File name:

BLTools v2.4 [cracked].zip

Full analysis: https://app.any.run/tasks/ea35f827-ea2f-490a-aa50-86846c26abd0
Verdict: Malicious activity
Analysis date: August 05, 2024, 20:13:34
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
susp-powershell
crypto-regex
netreactor
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

40FF3FC085FE496C78B00DA6947F5850

SHA1:

B217187B9C29EF8575A32527D7040ED67D316ACA

SHA256:

86B09840179ABF2B2A60E14008862771EE58BFE207240711EA27F100B7E3C814

SSDEEP:

98304:uQc1iztGC2cxQt1eJ10cRcKVwJ35hiHztO8IDLXWWVH2P0eUGP71SBA24F9MjZJA:i7WU8u8cYb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 6400)
      • BLTools.exe (PID: 6360)
      • Dizxte.png (PID: 6196)

    • Xcopy is used to copy an executable file into an image

      • xcopy.exe (PID: 6536)
      • xcopy.exe (PID: 1860)
      • xcopy.exe (PID: 6768)
      • xcopy.exe (PID: 4604)

    • Starts PowerShell from an unusual location

      • cmd.exe (PID: 4784)
      • cmd.exe (PID: 3164)

    • Changes the autorun value in the registry

      • BLTools.exe (PID: 6360)
      • Dizxte.png (PID: 6196)
      • BLTools.exe (PID: 1452)

    • Dynamically loads an assembly (POWERSHELL)

      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 6400)
      • xcopy.exe (PID: 6536)
      • Dizxte.png (PID: 6196)

    • Reads security settings of Internet Explorer

      • BLTools.exe (PID: 6360)
      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)

    • Starts CMD.EXE for commands execution

      • BLTools.exe (PID: 6360)
      • cmd.exe (PID: 6592)
      • cmd.exe (PID: 4784)
      • Dizxte.png (PID: 4296)
      • cmd.exe (PID: 6684)
      • cmd.exe (PID: 6332)
      • cmd.exe (PID: 3164)

    • Reads the date of Windows installation

      • BLTools.exe (PID: 6360)
      • Dizxte.png (PID: 4296)

    • Executing commands from a ".bat" file

      • BLTools.exe (PID: 6360)
      • cmd.exe (PID: 6592)
      • Dizxte.png (PID: 4296)
      • cmd.exe (PID: 6332)
      • cmd.exe (PID: 6684)

    • Application launched itself

      • cmd.exe (PID: 6592)
      • cmd.exe (PID: 4784)
      • BLTools.exe (PID: 6360)
      • cmd.exe (PID: 6332)
      • cmd.exe (PID: 3164)
      • cmd.exe (PID: 6684)
      • BLTools.exe (PID: 1452)

    • Process copies executable file

      • cmd.exe (PID: 6592)
      • cmd.exe (PID: 4784)
      • cmd.exe (PID: 6332)
      • cmd.exe (PID: 3164)

    • Executable content was dropped or overwritten

      • xcopy.exe (PID: 6536)
      • BLTools.exe (PID: 6360)
      • Dizxte.png (PID: 6196)

    • Starts a Microsoft application from unusual location

      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)

    • The executable file from the user directory is run by the CMD process

      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)

    • Starts application with an unusual extension

      • cmd.exe (PID: 4784)
      • cmd.exe (PID: 3164)

    • Uses base64 encoding (POWERSHELL)

      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)

    • Reverses array data (POWERSHELL)

      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)

    • Checks Windows Trust Settings

      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)

    • Found regular expressions for crypto-addresses (YARA)

      • Dizxte.png (PID: 6196)

  • INFO

    • Reads the machine GUID from the registry

      • BLTools.exe (PID: 6360)
      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)
      • BLTools.exe (PID: 1452)
      • Lisance Activate Crack.exe (PID: 6252)

    • Manual execution by a user

      • BLTools.exe (PID: 6360)
      • BLTools.exe (PID: 1452)
      • Lisance Activate Crack.exe (PID: 6252)

    • Checks supported languages

      • BLTools.exe (PID: 6360)
      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)
      • BLTools.exe (PID: 1452)
      • Lisance Activate Crack.exe (PID: 6252)

    • Reads the computer name

      • BLTools.exe (PID: 6360)
      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)
      • BLTools.exe (PID: 1452)
      • Lisance Activate Crack.exe (PID: 6252)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6400)

    • Process checks computer location settings

      • BLTools.exe (PID: 6360)
      • Dizxte.png (PID: 4296)

