File name:

_6e4a11613fc3ddd4ae13f4e44fe1d57c8c572dec7370d8e7cc98c7222f6092c5.fpx

Full analysis: https://app.any.run/tasks/f60eeb28-9ce2-4673-b07b-bc5b23bcc443
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: August 01, 2025, 15:55:14
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-startup
adware
takemyfile
advancedinstaller
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 14:06:51 2020, Security: 0, Code page: 1252, Revision Number: {08D0C228-1822-440E-B8E8-05BF3D03DFE7}, Number of Words: 10, Subject: 0073356253, Author: 88346324655, Name of Creating Application: Advanced Installer 18.3 build e2a0201b, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o 0073356253., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
MD5:

EDE195D0BF72B1173818A8C9A67BB854

SHA1:

B1BB20EF6A53671658B0D3A0251FE620B7CF8A23

SHA256:

6E4A11613FC3DDD4AE13F4E44FE1D57C8C572DEC7370D8E7CC98C7222F6092C5

SSDEEP:

98304:y211IdCQXgoB4VVq3VuCM22OmxotWLBGr31hWdbkWkoPp24o+C+552IbAlLnkGtG:FAEs4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Create files in the Startup directory

      • msiexec.exe (PID: 1872)

    • ADWARE has been detected (SURICATA)

      • msiexec.exe (PID: 2460)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 4012)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 2460)

    • Checks for Java to be installed

      • msiexec.exe (PID: 2460)

    • Application launched itself

      • msiexec.exe (PID: 4012)
      • updater.exe (PID: 4104)

    • Reads the date of Windows installation

      • msiexec.exe (PID: 1872)

    • Detects AdvancedInstaller (YARA)

      • msiexec.exe (PID: 5436)
      • msiexec.exe (PID: 4012)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 1872)
      • msiexec.exe (PID: 2460)

    • The system shut down or reboot

      • msiexec.exe (PID: 1872)

    • The process executes via Task Scheduler

      • updater.exe (PID: 4104)
      • PLUGScheduler.exe (PID: 4028)

    • Access to an unwanted program domain was detected

      • msiexec.exe (PID: 2460)

    • Likely accesses (executes) a file from the Public directory

      • fvIfObLIPm!=@.exe (PID: 5524)

  • INFO

    • The sample compiled with english language support

      • msiexec.exe (PID: 4012)
      • msiexec.exe (PID: 2460)

    • Reads the computer name

      • msiexec.exe (PID: 2460)
      • msiexec.exe (PID: 4012)
      • msiexec.exe (PID: 1872)
      • updater.exe (PID: 4104)
      • fvIfObLIPm!=@.exe (PID: 5524)
      • PLUGScheduler.exe (PID: 4028)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 2460)
      • msiexec.exe (PID: 1872)

    • Checks supported languages

      • msiexec.exe (PID: 2460)
      • msiexec.exe (PID: 4012)
      • msiexec.exe (PID: 1872)
      • updater.exe (PID: 5024)
      • fvIfObLIPm!=@.exe (PID: 5524)
      • PLUGScheduler.exe (PID: 4028)
      • updater.exe (PID: 4104)

    • Create files in a temporary directory

      • msiexec.exe (PID: 2460)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4012)
      • msiexec.exe (PID: 2460)
      • msiexec.exe (PID: 1872)

    • Reads Microsoft Office registry keys

      • msiexec.exe (PID: 2460)

    • Reads Environment values

      • msiexec.exe (PID: 2460)
      • msiexec.exe (PID: 1872)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4012)

    • Launching a file from the Startup directory

      • msiexec.exe (PID: 1872)

    • Process checks computer location settings

      • msiexec.exe (PID: 1872)

    • Checks proxy server information

      • msiexec.exe (PID: 2460)

    • Process checks whether UAC notifications are on

      • updater.exe (PID: 4104)

    • Manual execution by a user

      • fvIfObLIPm!=@.exe (PID: 5524)

    • Reads the machine GUID from the registry

      • fvIfObLIPm!=@.exe (PID: 5524)

    • Reads CPU info

      • fvIfObLIPm!=@.exe (PID: 5524)

    • Creates files in the program directory

      • PLUGScheduler.exe (PID: 4028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (81.9)
.mst | Windows SDK Setup Transform Script (9.2)
.msp | Windows Installer Patch (7.6)
.msi | Microsoft Installer (100)

