File name:

Bootstrapper.exe

Full analysis: https://app.any.run/tasks/a4a04332-edf3-4b2a-9498-1a5f249cffe6
Verdict: Malicious activity
Analysis date: July 18, 2025, 06:24:27
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (console) Intel 80386, for MS Windows, 6 sections
MD5:

246A13DD32B3E597A593008306629808

SHA1:

8021F8652D334E5CDC8EB4B2FC8A33CE3CF7147D

SHA256:

97B972C179B146E141896A9B3365B39F75F851D794C84E83BE106B9AF5C021E6

SSDEEP:

98304:xhVb12UwI6Mlb6xVu6Of8TX8jCdoCWQDcGG/cpzqONnuUSzoKpsVg3RvkA+pA35x:+HcELG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Scans artifacts that could help determine the target

      • Bootstrapper.exe (PID: 6504)
      • Bootstrapper.exe (PID: 1216)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • Bootstrapper.exe (PID: 1216)
      • Bootstrapper.exe (PID: 6948)
      • Bootstrapper.exe (PID: 6504)

    • Process drops legitimate windows executable

      • Bootstrapper.exe (PID: 6948)

    • Reads security settings of Internet Explorer

      • Bootstrapper.exe (PID: 1216)
      • Bootstrapper.exe (PID: 6504)

    • Application launched itself

      • Bootstrapper.exe (PID: 1216)
      • Bootstrapper.exe (PID: 6948)
      • updater.exe (PID: 5528)

    • The process executes via Task Scheduler

      • updater.exe (PID: 5528)

  • INFO

    • Checks supported languages

      • Bootstrapper.exe (PID: 6948)
      • Bootstrapper.exe (PID: 1216)
      • Bootstrapper.exe (PID: 6504)
      • updater.exe (PID: 5528)
      • updater.exe (PID: 2980)

    • Checks proxy server information

      • Bootstrapper.exe (PID: 1216)
      • Bootstrapper.exe (PID: 6504)
      • slui.exe (PID: 4084)

    • Process checks whether UAC notifications are on

      • Bootstrapper.exe (PID: 1216)
      • updater.exe (PID: 5528)

    • Reads the software policy settings

      • Bootstrapper.exe (PID: 1216)
      • Bootstrapper.exe (PID: 6504)
      • slui.exe (PID: 4084)

    • Reads the machine GUID from the registry

      • Bootstrapper.exe (PID: 6504)
      • Bootstrapper.exe (PID: 1216)

    • Reads Microsoft Office registry keys

      • Bootstrapper.exe (PID: 6504)
      • Bootstrapper.exe (PID: 1216)

    • Reads the computer name

      • Bootstrapper.exe (PID: 6504)
      • updater.exe (PID: 5528)
      • Bootstrapper.exe (PID: 1216)

    • Process checks computer location settings

      • Bootstrapper.exe (PID: 6504)
      • Bootstrapper.exe (PID: 1216)

    • Reads Environment values

      • Bootstrapper.exe (PID: 6504)
      • Bootstrapper.exe (PID: 1216)

    • Creates files or folders in the user directory

      • Bootstrapper.exe (PID: 6504)
      • Bootstrapper.exe (PID: 1216)

    • Create files in a temporary directory

      • Bootstrapper.exe (PID: 6504)
      • Bootstrapper.exe (PID: 1216)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:06:02 15:49:24+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.4
CodeSize: 4643840
InitializedDataSize: 2991616
UninitializedDataSize: -
EntryPoint: 0x3f84b1
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows command line
FileVersionNumber: 16.0.18827.20140
ProductVersionNumber: 16.0.18827.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
CompanyName: Microsoft Corporation
FileDescription: Microsoft 365 and Office
FileVersion: 16.0.18827.20140
InternalName: Bootstrapper.exe
LegalTrademarks1: Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windows® is a registered trademark of Microsoft Corporation.
OriginalFileName: Bootstrapper.exe
ProductName: Microsoft Office
ProductVersion: 16.0.18827.20140
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
141
Monitored processes
9
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start bootstrapper.exe no specs conhost.exe no specs bootstrapper.exe conhost.exe no specs bootstrapper.exe conhost.exe no specs slui.exe updater.exe no specs updater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1216Bootstrapper.exe RELAUNCHED C:\Users\admin\Desktop\Bootstrapper.exe
Bootstrapper.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft 365 and Office
Exit code:
0
Version:
16.0.18827.20140
Modules
Images
c:\users\admin\desktop\bootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2980"C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=134.0.6985.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x111c460,0x111c46c,0x111c478C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exeupdater.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Updater
Exit code:
0
Version:
134.0.6985.0
Modules
Images
c:\program files (x86)\google\googleupdater\134.0.6985.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
4060\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeBootstrapper.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4084C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5528"C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe" --wake --systemC:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exesvchost.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Updater
Exit code:
0
Version:
134.0.6985.0
Modules
Images
c:\program files (x86)\google\googleupdater\134.0.6985.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
6504"C:\Users\admin\Desktop\Bootstrapper.exe" ELEVATED sid=S-1-5-21-1693682860-607145093-2874071422-1001 RELAUNCHED C:\Users\admin\Desktop\Bootstrapper.exe
Bootstrapper.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft 365 and Office
Exit code:
0
Version:
16.0.18827.20140
Modules
Images
c:\users\admin\desktop\bootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
6508\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeBootstrapper.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6876\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeBootstrapper.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6948"C:\Users\admin\Desktop\Bootstrapper.exe" C:\Users\admin\Desktop\Bootstrapper.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft 365 and Office
Exit code:
0
Version:
16.0.18827.20140
Modules
Images
c:\users\admin\desktop\bootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
Total events
12 956
Read events
12 923
Write events
33
Delete events
0

