e9-4778-b6c7-6d228dba5f11\kxetray.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
4 067
Read events
4 067
Write events
0
Delete events
0

Modification events

No data
Executable files
16
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
7920_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exeC:\Users\admin\AppData\Local\Temp\is-E83GR.tmp\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmpexecutable
MD5:5B9506FE1B9A9485762BF4C9F170A840
SHA256:29239D026FD6DA51B7977271A19EB5FBE4BDD5873A1A3DF84CEFC065A02A189F
7712_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmpC:\Users\admin\AppData\Local\Temp\is-612TV.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7960_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmpC:\Users\admin\AppData\Local\Temp\is-BSS1K.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7960_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmpC:\Users\admin\AppData\Local\Temp\is-BSS1K.tmp\_isetup\_isdecmp.dllexecutable
MD5:077CB4461A2767383B317EB0C50F5F13
SHA256:8287D0E287A66EE78537C8D1D98E426562B95C50F569B92CEA9CE36A9FA57E64
7712_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmpC:\Users\admin\AppData\Local\Temp\is-612TV.tmp\_isetup\_isdecmp.dllexecutable
MD5:077CB4461A2767383B317EB0C50F5F13
SHA256:8287D0E287A66EE78537C8D1D98E426562B95C50F569B92CEA9CE36A9FA57E64
7672_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exeC:\Users\admin\AppData\Local\Temp\is-JGVI5.tmp\_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmpexecutable
MD5:5B9506FE1B9A9485762BF4C9F170A840
SHA256:29239D026FD6DA51B7977271A19EB5FBE4BDD5873A1A3DF84CEFC065A02A189F
7960_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmpC:\ProgramData\fea97c4b-86e9-4778-b6c7-6d228dba5f11\is-PLDKB.tmpexecutable
MD5:4C8A880EABC0B4D462CC4B2472116EA1
SHA256:2026F3C4F830DFF6883B88E2647272A52A132F25EB42C0D423E36B3F65A94D08
7960_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmpC:\ProgramData\fea97c4b-86e9-4778-b6c7-6d228dba5f11\is-LQN9C.tmpexecutable
MD5:CAE6861B19A2A7E5D42FEFC4DFDF5CCF
SHA256:C4C8C2D251B90D77D1AC75CBD39C3F0B18FC170D5A95D1C13A0266F7260B479D
7960_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmpC:\ProgramData\fea97c4b-86e9-4778-b6c7-6d228dba5f11\msvcm80.dllexecutable
MD5:CAE6861B19A2A7E5D42FEFC4DFDF5CCF
SHA256:C4C8C2D251B90D77D1AC75CBD39C3F0B18FC170D5A95D1C13A0266F7260B479D
7960_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.tmpC:\ProgramData\fea97c4b-86e9-4778-b6c7-6d228dba5f11\is-MFM9C.tmpexecutable
MD5:E4FECE18310E23B1D8FEE993E35E7A6F
SHA256:02BDDE38E4C6BD795A092D496B8D6060CDBE71E22EF4D7A204E3050C1BE44FA9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
32
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
272
slui.exe
POST
500
128.24.231.64:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2860
slui.exe
POST
500
128.24.231.64:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
4572
svchost.exe
GET
200
2.16.164.72:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
500
128.24.231.64:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
unknown
POST
500
128.24.231.64:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
unknown
6768
MoUsoCoreWorker.exe
GET
200
2.16.164.72:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.164.72:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4572
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
2.16.204.136:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
4572
svchost.exe
2.16.164.72:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
2.16.164.72:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
2.16.164.72:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
4572
svchost.exe
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
6768
MoUsoCoreWorker.exe
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.16.204.136
  • 2.16.204.161
  • 2.16.204.157
  • 2.16.204.138
  • 2.16.204.160
  • 2.16.204.158
  • 2.16.204.137
  • 2.16.204.135
  • 2.16.204.156
whitelisted
google.com
  • 142.250.185.110
whitelisted
crl.microsoft.com
  • 2.16.164.72
  • 2.16.164.114
  • 2.16.164.83
  • 2.16.164.89
  • 2.16.164.99
  • 2.16.164.82
  • 2.16.164.88
  • 2.16.164.104
  • 2.16.164.98
whitelisted
www.microsoft.com
  • 23.59.18.102
whitelisted
activation-v2.sls.microsoft.com
  • 128.24.231.64
whitelisted
self.events.data.microsoft.com
  • 13.89.179.14
whitelisted
dns.msftncsi.com
  • 131.107.255.255
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
_64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a.exe