EXIF

FlashPix

LastPrinted: 2009:12:11 11:47:44
CreateDate: 2009:12:11 11:47:44
ModifyDate: 2020:09:18 14:06:51
Security: None
CodePage: Windows Latin 1 (Western European)
RevisionNumber: {08D0C228-1822-440E-B8E8-05BF3D03DFE7}
Words: 10
Subject: 0073356253
Author: 88346324655
LastModifiedBy: -
Software: Advanced Installer 18.3 build e2a0201b
Template: ;1046
Comments: A base dados do instalador contêm a lógica e os dados necessários para instalar o 0073356253.
Title: Installation Database
Keywords: Installer, MSI, Database
Pages: 200
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
265
Monitored processes
11
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe no specs msiexec.exe #ADWARE msiexec.exe msiexec.exe shutdown.exe no specs conhost.exe no specs slui.exe no specs plugscheduler.exe no specs updater.exe no specs updater.exe no specs fvifoblipm!=@.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1612\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeshutdown.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1872C:\Windows\System32\MsiExec.exe -Embedding 766B282C1C4A1AA69A9F958D268D7025C:\Windows\System32\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2460C:\Windows\syswow64\MsiExec.exe -Embedding C540A60CE498BDEE07D3D4E7D4E93B15C:\Windows\SysWOW64\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4012C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4028"C:\Program Files\RUXIM\PLUGscheduler.exe"C:\Program Files\RUXIM\PLUGScheduler.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Update LifeCycle Component Scheduler
Exit code:
0
Version:
10.0.19041.3623 (WinBuild.160101.0800)
Modules
Images
c:\program files\ruxim\plugscheduler.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
4044C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
1073807364
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4104"C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe" --wake --systemC:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exesvchost.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Updater
Exit code:
0
Version:
134.0.6985.0
Modules
Images
c:\program files (x86)\google\googleupdater\134.0.6985.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
5024"C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=134.0.6985.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x29c,0x2a0,0x2a4,0x298,0x2a8,0x12ac460,0x12ac46c,0x12ac478C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exeupdater.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Updater
Exit code:
0
Version:
134.0.6985.0
Modules
Images
c:\program files (x86)\google\googleupdater\134.0.6985.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
5436"C:\Windows\System32\msiexec.exe" /i C:\Users\admin\Desktop\_6e4a11613fc3ddd4ae13f4e44fe1d57c8c572dec7370d8e7cc98c7222f6092c5.fpx.msiC:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5524"C:\Users\Public\AowDcRGhR\fvIfObLIPm!=@.exe" C:\Users\Public\AowDcRGhR\fvIfObLIPm!=@.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
修图
Version:
1.0.0.0
Modules
Images
c:\users\public\aowdcrghr\fvifoblipm!=@.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\public\aowdcrghr\__.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
Total events
3 531
Read events
3 430
Write events
92
Delete events
9

Modification events

(PID) Process:(4012) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
AC0F0000AC313AB1FC02DC01
(PID) Process:(4012) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
ED718A3864F434E86B28CC2A02DADF1C30398DC9583BA4B4B59063720E4F15E4
(PID) Process:(4012) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(4012) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:writeName:C:\Config.Msi\
Value:
(PID) Process:(4012) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:C:\Config.Msi\18dacd.rbs
Value:
31195900
(PID) Process:(4012) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:C:\Config.Msi\18dacd.rbsLow
Value:
(PID) Process:(4012) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:writeName:C:\Users\admin\AppData\Roaming\Microsoft\Installer\
Value:
(PID) Process:(4012) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\A6559362FD120D44AB5F818C8E44F5F8
Operation:writeName:13741B3685F334D4DA3B600AE411CE85
Value:
C:\Users\Public\88346324655\0073356253\
(PID) Process:(4012) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\4AB8D8B74DBDB8043992285A46F8A673
Operation:writeName:13741B3685F334D4DA3B600AE411CE85
Value:
01:\Software\88346324655\0073356253\Version
(PID) Process:(4012) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\F0D6DF7000B37094DA9A679F14666241
Operation:writeName:13741B3685F334D4DA3B600AE411CE85
Value:
01:\Software\88346324655\{63B14731-3F58-4D43-ADB3-06A04E11EC58}\AI_IA_ENABLE
Executable files
17
Suspicious files
9
Text files
5
Unknown types
50

