File name:

Quickbooks Enterprise Advanced Inventory Crack (1).7z

Full analysis: https://app.any.run/tasks/878383ff-956a-49b9-9a51-b72cc6ce31fa
Verdict: Malicious activity
Threats:

Lumma is an information stealer, developed using the C programming language. It is offered for sale as a malware-as-a-service, with several plans available. It usually targets cryptocurrency wallets, login credentials, and other sensitive information on a compromised system. The malicious software regularly gets updates that improve and expand its functionality, making it a serious stealer threat.

Malware Trends Tracker     >>>
Analysis date: February 18, 2025, 15:35:03
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
autoit
lumma
stealer
autoit-loader
golang
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

1601693163A106950205286319CE5EE5

SHA1:

C8791130C4359E8DC430E1CB5DE49D4B8440BC44

SHA256:

8C47FDCD5415B41DEAEC2FC4BAE36CA7E21F3AFE8870CE9D64EC054906EAF3DF

SSDEEP:

98304:KFUASL9/hRTCb2GArhai2UFO0/bvOgGQyWMCH4ALhl3iGBRNWj1Jx1PzredDYYsy:rfV8LSKfxKjKvHrZq81/rnidZgXbBz6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • LUMMA mutex has been found

      • Watch.com (PID: 188)

    • Actions looks like stealing of personal data

      • Watch.com (PID: 188)

    • Steals credentials from Web Browsers

      • Watch.com (PID: 188)

    • Executing a file with an untrusted certificate

      • Dashboard.exe (PID: 1140)
      • Dashboard.exe (PID: 1400)
      • Dashboard.exe (PID: 5432)

    • AutoIt loader has been detected (YARA)

      • Watch.com (PID: 188)

    • Known privilege escalation attack

      • dllhost.exe (PID: 2800)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 5712)
      • quickbooks enterprise advanced inventory crack.exe (PID: 420)

    • Starts CMD.EXE for commands execution

      • quickbooks enterprise advanced inventory crack.exe (PID: 420)
      • cmd.exe (PID: 848)
      • Dashboard.exe (PID: 1400)
      • Dashboard.exe (PID: 5432)

    • Executing commands from a ".bat" file

      • quickbooks enterprise advanced inventory crack.exe (PID: 420)

    • Application launched itself

      • cmd.exe (PID: 848)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 848)

    • Get information on the list of running processes

      • cmd.exe (PID: 848)

    • Starts the AutoIt3 executable file

      • cmd.exe (PID: 848)

    • Starts application with an unusual extension

      • cmd.exe (PID: 848)

    • The executable file from the user directory is run by the CMD process

      • Watch.com (PID: 188)

    • Searches for installed software

      • Watch.com (PID: 188)

    • The process drops C-runtime libraries

      • Watch.com (PID: 188)
      • Dashboard.exe (PID: 1140)

    • Executable content was dropped or overwritten

      • Watch.com (PID: 188)
      • Dashboard.exe (PID: 1140)

    • Process drops legitimate windows executable

      • Watch.com (PID: 188)
      • Dashboard.exe (PID: 1140)

    • Starts a Microsoft application from unusual location

      • Dashboard.exe (PID: 1140)

    • There is functionality for taking screenshot (YARA)

      • Watch.com (PID: 188)

    • Starts itself from another location

      • Dashboard.exe (PID: 1140)

    • Connects to unusual port

      • explorer.exe (PID: 3076)

  • INFO

    • Checks supported languages

      • quickbooks enterprise advanced inventory crack.exe (PID: 420)
      • Watch.com (PID: 188)
      • expand.exe (PID: 648)
      • extrac32.exe (PID: 2736)
      • Dashboard.exe (PID: 1140)
      • Dashboard.exe (PID: 5432)
      • Dashboard.exe (PID: 1400)

    • Reads the computer name

      • quickbooks enterprise advanced inventory crack.exe (PID: 420)
      • extrac32.exe (PID: 2736)
      • Watch.com (PID: 188)
      • Dashboard.exe (PID: 1400)
      • Dashboard.exe (PID: 5432)
      • Dashboard.exe (PID: 1140)

    • Process checks computer location settings

      • quickbooks enterprise advanced inventory crack.exe (PID: 420)

    • Reads mouse settings

      • Watch.com (PID: 188)

