File name:

b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe

Full analysis: https://app.any.run/tasks/cae11021-e7eb-45ae-9d5e-f562ed3f79f7
Verdict: Malicious activity
Analysis date: April 07, 2024, 12:26:04
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

E8AA9AE55183C580E876BAFD7F0C9ECE

SHA1:

0568D08A789C068F2CBD87CFF54C293639328356

SHA256:

B27EA67210985F92B8E0AD76B5E9FD7D75EECACB5BDB80EC5A3FADCCF5B264E4

SSDEEP:

98304:vDk2DFK1O1HzllX0Lf/TgPl4UdMNTnhSwSIPZIElXBYRiPg0lBSRS/TNbLVLUpio:2qGgHZ8R5SN1quThzhU3G3X5JmxfYCI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe (PID: 6476)

    • Drops the executable file immediately after the start

      • b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe (PID: 6476)

  • SUSPICIOUS

    • Creates a software uninstall entry

      • b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe (PID: 6476)

    • Reads security settings of Internet Explorer

      • TextInputHost.exe (PID: 6624)
      • aBreevy8.exe (PID: 7128)

  • INFO

    • Reads the computer name

      • b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe (PID: 6476)
      • TextInputHost.exe (PID: 6624)
      • aBreevy8.exe (PID: 7128)

    • Checks supported languages

      • b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe (PID: 6476)
      • aBreevy8.exe (PID: 7128)
      • TextInputHost.exe (PID: 6624)

    • Manual execution by a user

      • aBreevy8.exe (PID: 7128)

    • Creates files in the program directory

      • b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe (PID: 6476)

    • Creates files or folders in the user directory

      • aBreevy8.exe (PID: 7128)
      • BackgroundTransferHost.exe (PID: 428)

    • Create files in a temporary directory

      • b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe (PID: 6476)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 4168)
      • BackgroundTransferHost.exe (PID: 428)
      • BackgroundTransferHost.exe (PID: 5068)
      • BackgroundTransferHost.exe (PID: 6396)
      • BackgroundTransferHost.exe (PID: 1064)

    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 428)
      • slui.exe (PID: 2348)

    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 428)
      • slui.exe (PID: 2348)

    • Dropped object may contain TOR URL's

      • b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe (PID: 6476)

    • Process checks computer location settings

      • aBreevy8.exe (PID: 7128)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:02 02:09:39+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x34fc
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2024.4.2.0
ProductVersionNumber: 2024.4.2.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: aBreevy8 (2024.04.02) Setup
CompanyName: 16 Software LLC (https://abreevy8.io)
FileDescription: aBreevy8 (2024.04.02) Setup
FileVersion: 2024.04.02
LegalCopyright: Copyright (c) 2009-2024 16 Software LLC
ProductName: aBreevy8
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
138
Monitored processes
10
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe abreevy8.exe textinputhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs slui.exe b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
428"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.746 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1064"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.746 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
2348C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
4168"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.746 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
4368"C:\Users\admin\AppData\Local\Temp\b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe" C:\Users\admin\AppData\Local\Temp\b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeexplorer.exe
User:
admin
Company:
16 Software LLC (https://abreevy8.io)
Integrity Level:
MEDIUM
Description:
aBreevy8 (2024.04.02) Setup
Exit code:
3221226540
Version:
2024.04.02
Modules
Images
c:\users\admin\appdata\local\temp\b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
5068"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.746 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
6396"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.746 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
6476"C:\Users\admin\AppData\Local\Temp\b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe" C:\Users\admin\AppData\Local\Temp\b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe
explorer.exe
User:
admin
Company:
16 Software LLC (https://abreevy8.io)
Integrity Level:
HIGH
Description:
aBreevy8 (2024.04.02) Setup
Exit code:
0
Version:
2024.04.02
Modules
Images
c:\users\admin\appdata\local\temp\b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6624"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mcaC:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Version:
2001.22012.0.3920
Modules
Images
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\inputapp\textinputhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\program files\windowsapps\microsoft.vclibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\vcruntime140_app.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
7128"C:\Program Files (x86)\aBreevy8\aBreevy8.exe" C:\Program Files (x86)\aBreevy8\aBreevy8.exe
explorer.exe
User:
admin
Company:
16 Software LLC (abreevy8.io)
Integrity Level:
MEDIUM
Description:
aBreevy8
Version:
2024.04.02
Modules
Images
c:\program files (x86)\abreevy8\abreevy8.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
19 680
Read events
19 616
Write events
63
Delete events
1