Dropped files

PID
Process
Filename
Type
2460msiexec.exeC:\Users\admin\AppData\Local\AdvinstAnalytics\688bb815a7bf591e4af4f366\1.0.0\{71C1B61A-CDEF-452F-92E2-73E15324029D}.sessiontext
MD5:F9BC97EDE7DB0620D53321394C50742B
SHA256:F5F3CC594529DC8ADC2B3E94BFF594424CCA403F32CE87D462712EF239EB9F7F
4012msiexec.exeC:\Windows\Installer\MSIDC55.tmpexecutable
MD5:D51A7E3BCE34C74638E89366DEEE2AAB
SHA256:7C6BDF16A0992DB092B7F94C374B21DE5D53E3043F5717A6EECAE614432E0DF5
4012msiexec.exeC:\Windows\Installer\18dacb.msiexecutable
MD5:EDE195D0BF72B1173818A8C9A67BB854
SHA256:6E4A11613FC3DDD4AE13F4E44FE1D57C8C572DEC7370D8E7CC98C7222F6092C5
4012msiexec.exeC:\Windows\Installer\MSIDB57.tmpexecutable
MD5:573F5E653258BF622AE1C0AD118880A2
SHA256:371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
4012msiexec.exeC:\Windows\Installer\MSIDE4B.tmpexecutable
MD5:573F5E653258BF622AE1C0AD118880A2
SHA256:371D1346EC9CA236B257FED5B5A5C260114E56DFF009F515FA543E11C4BB81F7
2460msiexec.exeC:\Users\admin\AppData\Local\Temp\shiDCB0.tmpexecutable
MD5:B44E8A0CFA9E2816449D5B56098890C3
SHA256:3827A5A73D4404B226B2FC00517EDB148AEB9185E0CCD790938FCBA86972DB54
2460msiexec.exeC:\Users\admin\AppData\Local\Temp\shiDC70.tmpexecutable
MD5:F8020A76E8616207AB1FE91334E5E934
SHA256:67D9FFB4E10EB0C300DA8B52B32728F9683FD4E5AA70AE5307E15CDF0F07A07A
4012msiexec.exeC:\Windows\Installer\MSIDE9A.tmpexecutable
MD5:20C782EB64C81AC14C83A853546A8924
SHA256:0ED6836D55180AF20F71F7852E3D728F2DEFE22AA6D2526C54CFBBB4B48CC6A1
4012msiexec.exeC:\Windows\Temp\~DF54AC41638BD5B84A.TMPgmc
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
4012msiexec.exeC:\Users\Public\AowDcRGhR\__.dllexecutable
MD5:3C971C29397EE33026305D4AD2488FFD
SHA256:EE6325232D3C461EB5729EB89C05F38C84508D5F12475D8010FFB187C236F6D9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
115
TCP/UDP connections
72
DNS requests
25
Threats
40

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.216.77.35:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6292
RUXIMICS.exe
GET
200
23.216.77.35:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
104.79.89.142:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
104.79.89.142:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6292
RUXIMICS.exe
GET
200
104.79.89.142:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
20.190.160.17:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
POST
400
20.190.160.14:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
20.190.160.17:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.216.77.35:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
400
20.190.160.3:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6292
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.216.77.35:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.216.77.35:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6292
RUXIMICS.exe
23.216.77.35:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
104.79.89.142:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
104.79.89.142:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 52.167.249.196
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.78
whitelisted
crl.microsoft.com
  • 23.216.77.35
  • 23.216.77.29
  • 23.216.77.30
  • 23.216.77.32
  • 23.216.77.34
  • 23.216.77.23
  • 23.216.77.21
  • 23.216.77.26
  • 23.216.77.20
  • 23.216.77.16
  • 23.216.77.22
  • 23.216.77.6
  • 23.216.77.19
  • 23.216.77.7
  • 23.216.77.8
whitelisted
www.microsoft.com
  • 104.79.89.142
  • 23.35.229.160
whitelisted
login.live.com
  • 20.190.160.3
  • 40.126.32.76
  • 20.190.160.66
  • 20.190.160.14
  • 20.190.160.2
  • 20.190.160.17
  • 20.190.160.4
  • 40.126.32.140
whitelisted
collect.installeranalytics.com
  • 34.233.25.52
  • 3.208.198.100
whitelisted
slscr.update.microsoft.com
  • 74.178.76.128
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted
self.events.data.microsoft.com
  • 20.189.173.1
  • 20.189.173.13
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted

Threats

PID
Process
Class
Message
2460
msiexec.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] TakeMyFile UA
2460
msiexec.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] TakeMyFile UA
2460
msiexec.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] TakeMyFile UA
2460
msiexec.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] TakeMyFile UA
2460
msiexec.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] TakeMyFile UA
2460
msiexec.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] TakeMyFile UA
2460
msiexec.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] TakeMyFile UA
2460
msiexec.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] TakeMyFile UA
2460
msiexec.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] TakeMyFile UA
2460
msiexec.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] TakeMyFile UA
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
_6e4a11613fc3ddd4ae13f4e44fe1d57c8c572dec7370d8e7cc98c7222f6092c5.fpx