    • Create files in a temporary directory

      • BLTools.exe (PID: 6360)
      • xcopy.exe (PID: 6536)
      • xcopy.exe (PID: 6312)
      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)

    • Drops the executable file immediately after the start

      • xcopy.exe (PID: 6536)

    • Reads the software policy settings

      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)

    • Reads Environment values

      • Dizxte.png (PID: 4296)
      • Dizxte.png (PID: 6196)

    • Creates files or folders in the user directory

      • BLTools.exe (PID: 6360)
      • Dizxte.png (PID: 6196)

    • Found Base64 encoded file access via PowerShell (YARA)

      • cmd.exe (PID: 3164)
      • Dizxte.png (PID: 6196)

    • Found Base64 encoded access to processes via PowerShell (YARA)

      • cmd.exe (PID: 3164)
      • Dizxte.png (PID: 6196)

    • Found Base64 encoded compression PowerShell classes (YARA)

      • cmd.exe (PID: 3164)
      • Dizxte.png (PID: 6196)

    • Found Base64 encoded reflection usage via PowerShell (YARA)

      • cmd.exe (PID: 3164)
      • Dizxte.png (PID: 6196)

    • Found Base64 encoded text manipulation via PowerShell (YARA)

      • cmd.exe (PID: 3164)
      • Dizxte.png (PID: 6196)

    • .NET Reactor protector has been detected

      • Dizxte.png (PID: 6196)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2018:08:18 21:39:52
ZipCRC: 0xb1b27091
ZipCompressedSize: 367616
ZipUncompressedSize: 367616
ZipFileName: AlphaFS.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
178
Monitored processes
49
Malicious processes
9
Suspicious processes
5

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs bltools.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs xcopy.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs xcopy.exe no specs cmd.exe no specs xcopy.exe no specs dizxte.png no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs cmd.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs xcopy.exe no specs THREAT cmd.exe no specs conhost.exe no specs cmd.exe no specs xcopy.exe no specs cmd.exe no specs xcopy.exe no specs THREAT dizxte.png bltools.exe bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs bltools.exe no specs lisance activate crack.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
964"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exe"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exeBLTools.exe
User:
admin
Integrity Level:
MEDIUM
Description:
BLTools
Exit code:
4294967295
Version:
2.4.0.0
Modules
Images
c:\users\admin\desktop\bltools v2.4 [cracked]\bltools.exe
c:\windows\system32\ntdll.dll
1216"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exe"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exeBLTools.exe
User:
admin
Integrity Level:
MEDIUM
Description:
BLTools
Exit code:
4294967295
Version:
2.4.0.0
Modules
Images
c:\users\admin\desktop\bltools v2.4 [cracked]\bltools.exe
c:\windows\system32\ntdll.dll
1452"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exe" C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
BLTools
Exit code:
0
Version:
2.4.0.0
Modules
Images
c:\users\admin\desktop\bltools v2.4 [cracked]\bltools.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1488"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exe"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exeBLTools.exe
User:
admin
Integrity Level:
MEDIUM
Description:
BLTools
Exit code:
4294967295
Version:
2.4.0.0
Modules
Images
c:\users\admin\desktop\bltools v2.4 [cracked]\bltools.exe
c:\windows\system32\ntdll.dll
1568C:\WINDOWS\system32\cmd.exe /S /D /c" echo F "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1860xcopy /d /q /y /h /i C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\admin\AppData\Local\Temp\Dizxte.pngC:\Windows\System32\xcopy.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Extended Copy Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\xcopy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\ifsutil.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
1860"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exe"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exeBLTools.exe
User:
admin
Integrity Level:
MEDIUM
Description:
BLTools
Exit code:
4294967295
Version:
2.4.0.0
Modules
Images
c:\users\admin\desktop\bltools v2.4 [cracked]\bltools.exe
c:\windows\system32\ntdll.dll
1984"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exe"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exeBLTools.exe
User:
admin
Integrity Level:
MEDIUM
Description:
BLTools
Exit code:
4294967295
Version:
2.4.0.0
Modules
Images
c:\users\admin\desktop\bltools v2.4 [cracked]\bltools.exe
c:\windows\system32\ntdll.dll
2064"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exe"C:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exeBLTools.exe
User:
admin
Integrity Level:
MEDIUM
Description:
BLTools
Exit code:
4294967295
Version:
2.4.0.0
Modules
Images
c:\users\admin\desktop\bltools v2.4 [cracked]\bltools.exe
c:\windows\system32\ntdll.dll
2680\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
21 470
Read events
21 431
Write events
39
Delete events
0

