File name:

Alcohol120_retail_2.1.0.30316.exe

Full analysis: https://app.any.run/tasks/1e85694b-c5a2-462a-a7f6-fd95b2e8e668
Verdict: Malicious activity
Analysis date: June 30, 2025, 01:01:26
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

5FC924F89039E8EBB44F7F4D59DDB866

SHA1:

670F2639ED6E10A5F2D83686645B470D323CF361

SHA256:

B23B8690E8A18BF217A3BABB11BDB35E3AC1ADD2E8CEE7EFB4FB4499D7230BFA

SSDEEP:

98304:Gy05omJsUL1dcrpiPuVNE3tKse+czWc3StiVd+m3YNZjzMcF85QqE7RnRlA6621u:JbMVPVJ4R/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • Alcohol120_retail_2.1.0.30316.exe (PID: 6748)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 5528)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 5468)
      • AxAHCIServiceEx.exe (PID: 2676)
      • AxAutoMntSrv.exe (PID: 4708)
      • AxAHCIServiceEx.exe (PID: 4824)
      • AxSFADownloader.exe (PID: 5520)
      • AxAHCIServiceEx.exe (PID: 5284)

    • Changes the autorun value in the registry

      • Alcohol120_retail_2.1.0.30316.exe (PID: 5528)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)

  • SUSPICIOUS

    • Creates files in the driver directory

      • SPTD2inst.exe (PID: 6016)

    • Drops a system driver (possible attempt to evade defenses)

      • SPTD2inst.exe (PID: 6016)

    • Executable content was dropped or overwritten

      • SPTD2inst.exe (PID: 6016)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 5528)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)
      • AxSFADownloader.exe (PID: 5520)

    • There is functionality for taking screenshot (YARA)

      • Alcohol120_retail_2.1.0.30316.exe (PID: 5528)

    • The process creates files with name similar to system file names

      • Alcohol120_retail_2.1.0.30316.exe (PID: 5528)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Alcohol120_retail_2.1.0.30316.exe (PID: 5528)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)

    • Searches for installed software

      • dllhost.exe (PID: 5372)
      • SPTD2inst.exe (PID: 6016)

    • The process executes via Task Scheduler

      • PLUGScheduler.exe (PID: 3728)
      • updater.exe (PID: 3736)

    • Application launched itself

      • updater.exe (PID: 3736)

    • Creates/Modifies COM task schedule object

      • MX_RegShlEx64.exe (PID: 484)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)

    • Image mount has been detect

      • explorer.exe (PID: 4624)

    • Executes as Windows Service

      • VSSVC.exe (PID: 5424)

  • INFO

    • Checks supported languages

      • Alcohol120_retail_2.1.0.30316.exe (PID: 5528)
      • PLUGScheduler.exe (PID: 3728)
      • updater.exe (PID: 3736)
      • updater.exe (PID: 5116)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)
      • KillAxShlExHlper.exe (PID: 968)
      • MX_RegShlEx64.exe (PID: 484)
      • MX_RegAutoplayCanceler64.exe (PID: 1860)
      • AxAHCIServiceEx.exe (PID: 2676)
      • AxAutoMntSrv.exe (PID: 4708)
      • StarWindServiceAE.exe (PID: 5064)
      • SPTD2inst.exe (PID: 6016)
      • MX_SWinst.exe (PID: 6024)
      • StarWindServiceAE.exe (PID: 524)
      • StarWindServiceAE.exe (PID: 2608)
      • AxSFADownloader.exe (PID: 5520)
      • AxAHCIServiceEx.exe (PID: 4824)
      • AxAHCIServiceEx.exe (PID: 5284)

    • Launching a file from a Registry key

      • Alcohol120_retail_2.1.0.30316.exe (PID: 5528)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)

    • Reads the computer name

      • Alcohol120_retail_2.1.0.30316.exe (PID: 5528)
      • updater.exe (PID: 3736)
      • PLUGScheduler.exe (PID: 3728)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)
      • AxAHCIServiceEx.exe (PID: 2676)
      • AxAutoMntSrv.exe (PID: 4708)
      • StarWindServiceAE.exe (PID: 524)
      • StarWindServiceAE.exe (PID: 2608)
      • AxAHCIServiceEx.exe (PID: 4824)
      • SPTD2inst.exe (PID: 6016)
      • AxAHCIServiceEx.exe (PID: 5284)
      • AxSFADownloader.exe (PID: 5520)
      • StarWindServiceAE.exe (PID: 5064)

    • Creates files in the program directory

      • PLUGScheduler.exe (PID: 3728)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)
      • AxAHCIServiceEx.exe (PID: 5284)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 4624)

    • Process checks whether UAC notifications are on

      • updater.exe (PID: 3736)

    • Checks proxy server information

      • explorer.exe (PID: 4624)
      • AxSFADownloader.exe (PID: 5520)

    • Creates files or folders in the user directory

      • explorer.exe (PID: 4624)