Modification events

(PID) Process:(1216) Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:en-US
Value:
2
(PID) Process:(1216) Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:de-de
Value:
2
(PID) Process:(1216) Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:fr-fr
Value:
2
(PID) Process:(1216) Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:es-es
Value:
2
(PID) Process:(1216) Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:it-it
Value:
2
(PID) Process:(1216) Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ja-jp
Value:
2
(PID) Process:(1216) Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ko-kr
Value:
2
(PID) Process:(1216) Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:pt-br
Value:
2
(PID) Process:(1216) Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ru-ru
Value:
2
(PID) Process:(1216) Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:tr-tr
Value:
2
Executable files
0
Suspicious files
7
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
1216Bootstrapper.exeC:\Users\admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\33367D6D-11F5-42A6-B6C8-7101A7ACCF77xml
MD5:280DDE34D858F1E5D92BC11C4539A3F3
SHA256:9BF692373928016318081234307C4AA02D94347583BB07529F2F3B29D6858D99
6504Bootstrapper.exeC:\Users\admin\AppData\Local\Microsoft\Office\OTele\bootstrapper.exe.db-journalbinary
MD5:2256687804F9323CC40972669CC893B2
SHA256:A023AC2168C18D366ACF1AFED75DD4620BC86758EB9DA90AA857053D9018D6D1
6504Bootstrapper.exeC:\Users\admin\AppData\Local\Microsoft\Office\OTele\bootstrapper.exe.db-shmbinary
MD5:4119E2D77B22483F7012450DC57F261D
SHA256:B2CFB6857C1EEF13662E289B4DFCD5883887F21624423EC6CF640489C481E1E5
6504Bootstrapper.exeC:\Users\admin\AppData\Local\Microsoft\Office\OTele\bootstrapper.exe.db-walbinary
MD5:C5017E6B8C618E9A7EDECEFE9E312EFA
SHA256:AE66B4F65E2F8D6EE8C319F2CD6220D846F18226E857ADCD34512ABF28418393
6504Bootstrapper.exeC:\Users\admin\AppData\Local\Microsoft\Office\OTele\bootstrapper.exe.dbbinary
MD5:2373AABED661E8F08D70E32CF3D5A6C9
SHA256:66F591AF5F7D2F23E6B8BA61F6E13697FAA48D9DC7551B2E4AF208BF9851D976
1216Bootstrapper.exeC:\Users\admin\AppData\Local\Microsoft\Office\OTele\bootstrapper.exe.db-shmbinary
MD5:6865DEC4FF438D60748F3F3E8F49228E
SHA256:477C6609B6F8F7B2897F239C670EB709A7AC2BA055D70BF2D06F8A915898ECA9
1216Bootstrapper.exeC:\Users\admin\AppData\Local\Microsoft\Office\OTele\bootstrapper.exe.db-walbinary
MD5:1AD03BCF6FD366A45E6B1F8865273ECB
SHA256:16714FEEA0C3214332D017FA19555F3ED58E6305D66B60C170AF3235C2B48BFF
2980updater.exeC:\Program Files (x86)\Google\GoogleUpdater\updater.logtext
MD5:BD084DE16F4C6669B6DBCF502DB8C7BD
SHA256:E310191D6B167BFCFEBA767FF274901F86FE00C276AAD9562A66C43721B73E79
6504Bootstrapper.exeC:\Users\admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\171C3FF4-76E6-401D-9654-06E71C3E3A76xml
MD5:280DDE34D858F1E5D92BC11C4539A3F3
SHA256:9BF692373928016318081234307C4AA02D94347583BB07529F2F3B29D6858D99
1216Bootstrapper.exeC:\Users\admin\AppData\Local\Temp\DESKTOP-JGLLJLD-20250718-0624a.logtext
MD5:C66F2D4F09FF68464E39C69094E5EA1E
SHA256:600A05A8211042CDC73F36CFBF909021B87011CE16D4E69D313C06F645B20D6C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
28
DNS requests
12
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
52.109.76.240:443
https://officeclient.microsoft.com/config16/?syslcid=1033&build=16.0.18827&crev=3
unknown
xml
181 Kb
whitelisted
GET
200
52.109.76.240:443