    • Create files in a temporary directory

      • quickbooks enterprise advanced inventory crack.exe (PID: 420)
      • expand.exe (PID: 648)
      • extrac32.exe (PID: 2736)
      • Watch.com (PID: 188)
      • Dashboard.exe (PID: 1400)
      • Dashboard.exe (PID: 5432)

    • Creates a new folder

      • cmd.exe (PID: 2548)

    • Reads the software policy settings

      • Watch.com (PID: 188)
      • explorer.exe (PID: 3076)

    • Creates files in the program directory

      • Watch.com (PID: 188)

    • The sample compiled with english language support

      • Watch.com (PID: 188)
      • Dashboard.exe (PID: 1140)

    • Creates files or folders in the user directory

      • Dashboard.exe (PID: 1140)

    • Reads security settings of Internet Explorer

      • dllhost.exe (PID: 2800)

    • Application based on Golang

      • explorer.exe (PID: 3076)

    • Detects GO elliptic curve encryption (YARA)

      • explorer.exe (PID: 3076)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)

EXIF

ZIP

FileVersion: 7z v0.04
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
144
Monitored processes
26
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs quickbooks enterprise advanced inventory crack.exe no specs cmd.exe no specs conhost.exe no specs expand.exe no specs tasklist.exe no specs findstr.exe no specs tasklist.exe no specs findstr.exe no specs cmd.exe no specs extrac32.exe no specs findstr.exe no specs cmd.exe no specs cmd.exe no specs #LUMMA watch.com choice.exe no specs dashboard.exe dashboard.exe no specs cmd.exe no specs conhost.exe no specs CMSTPLUA dashboard.exe no specs cmd.exe no specs conhost.exe no specs explorer.exe svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
188Watch.com T C:\Users\admin\AppData\Local\Temp\300665\Watch.com
cmd.exe
User:
admin
Company:
AutoIt Team
Integrity Level:
MEDIUM
Description:
AutoIt v3 Script (Beta)
Exit code:
0
Version:
3, 3, 15, 5
Modules
Images
c:\users\admin\appdata\local\temp\300665\watch.com
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\psapi.dll
c:\windows\syswow64\user32.dll
420"C:\Users\admin\AppData\Local\Temp\Rar$EXb5712.23427\quickbooks enterprise advanced inventory crack.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb5712.23427\quickbooks enterprise advanced inventory crack.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb5712.23427\quickbooks enterprise advanced inventory crack.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
436cmd /c copy /b 300665\Watch.com + Shemale + Live + Cuba + Apparently + Look + Madonna + Gcc + Proud 300665\Watch.comC:\Windows\SysWOW64\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
648expand Representations.mpeg Representations.mpeg.bat C:\Windows\SysWOW64\expand.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
LZ Expansion Utility
Exit code:
0
Version:
5.00 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\expand.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\user32.dll
848"C:\WINDOWS\system32\cmd.exe" /c expand Representations.mpeg Representations.mpeg.bat & Representations.mpeg.batC:\Windows\SysWOW64\cmd.exequickbooks enterprise advanced inventory crack.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
1140findstr /V "CIRCLES" Frequent C:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\user32.dll
1140"C:\Users\admin\AppData\Local\Temp\LOJGSN80MJJTLT07V90KC1O41EY\Dashboard.exe"C:\Users\admin\AppData\Local\Temp\LOJGSN80MJJTLT07V90KC1O41EY\Dashboard.exe
Watch.com
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Live installer client executable
Exit code:
0
Version:
12.0.1202.0516
Modules
Images
c:\users\admin\appdata\local\temp\lojgsn80mjjtlt07v90kc1o41ey\dashboard.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1292C:\WINDOWS\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exeDashboard.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1400C:\Users\admin\AppData\Roaming\GUPM\Dashboard.exeC:\Users\admin\AppData\Roaming\GUPM\Dashboard.exeDashboard.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Live installer client executable
Exit code:
1
Version:
12.0.1202.0516
Modules
Images
c:\users\admin\appdata\roaming\gupm\dashboard.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2144\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
6 853
Read events
6 842
Write events
11
Delete events
0