Modification events

(PID) Process:(6476) b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\aBreevy8
Operation:writeName:DisplayName
Value:
aBreevy8
(PID) Process:(6476) b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\aBreevy8
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\aBreevy8\uninst.exe"
(PID) Process:(6476) b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\aBreevy8
Operation:writeName:DisplayIcon
Value:
"C:\Program Files (x86)\aBreevy8\aBreevy8.exe"
(PID) Process:(6476) b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\aBreevy8
Operation:writeName:DisplayVersion
Value:
2024.04.02
(PID) Process:(6476) b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\aBreevy8
Operation:writeName:URLInfoAbout
Value:
https://abreevy8.io
(PID) Process:(6476) b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\aBreevy8
Operation:writeName:Publisher
Value:
16 Software LLC
(PID) Process:(6476) b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\aBreevy8
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\aBreevy8
(PID) Process:(6476) b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\aBreevy8
Operation:writeName:VersionMajor
Value:
2024
(PID) Process:(6476) b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\aBreevy8
Operation:writeName:VersionMinor
Value:
1
(PID) Process:(6476) b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\aBreevy8
Operation:writeName:MajorVersion
Value:
2024
Executable files
58
Suspicious files
19
Text files
34
Unknown types
4

Dropped files

PID
Process
Filename
Type
6476b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeC:\Users\admin\AppData\Local\Temp\nsf982.tmp\UserInfo.dllexecutable
MD5:
SHA256:
6476b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeC:\Users\admin\AppData\Local\Temp\nsf982.tmp\modern-header.bmpimage
MD5:
SHA256:
6476b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeC:\Users\admin\AppData\Local\Temp\nsf982.tmp\nsDialogs.dllexecutable
MD5:
SHA256:
6476b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeC:\Program Files (x86)\aBreevy8\aBreevy8.exeexecutable
MD5:
SHA256:
6476b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeC:\Program Files (x86)\aBreevy8\License.txttext
MD5:
SHA256:
6476b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeC:\Program Files (x86)\aBreevy8\changelog.txttext
MD5:
SHA256:
6476b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeC:\Program Files (x86)\aBreevy8\sets\Examples.bvytext
MD5:
SHA256:
6476b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeC:\Program Files (x86)\aBreevy8\sets\Medical Transcription.bvytext
MD5:
SHA256:
6476b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeC:\Program Files (x86)\aBreevy8\sets\Typo AutoCorrections.bvytext
MD5:
SHA256:
6476b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exeC:\Program Files (x86)\aBreevy8\help\ack.htmlhtml
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
49
DNS requests
13
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1156
SIHClient.exe
GET
200
23.215.41.150:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
3996
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
6296
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
unknown
1156
SIHClient.exe
GET
200
23.215.41.150:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
428
BackgroundTransferHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4828
svchost.exe
239.255.255.250:1900
unknown
1280
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3996
svchost.exe
40.126.32.134:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3996
svchost.exe
20.190.160.22:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3996
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1156
SIHClient.exe
40.68.123.157:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
1156
SIHClient.exe
23.215.41.150:80
www.microsoft.com
AKAMAI-AS
US
unknown
1156
SIHClient.exe
13.85.23.206:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
6296
backgroundTaskHost.exe
20.199.58.43:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
unknown
6296
backgroundTaskHost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
ocsp.digicert.com
  • 192.229.221.95
whitelisted
slscr.update.microsoft.com
  • 40.68.123.157
whitelisted
www.microsoft.com
  • 23.215.41.150
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
www.bing.com
  • 184.50.113.243
  • 184.50.113.227
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
abreevy8.io
  • 216.92.94.132
unknown
nexusrules.officeapps.live.com
  • 52.111.236.22
whitelisted

Threats

No threats detected
Process
Message
b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe
ExecShellAsUser: got desktop
b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe
ExecShellAsUser: elevated process detected
b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe
ExecShellAsUser: DLL_PROCESS_DETACH
b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe
ExecShellAsUser: thread finished
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
b27ea67210985f92b8e0ad76b5e9fd7d75eecacb5bdb80ec5a3fadccf5b264e4.exe