    • Manual execution by a user

      • Alcohol120_retail_2.1.0.30316.exe (PID: 5468)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)

    • Create files in a temporary directory

      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)
      • Alcohol120_retail_2.1.0.30316.exe (PID: 5528)
      • AxSFADownloader.exe (PID: 5520)

    • The sample compiled with english language support

      • Alcohol120_retail_2.1.0.30316.exe (PID: 4256)

    • Manages system restore points

      • SrTasks.exe (PID: 4400)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:46+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23552
InitializedDataSize: 120320
UninitializedDataSize: 1024
EntryPoint: 0x323c
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 4.45.0.30316
ProductVersionNumber: 4.45.0.30316
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
CompanyName: Alcohol Soft Development Team
FileDescription: Alcohol 120% 2.1.0.30316 Setup
FileVersion: 4.45.0.30316
LegalCopyright: Copyright(C) 2002-2020 Alcohol Soft Development Team
ProductName: Alcohol 120%
ProductVersion: 4.45.0.30316
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
304
Monitored processes
27
Malicious processes
5
Suspicious processes
7

Behavior graph

Click at the process to see the details
start alcohol120_retail_2.1.0.30316.exe sptd2inst.exe vssvc.exe no specs SPPSurrogate no specs srtasks.exe no specs conhost.exe no specs plugscheduler.exe no specs updater.exe no specs explorer.exe no specs updater.exe no specs alcohol120_retail_2.1.0.30316.exe no specs alcohol120_retail_2.1.0.30316.exe killaxshlexhlper.exe no specs mx_regshlex64.exe no specs mx_regautoplaycanceler64.exe no specs axahciserviceex.exe no specs axautomntsrv.exe no specs mx_swinst.exe no specs starwindserviceae.exe no specs conhost.exe no specs starwindserviceae.exe no specs conhost.exe no specs starwindserviceae.exe no specs axahciserviceex.exe no specs axsfadownloader.exe axahciserviceex.exe no specs alcohol120_retail_2.1.0.30316.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
484"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\MX_RegShlEx64.exe" C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dllC:\Program Files (x86)\Alcohol Soft\Alcohol 120\MX_RegShlEx64.exeAlcohol120_retail_2.1.0.30316.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\program files (x86)\alcohol soft\alcohol 120\mx_regshlex64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\gdi32.dll
524"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" --startC:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeMX_SWinst.exe
User:
admin
Company:
StarWind Software
Integrity Level:
HIGH
Description:
StarWind iSCSI Target (Alcohol Edition)
Exit code:
0
Version:
12.1 Build 20091211
Modules
Images
c:\program files (x86)\alcohol soft\alcohol 120\starwind\starwindserviceae.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
968KillAxShlExHlper.exeC:\Program Files (x86)\Alcohol Soft\Alcohol 120\KillAxShlExHlper.exeAlcohol120_retail_2.1.0.30316.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\program files (x86)\alcohol soft\alcohol 120\killaxshlexhlper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
1860"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\MX_RegAutoplayCanceler64.exe"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\MX_RegAutoplayCanceler64.exeAlcohol120_retail_2.1.0.30316.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files (x86)\alcohol soft\alcohol 120\mx_regautoplaycanceler64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2000\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeStarWindServiceAE.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2608"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeservices.exe
User:
SYSTEM
Company:
StarWind Software
Integrity Level:
SYSTEM
Description:
StarWind iSCSI Target (Alcohol Edition)
Version:
12.1 Build 20091211
Modules
Images
c:\program files (x86)\alcohol soft\alcohol 120\starwind\starwindserviceae.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2676"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe" -i -sC:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exeAlcohol120_retail_2.1.0.30316.exe
User:
admin
Company:
Alcohol Soft Development Team
Integrity Level:
HIGH
Description:
Alcohol Virtual AHCI Controller Management Service
Exit code:
0
Version:
1.0.2.1812
Modules
Images
c:\program files (x86)\alcohol soft\alcohol 120\axahciserviceex.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
3728"C:\Program Files\RUXIM\PLUGscheduler.exe"C:\Program Files\RUXIM\PLUGScheduler.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Update LifeCycle Component Scheduler
Exit code:
0
Version:
10.0.19041.3623 (WinBuild.160101.0800)
Modules
Images
c:\program files\ruxim\plugscheduler.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
3736"C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe" --wake --systemC:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exesvchost.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Updater
Exit code:
0
Version:
134.0.6985.0
Modules
Images
c:\program files (x86)\google\googleupdater\134.0.6985.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
3908\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
13 386
Read events
13 000
Write events
346
Delete events
40