Modification events

(PID) Process:(5712) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(5712) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(5712) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(5712) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Quickbooks Enterprise Advanced Inventory Crack (1).7z
(PID) Process:(5712) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(5712) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(5712) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(5712) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(5712) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(2800) dllhost.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D58010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
Executable files
12
Suspicious files
34
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
5712WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb5712.23427\quickbooks enterprise advanced inventory crack.exe
MD5:
SHA256:
420quickbooks enterprise advanced inventory crack.exeC:\Users\admin\AppData\Local\Temp\Favor.mpegbinary
MD5:A2D411D72A619B06EFF52F8015BD8C28
SHA256:129A95105438A2F8EE033CE0C2A0A10E11A57F474AF8461206F50F5C56653D59
420quickbooks enterprise advanced inventory crack.exeC:\Users\admin\AppData\Local\Temp\Representations.mpegtext
MD5:579FE262D575D653B0D1BCC2C729E210
SHA256:695EA4F7D872A353C5DB460DA423695F382CB604361CA2E6B048C4776B3428F1
420quickbooks enterprise advanced inventory crack.exeC:\Users\admin\AppData\Local\Temp\Hopes.mpegbinary
MD5:D1D1214566095A54E1ECBB1B0BD99D4C
SHA256:9EEF71AE26ED009A9995584524267738D2AC90E15E45BE4507B625C9A77575A7
420quickbooks enterprise advanced inventory crack.exeC:\Users\admin\AppData\Local\Temp\Bracelets.mpegbinary
MD5:1F6895762FB00E6BF4A54C9940F26F8B
SHA256:5EC2C2E78A2747A06D71ED65EACE8905513526D25505FBE25FE515722DB55630
2736extrac32.exeC:\Users\admin\AppData\Local\Temp\Livebinary
MD5:9713B5C1B3C847C4718457858FCF72D8
SHA256:648D038EBE9814EADA42B7783933024E21BB7E70F34A6ADE13D36015BB78FF11
420quickbooks enterprise advanced inventory crack.exeC:\Users\admin\AppData\Local\Temp\Lenses.mpegbinary
MD5:9DCD25C4605872FB2CA1962A57BDA15A
SHA256:C8C6A624DE75599C8F33FBB3DD150E2B950C7C15AE7009D709D7CAF2BAF0B32A
420quickbooks enterprise advanced inventory crack.exeC:\Users\admin\AppData\Local\Temp\Sacramento.mpegbinary
MD5:B28A232ED72CC7E1BB1FD24F28B7262A
SHA256:967B742FB3CA2A5C53962D43C8862FEC4285990DE5471DACC0BF1AF0918C934A
648expand.exeC:\Users\admin\AppData\Local\Temp\representations.mpeg.battext
MD5:579FE262D575D653B0D1BCC2C729E210
SHA256:695EA4F7D872A353C5DB460DA423695F382CB604361CA2E6B048C4776B3428F1
2736extrac32.exeC:\Users\admin\AppData\Local\Temp\Frequentbinary
MD5:240639A9D1060A077FA0849522CAC001
SHA256:4BA19D3A21F799D2D8EC76370C09630739F7E56FA837EAC070EB48BAA9150202
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
45
DNS requests
23
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.141:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3984
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
3984
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5472
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.141:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
104.126.37.154:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2624
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
2624
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.18.14
whitelisted
crl.microsoft.com
  • 23.48.23.141
  • 23.48.23.191
  • 23.48.23.148
  • 23.48.23.149
  • 23.48.23.188
  • 23.48.23.192
  • 23.48.23.146
  • 23.48.23.153
  • 23.48.23.139
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
www.bing.com
  • 104.126.37.154
  • 104.126.37.179
  • 104.126.37.170
  • 104.126.37.155
  • 104.126.37.171
  • 104.126.37.161
  • 104.126.37.160
  • 104.126.37.176
  • 104.126.37.168
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
login.live.com
  • 20.190.159.129
  • 20.190.159.75
  • 40.126.31.128
  • 20.190.159.2
  • 40.126.31.0
  • 40.126.31.131
  • 40.126.31.67
  • 20.190.159.71
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted

Threats

PID
Process
Class
Message
2192
svchost.exe
Misc activity
ET FILE_SHARING Anonymous File Sharing Domain in DNS Lookup (qu .ax)
188
Watch.com
Misc activity
ET FILE_SHARING Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Quickbooks Enterprise Advanced Inventory Crack (1).7z