File name:

ProfExam-Simulator.exe

Full analysis: https://app.any.run/tasks/31655a9d-2240-456b-a9a2-41458baeb8f1
Verdict: Malicious activity
Analysis date: July 28, 2024, 15:36:03
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
installer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

5870A63EFD046F6F4B0F8B087FDE3494

SHA1:

CDCE3019AB2519876A4899DB2454DCCDC5CE3157

SHA256:

B6F01966DFC0943F38292B428C0EC9C2174DDE60032B6D3AAC88D0AF9ED85E9D

SSDEEP:

98304:1+cD4dnAi3lX6gFBUmXuMyTUy0d5uWZE/mZIjqz8pqbWEDvrbcMqZjD+kC/iJYj0:kQJRF0d6B+M

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ProfExam-Simulator.exe (PID: 2692)
      • ProfExam-Simulator.exe (PID: 6420)
      • ProfExam-Simulator.tmp (PID: 5904)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • ProfExam-Simulator.tmp (PID: 4564)
      • Simulator.exe (PID: 4288)
      • Simulator.exe (PID: 2548)
      • GameBar.exe (PID: 3384)

    • Executable content was dropped or overwritten

      • ProfExam-Simulator.exe (PID: 2692)
      • ProfExam-Simulator.exe (PID: 6420)
      • ProfExam-Simulator.tmp (PID: 5904)

    • Reads the date of Windows installation

      • ProfExam-Simulator.tmp (PID: 4564)

    • Reads the Windows owner or organization settings

      • ProfExam-Simulator.tmp (PID: 5904)

    • Process drops legitimate windows executable

      • ProfExam-Simulator.tmp (PID: 5904)

  • INFO

    • Create files in a temporary directory

      • ProfExam-Simulator.exe (PID: 2692)
      • ProfExam-Simulator.exe (PID: 6420)
      • ProfExam-Simulator.tmp (PID: 5904)
      • Simulator.exe (PID: 2548)

    • Process checks computer location settings

      • ProfExam-Simulator.tmp (PID: 4564)

    • Reads the computer name

      • ProfExam-Simulator.tmp (PID: 4564)
      • ProfExam-Simulator.tmp (PID: 5904)
      • Simulator.exe (PID: 4288)
      • Simulator.exe (PID: 2548)
      • GameBar.exe (PID: 3384)

    • Checks supported languages

      • ProfExam-Simulator.exe (PID: 2692)
      • ProfExam-Simulator.tmp (PID: 4564)
      • ProfExam-Simulator.exe (PID: 6420)
      • ProfExam-Simulator.tmp (PID: 5904)
      • Simulator.exe (PID: 4288)
      • Simulator.exe (PID: 2548)
      • GameBar.exe (PID: 3384)

    • Creates files in the program directory

      • ProfExam-Simulator.tmp (PID: 5904)

    • Creates a software uninstall entry

      • ProfExam-Simulator.tmp (PID: 5904)

    • Reads the machine GUID from the registry

      • Simulator.exe (PID: 4288)
      • Simulator.exe (PID: 2548)

    • Reads Environment values

      • Simulator.exe (PID: 4288)
      • Simulator.exe (PID: 2548)

    • Creates files or folders in the user directory

      • Simulator.exe (PID: 4288)
      • Simulator.exe (PID: 2548)

    • Reads the software policy settings

      • Simulator.exe (PID: 4288)
      • slui.exe (PID: 1712)
      • Simulator.exe (PID: 2548)

    • Disables trace logs

      • Simulator.exe (PID: 4288)
      • Simulator.exe (PID: 2548)

    • Checks proxy server information

      • Simulator.exe (PID: 4288)
      • slui.exe (PID: 1712)
      • Simulator.exe (PID: 2548)