Modification events

(PID) Process:(6016) SPTD2inst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000738AD68D5AE9DB0180170000C0120000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6016) SPTD2inst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000738AD68D5AE9DB0180170000C0120000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6016) SPTD2inst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4800000000000000AF8EB78D5AE9DB0180170000C0120000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6016) SPTD2inst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000AF8EB78D5AE9DB0180170000C0120000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6016) SPTD2inst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
480000000000000008EED88D5AE9DB0180170000C0120000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6016) SPTD2inst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000ABB4DD8D5AE9DB0180170000C0120000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5424) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Operation:delete keyName:(default)
Value:
(PID) Process:(5424) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Operation:writeName:Element
Value:
0000000000000000000000000000000006000000000000004800000000000000715E5C2FA985EB1190A89A9B763584210000000000000000745E5C2FA985EB1190A89A9B7635842100000000000000000000000000000000
(PID) Process:(5424) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\12000002
Operation:delete keyName:(default)
Value:
(PID) Process:(5424) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\12000002
Operation:writeName:Element
Value:
\EFI\Microsoft\Boot\bootmgfw.efi
Executable files
53
Suspicious files
52
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
5372dllhost.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
5528Alcohol120_retail_2.1.0.30316.exeC:\Users\admin\AppData\Local\Temp\nso65D0.tmp\SetupHlp.dllexecutable
MD5:26628AE407ED37AD4FB7B1E8AD623DF4
SHA256:A5F3700631C64057A304DAEF08AF79A3428DA669585BA4EAD2A7FF7FC34CDF9D
5528Alcohol120_retail_2.1.0.30316.exeC:\Users\admin\AppData\Local\Temp\nso65D0.tmp\W10_17763RegHlper.dllexecutable
MD5:D1A1686AC8444BBD9B1DAED5944BCF04
SHA256:9F25311E89E9C14622E64CDF30330612B984FD940D2197AB6A95A3EF1E6E59AA
5528Alcohol120_retail_2.1.0.30316.exeC:\Users\admin\AppData\Local\Temp\nso65D0.tmp\modern-wizard.bmpimage
MD5:6AD7F23B6DEE9BD5C2849FA8A831DF24
SHA256:AA800D4D2CA0DAC3C75EA5EF2EACCC6E4DEC72F24C21C0E2511D1F1C79DA6013
5372dllhost.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:BD961224A12BDA05A7638A9563E16F32
SHA256:C5DB22AD475A9327D995C7F34E38F19968423EA4DF4E41E8A61483F449BF665E
5528Alcohol120_retail_2.1.0.30316.exeC:\Users\admin\AppData\Local\Temp\nso65D0.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
5372dllhost.exeC:\System Volume Information\SPP\OnlineMetadataCache\{b70d6b84-1e79-463d-b919-ba8756667a17}_OnDiskSnapshotPropbinary
MD5:BD961224A12BDA05A7638A9563E16F32
SHA256:C5DB22AD475A9327D995C7F34E38F19968423EA4DF4E41E8A61483F449BF665E
6016SPTD2inst.exeC:\Windows\System32\drivers\sptd2.sysexecutable
MD5:43C23EC003F00EC613873911E889A94B
SHA256:50D636118B0A5E678313835526F450D20091AF289E412045D6D8E28DD72B1861
5528Alcohol120_retail_2.1.0.30316.exeC:\Users\admin\AppData\Local\Temp\nsz65C0.tmpbinary
MD5:D04D9D281F8D7888314876325B85EA61
SHA256:364AC6709F1DFBE0CAFA4BFDB6884598418E25BE0C6F0CC6B51B79A9230006CE
3728PLUGScheduler.exeC:\ProgramData\PLUG\Logs\RUXIMLog.048.etlbinary
MD5:0DE8B8CBE71A7CD60D67AFE279E1ACB9
SHA256:D17A442ABEB021BFA77E5EDAB3D7F3C6FFEA9C33B8D04409D149B518C5FDB57C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
109
TCP/UDP connections
73
DNS requests
28
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
40.126.31.71:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
POST
400
20.190.160.5:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
40.126.32.72:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
20.190.160.130:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2.16.168.124:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6284
svchost.exe
20.190.160.20:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4692
svchost.exe
95.100.186.9:443
go.microsoft.com
AKAMAI-AS
FR
whitelisted
7136
SIHClient.exe
52.149.20.212:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7136
SIHClient.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
google.com
  • 142.250.184.238
whitelisted
crl.microsoft.com
  • 2.16.168.124
  • 2.16.168.114
  • 23.53.40.178
  • 23.53.40.176
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 184.30.21.171
whitelisted
login.live.com
  • 20.190.160.20
  • 40.126.32.138
  • 20.190.160.3
  • 40.126.32.74
  • 40.126.32.76
  • 40.126.32.140
  • 20.190.160.5
  • 20.190.160.22
whitelisted
nexusrules.officeapps.live.com
  • 52.111.227.13
  • 52.111.243.31
whitelisted
go.microsoft.com
  • 95.100.186.9
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
watson.events.data.microsoft.com
  • 20.189.173.20
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Alcohol120_retail_2.1.0.30316.exe