Modification events

(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\BLTools v2.4 [cracked].zip
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop\BLTools v2.4 [cracked]
(PID) Process:(6400) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
Executable files
15
Suspicious files
2
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
6400WinRAR.exeC:\Users\admin\Desktop\BLTools v2.4 [cracked]\BouncyCastle.Crypto.dllexecutable
MD5:3CF6BF0E0A27F3665EDD6362D137E4CC
SHA256:1985B85BB44BE6C6EAF35E02EF11E23A890E809B8EC2E53210A4AD5A85B26C70
6400WinRAR.exeC:\Users\admin\Desktop\BLTools v2.4 [cracked]\Newtonsoft.Json.dllexecutable
MD5:715A1FBEE4665E99E859EDA667FE8034
SHA256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
6400WinRAR.exeC:\Users\admin\Desktop\BLTools v2.4 [cracked]\Settings.initext
MD5:3E679A9DC765D71916B1C6DD006FFDB6
SHA256:EB4F4B54D277DAA3F97992AF5E2F75F527FDBED0A3AE99B95184D14F01E0AE2D
6400WinRAR.exeC:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.exeexecutable
MD5:E594A5273C5F54AAA59709309BBAC7CB
SHA256:EAD030C352A651B5A294E776ACE4C3BBAF1F6F7581C36EC3ECA301584F92B132
6400WinRAR.exeC:\Users\admin\Desktop\BLTools v2.4 [cracked]\BLTools.icoimage
MD5:FE8D1D9038E246C569AAB6C5037E1580
SHA256:AE90A3E783A4F4791B5B66CFFED27BFAA939A2CA55AF7F41CED2397D4D64F0F6
6400WinRAR.exeC:\Users\admin\Desktop\BLTools v2.4 [cracked]\License.dlltext
MD5:B08A5C34CF0A06615DA2CA89010D8B4F
SHA256:04CC5B3B49A7E9E9B6C66C7BE59A20992BF2653746B5D43829C383FB233F88FA
6400WinRAR.exeC:\Users\admin\Desktop\BLTools v2.4 [cracked]\Lisance Activate Crack.exeexecutable
MD5:3687DAF352D0764FC83F640FA165198A
SHA256:8ACE6E0A0A2ED86B3BBB7C7FEFCB8F5B4176B7143DD299D07DD07AD8C958F48A
6400WinRAR.exeC:\Users\admin\Desktop\BLTools v2.4 [cracked]\CookiesCreator.exeexecutable
MD5:8D0C2730233F3D2D878D8F87B53A4960
SHA256:D1C3ECEDC77DBE771563412FA6CD373A16C65F1A15CC7182032DA9B0447B8240
6400WinRAR.exeC:\Users\admin\Desktop\BLTools v2.4 [cracked]\PresentationFramework-SystemXml.dllexecutable
MD5:BE1A96C998147BFBEB5F635FE0C3428D
SHA256:D024E1CBECF038D59AE375552E4F47D2C737EAFCE7C68DA5EC8B2B02BECB297E
6400WinRAR.exeC:\Users\admin\Desktop\BLTools v2.4 [cracked]\Ookii.Dialogs.Wpf.dllexecutable
MD5:932EBB3F9E7113071C6A17818342B7CC
SHA256:285AA8225732DDBCF211B1158BD6CFF8BF3ACBEEAB69617F4BE85862B7105AB5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
40
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5140
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6860
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6832
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
4936
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1420
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5336
SearchApp.exe
104.126.37.179:443
www.bing.com
Akamai International B.V.
DE
unknown
5336
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
5140
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
3260
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.110
whitelisted
www.bing.com
  • 104.126.37.179
  • 104.126.37.163
  • 104.126.37.155
  • 104.126.37.178
  • 104.126.37.184
  • 104.126.37.169
  • 104.126.37.152
  • 104.126.37.186
  • 104.126.37.130
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.140
  • 40.126.32.72
  • 40.126.32.134
  • 20.190.160.20
  • 40.126.32.68
  • 40.126.32.74
  • 40.126.32.76
  • 20.190.160.17
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
fd.api.iris.microsoft.com
  • 20.103.156.88
whitelisted
th.bing.com
  • 104.126.37.178
  • 104.126.37.171
  • 104.126.37.128
  • 104.126.37.186
  • 104.126.37.184
  • 104.126.37.170
  • 104.126.37.168
  • 104.126.37.179
  • 104.126.37.163
whitelisted
arc.msn.com
  • 20.223.36.55
whitelisted
slscr.update.microsoft.com
  • 40.127.169.103
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BLTools v2.4 [cracked].zip