    • Manual execution by a user

      • Simulator.exe (PID: 2548)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 100864
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 8.0.0.0
ProductVersionNumber: 8.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Sketchman Studio
FileDescription: ProfExam Simulator 8.0
FileVersion: 8.0
LegalCopyright: (c) 2024 Sketchman Studio
OriginalFileName:
ProductName: ProfExam Simulator
ProductVersion: 8.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
158
Monitored processes
8
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start profexam-simulator.exe profexam-simulator.tmp no specs profexam-simulator.exe profexam-simulator.tmp slui.exe simulator.exe simulator.exe gamebar.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1712C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2548"C:\Program Files (x86)\ProfExam Simulator 8\Simulator.exe" C:\Program Files (x86)\ProfExam Simulator 8\Simulator.exe
explorer.exe
User:
admin
Company:
Sketchman Studio
Integrity Level:
MEDIUM
Description:
ProfExam Simulator
Version:
8.0.24175.2265
Modules
Images
c:\program files (x86)\profexam simulator 8\simulator.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2692"C:\Users\admin\AppData\Local\Temp\ProfExam-Simulator.exe" C:\Users\admin\AppData\Local\Temp\ProfExam-Simulator.exe
explorer.exe
User:
admin
Company:
Sketchman Studio
Integrity Level:
MEDIUM
Description:
ProfExam Simulator 8.0
Exit code:
0
Version:
8.0
Modules
Images
c:\users\admin\appdata\local\temp\profexam-simulator.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
3384"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mcaC:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\GameBar.exesvchost.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\program files\windowsapps\microsoft.xboxgamingoverlay_2.34.28001.0_x64__8wekyb3d8bbwe\gamebar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\program files\windowsapps\microsoft.vclibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\vccorlib140_app.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
4288"C:\Program Files (x86)\ProfExam Simulator 8\Simulator.exe"C:\Program Files (x86)\ProfExam Simulator 8\Simulator.exe
ProfExam-Simulator.tmp
User:
admin
Company:
Sketchman Studio
Integrity Level:
MEDIUM
Description:
ProfExam Simulator
Exit code:
0
Version:
8.0.24175.2265
Modules
Images
c:\program files (x86)\profexam simulator 8\simulator.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
4564"C:\Users\admin\AppData\Local\Temp\is-50U6D.tmp\ProfExam-Simulator.tmp" /SL5="$1A0180,5207827,843776,C:\Users\admin\AppData\Local\Temp\ProfExam-Simulator.exe" C:\Users\admin\AppData\Local\Temp\is-50U6D.tmp\ProfExam-Simulator.tmpProfExam-Simulator.exe
User:
admin
Company:
Sketchman Studio
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-50u6d.tmp\profexam-simulator.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
5904"C:\Users\admin\AppData\Local\Temp\is-28K8N.tmp\ProfExam-Simulator.tmp" /SL5="$2102DA,5207827,843776,C:\Users\admin\AppData\Local\Temp\ProfExam-Simulator.exe" /SPAWNWND=$D03C2 /NOTIFYWND=$1A0180 C:\Users\admin\AppData\Local\Temp\is-28K8N.tmp\ProfExam-Simulator.tmp
ProfExam-Simulator.exe
User:
admin
Company:
Sketchman Studio
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-28k8n.tmp\profexam-simulator.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
6420"C:\Users\admin\AppData\Local\Temp\ProfExam-Simulator.exe" /SPAWNWND=$D03C2 /NOTIFYWND=$1A0180 C:\Users\admin\AppData\Local\Temp\ProfExam-Simulator.exe
ProfExam-Simulator.tmp
User:
admin
Company:
Sketchman Studio
Integrity Level:
HIGH
Description:
ProfExam Simulator 8.0
Exit code:
0
Version:
8.0
Modules
Images
c:\users\admin\appdata\local\temp\profexam-simulator.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
Total events
71 507
Read events
71 427
Write events
74
Delete events
6