https://officeclient.microsoft.com/config16/?syslcid=1033&build=16.0.18827&crev=3
unknown
xml
181 Kb
whitelisted
4084
RUXIMICS.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4084
RUXIMICS.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
52.123.129.14:443
https://ecs.office.com/config/v2/Office/officeclicktorun/16.0.18827.20140/Production/CC?&EcsCanary=1&Clientid=%7bD61AB268-C26A-439D-BB15-2A0DEDFCA6A3%7d&Application=officeclicktorun&Platform=win32&Version=16.0.18827.20140&MsoVersion=16.0.18827.20140&SDX=fa000000002.2.0.1907.31003&SDXfa000000002=2.0.1907.31003&SDX=fa000000005.1.0.1909.30011&SDXfa000000005=1.0.1909.30011&SDX=fa000000006.1.0.1909.13002&SDXfa000000006=1.0.1909.13002&SDX=fa000000008.1.0.1908.16006&SDXfa000000008=1.0.1908.16006&SDX=fa000000009.1.0.1908.6002&SDXfa000000009=1.0.1908.6002&SDX=fa000000016.1.0.1810.13001&SDXfa000000016=1.0.1810.13001&SDX=fa000000029.1.0.1906.25001&SDXfa000000029=1.0.1906.25001&SDX=fa000000033.1.0.1908.24001&SDXfa000000033=1.0.1908.24001&SDX=wa104381125.1.0.1810.9001&SDXwa104381125=1.0.1810.9001&ProcessName=C2R.exe&Audience=Production&Build=ship&Architecture=x86&PerpetualLicense=2019&LicenseCategory=6&LicenseSKU=Professional2019Retail&OsVersion=10.0&OsBuild=19045&Channel=CC&InstallType=C2R&SessionId=%7b1F2D1478-8E3D-432A-973A-589F39F55481%7d&LabMachine=false
unknown
binary
111 Kb
whitelisted
GET
200
52.123.129.14:443
https://ecs.office.com/config/v2/Office/officeclicktorun/16.0.18827.20140/Production/CC?&EcsCanary=1&Clientid=%7bD61AB268-C26A-439D-BB15-2A0DEDFCA6A3%7d&Application=officeclicktorun&Platform=win32&Version=16.0.18827.20140&MsoVersion=16.0.18827.20140&SDX=fa000000002.2.0.1907.31003&SDXfa000000002=2.0.1907.31003&SDX=fa000000005.1.0.1909.30011&SDXfa000000005=1.0.1909.30011&SDX=fa000000006.1.0.1909.13002&SDXfa000000006=1.0.1909.13002&SDX=fa000000008.1.0.1908.16006&SDXfa000000008=1.0.1908.16006&SDX=fa000000009.1.0.1908.6002&SDXfa000000009=1.0.1908.6002&SDX=fa000000016.1.0.1810.13001&SDXfa000000016=1.0.1810.13001&SDX=fa000000029.1.0.1906.25001&SDXfa000000029=1.0.1906.25001&SDX=fa000000033.1.0.1908.24001&SDXfa000000033=1.0.1908.24001&SDX=wa104381125.1.0.1810.9001&SDXwa104381125=1.0.1810.9001&ProcessName=C2R.exe&Audience=Production&Build=ship&Architecture=x86&PerpetualLicense=2019&LicenseCategory=6&LicenseSKU=Professional2019Retail&OsVersion=10.0&OsBuild=19045&Channel=CC&InstallType=C2R&SessionId=%7bFFB12B66-6E72-45E8-A405-9976BFC462B4%7d&LabMachine=false
unknown
binary
111 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4084
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1216
Bootstrapper.exe
52.109.32.97:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
1268
svchost.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4084
RUXIMICS.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6504
Bootstrapper.exe
52.109.32.97:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
5944
MoUsoCoreWorker.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.174
whitelisted
officeclient.microsoft.com
  • 52.109.32.97
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
ecs.office.com
  • 52.123.128.14
  • 52.123.129.14
whitelisted
mobile.events.data.microsoft.com
  • 20.42.65.84
whitelisted
self.events.data.microsoft.com
  • 104.208.16.95
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
x1.c.lencr.org
  • 69.192.161.44
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Bootstrapper.exe