Modification events

(PID) Process:(5904) ProfExam-Simulator.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
1017000062CC36E003E1DA01
(PID) Process:(5904) ProfExam-Simulator.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
DD9198E0F4DA7D31C60D6F4CDAE82B049CBA29A7D7B926E24156A600ADB68860
(PID) Process:(5904) ProfExam-Simulator.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(5904) ProfExam-Simulator.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files (x86)\ProfExam Simulator 8\DotNetZip.dll
(PID) Process:(5904) ProfExam-Simulator.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
A85EC7C4EBC51A09AD844CD171619D796443AF49AA1F9D22EC962E7CB119D287
(PID) Process:(5904) ProfExam-Simulator.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ProfExam Simulator_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(5904) ProfExam-Simulator.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ProfExam Simulator_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\ProfExam Simulator 8
(PID) Process:(5904) ProfExam-Simulator.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ProfExam Simulator_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\ProfExam Simulator 8\
(PID) Process:(5904) ProfExam-Simulator.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ProfExam Simulator_is1
Operation:writeName:Inno Setup: Icon Group
Value:
ProfExam Simulator
(PID) Process:(5904) ProfExam-Simulator.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ProfExam Simulator_is1
Operation:writeName:Inno Setup: User
Value:
admin
Executable files
32
Suspicious files
27
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
6420ProfExam-Simulator.exeC:\Users\admin\AppData\Local\Temp\is-28K8N.tmp\ProfExam-Simulator.tmpexecutable
MD5:AB906613F69E9FF493949FD8D6E24D12
SHA256:E5949D1C8F904A93D46E39793807A1D1CC2FF8FADEC6BBBFC08FC937D1D56319
2692ProfExam-Simulator.exeC:\Users\admin\AppData\Local\Temp\is-50U6D.tmp\ProfExam-Simulator.tmpexecutable
MD5:AB906613F69E9FF493949FD8D6E24D12
SHA256:E5949D1C8F904A93D46E39793807A1D1CC2FF8FADEC6BBBFC08FC937D1D56319
5904ProfExam-Simulator.tmpC:\Program Files (x86)\ProfExam Simulator 8\Material.Icons.WPF.dllexecutable
MD5:70F9B22F4086FD71313CBA790A3D2AD4
SHA256:D5772762245D05694E492CF1A0D76905AFD70293BD61B9F329D47B18095B351B
5904ProfExam-Simulator.tmpC:\Users\admin\AppData\Local\Temp\is-OBPTL.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
5904ProfExam-Simulator.tmpC:\Program Files (x86)\ProfExam Simulator 8\Newtonsoft.Json.dllexecutable
MD5:195FFB7167DB3219B217C4FD439EEDD6
SHA256:E1E27AF7B07EEEDF5CE71A9255F0422816A6FC5849A483C6714E1B472044FA9D
5904ProfExam-Simulator.tmpC:\Program Files (x86)\ProfExam Simulator 8\SketchmanStudio.dllexecutable
MD5:4452A275F0CFA76AE2EACC848CD10122
SHA256:698F8A9D04B0D254416E2A547B059CE60325AA30BF8046F3E4030FCBE5E6E418
5904ProfExam-Simulator.tmpC:\Program Files (x86)\ProfExam Simulator 8\is-PS6VB.tmpexecutable
MD5:195FFB7167DB3219B217C4FD439EEDD6
SHA256:E1E27AF7B07EEEDF5CE71A9255F0422816A6FC5849A483C6714E1B472044FA9D
5904ProfExam-Simulator.tmpC:\Program Files (x86)\ProfExam Simulator 8\EntityFramework.dllexecutable
MD5:FFDCF232D0BB2FFF78721FB347641A76
SHA256:FF42BCA704605E187ABB45523868B15128D6AF1C28AD40A4579D507D34A953B2
5904ProfExam-Simulator.tmpC:\Program Files (x86)\ProfExam Simulator 8\is-SQL4K.tmpexecutable
MD5:4452A275F0CFA76AE2EACC848CD10122
SHA256:698F8A9D04B0D254416E2A547B059CE60325AA30BF8046F3E4030FCBE5E6E418
5904ProfExam-Simulator.tmpC:\Program Files (x86)\ProfExam Simulator 8\is-KH979.tmpexecutable
MD5:FFDCF232D0BB2FFF78721FB347641A76
SHA256:FF42BCA704605E187ABB45523868B15128D6AF1C28AD40A4579D507D34A953B2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
56
DNS requests
24
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4424
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4424
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3676
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4132
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
6684
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4340
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
131.253.33.254:443
a-ring-fallback.msedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
104.126.37.139:443
www.bing.com
Akamai International B.V.
DE
unknown
6012
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4580
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1292
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5692
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
t-ring-fdv2.msedge.net
  • 13.107.237.254
unknown
a-ring-fallback.msedge.net
  • 131.253.33.254
unknown
www.bing.com
  • 104.126.37.139
  • 104.126.37.160
  • 104.126.37.136
  • 104.126.37.162
  • 104.126.37.153
  • 104.126.37.163
  • 104.126.37.155
  • 104.126.37.170
  • 104.126.37.171
  • 104.126.37.186
  • 104.126.37.177
  • 104.126.37.184
  • 104.126.37.146
  • 104.126.37.161
  • 104.126.37.169
whitelisted
google.com
  • 142.250.185.174
whitelisted
fp-afd-nocache-ccp.azureedge.net
  • 13.107.246.45
whitelisted
login.live.com
  • 40.126.32.68
  • 40.126.32.74
  • 40.126.32.138
  • 40.126.32.136
  • 20.190.160.20
  • 40.126.32.133
  • 40.126.32.134
  • 40.126.32.76
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted

Threats

No threats detected
Process
Message
Simulator.exe
Native library pre-loader is trying to load native SQLite library "C:\Program Files (x86)\ProfExam Simulator 8\x64\SQLite.Interop.dll"...
Simulator.exe
SQLite error (17): statement aborts at 40: [CREATE TABLE `sessions` (`id` VARCHAR (50) PRIMARY KEY, `date_time` INTEGER, `file_id` VARCHAR (50), `file_hash` VARCHAR (32), `score` INTEGER, `delta_time` REAL, `time` REAL, `type` I
Simulator.exe
SQLite error (17): statement aborts at 29: [CREATE TABLE `profexam` (`var` TEXT, `val` TEXT);] database schema has changed
Simulator.exe
SQLite error (17): statement aborts at 40: [CREATE TABLE `files` (`id` VARCHAR (50) PRIMARY KEY, `name` TEXT, `path` TEXT, `hash` VARCHAR (32), `exam_name` TEXT, `exam_number` TEXT, `exam_qst` INTEGER DEFAULT (0), `exam_exm` INT
Simulator.exe
Native library pre-loader is trying to load native SQLite library "C:\Program Files (x86)\ProfExam Simulator 8\x64\SQLite.Interop.dll"...
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ProfExam-Simulator.exe