File name:

2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn

Full analysis: https://app.any.run/tasks/b9ca9649-c5c3-445d-88aa-54d839c90ee0
Verdict: Malicious activity
Analysis date: May 19, 2025, 17:28:07
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
jeefo
auto-reg
python
pyinstaller
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
MD5:

51B9A7C1C2B05C11CCBCAA5795F3A42F

SHA1:

29ED2070C9C66F69EF20F3A7C6721F4F5C5AE778

SHA256:

C105492D6F4AE893BFECAACDBFB64496F999357ED71A9648CFDB4BEE85FBD637

SSDEEP:

98304:Hcp1T2Q6r2WZ9J5RnFe4lkDVsONwfz1Tw2HQxFG9A/XTKNV2aSceq1rEAUKKarHa:rd7fyx6mDW8dRp+IBVMoY21

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • JEEFO has been detected

      • icsys.icn.exe (PID: 8068)
      • explorer.exe (PID: 8088)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • svchost.exe (PID: 8128)

    • Changes the autorun value in the registry

      • explorer.exe (PID: 8088)
      • svchost.exe (PID: 8128)

  • SUSPICIOUS

    • Starts itself from another location

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • icsys.icn.exe (PID: 8068)
      • explorer.exe (PID: 8088)
      • spoolsv.exe (PID: 8108)
      • svchost.exe (PID: 8128)

    • Executable content was dropped or overwritten

      • icsys.icn.exe (PID: 8068)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • explorer.exe (PID: 8088)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)
      • spoolsv.exe (PID: 8108)

    • The process creates files with name similar to system file names

      • icsys.icn.exe (PID: 8068)
      • spoolsv.exe (PID: 8108)

    • Process drops python dynamic module

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)

    • Process drops legitimate windows executable

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)

    • Starts application with an unusual extension

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)

    • The process drops C-runtime libraries

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)

    • There is functionality for taking screenshot (YARA)

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 668)

    • Loads Python modules

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 668)

    • Creates or modifies Windows services

      • svchost.exe (PID: 8128)

    • Application launched itself

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)

  • INFO

    • Create files in a temporary directory

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)
      • icsys.icn.exe (PID: 8068)
      • explorer.exe (PID: 8088)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • svchost.exe (PID: 8128)
      • spoolsv.exe (PID: 8148)
      • spoolsv.exe (PID: 8108)

    • Checks supported languages

      • icsys.icn.exe (PID: 8068)
      • spoolsv.exe (PID: 8108)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)
      • explorer.exe (PID: 8088)
      • svchost.exe (PID: 8128)
      • spoolsv.exe (PID: 8148)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 668)

    • Reads the computer name

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)
      • svchost.exe (PID: 8128)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 668)

    • The sample compiled with english language support

      • explorer.exe (PID: 8088)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • icsys.icn.exe (PID: 8068)
      • spoolsv.exe (PID: 8108)

    • Auto-launch of the file from Registry key

      • explorer.exe (PID: 8088)
      • svchost.exe (PID: 8128)

    • Manual execution by a user

      • svchost.exe (PID: 5972)
      • explorer.exe (PID: 5364)

    • PyInstaller has been detected (YARA)

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 668)

    • Reads the machine GUID from the registry

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 668)

    • Checks proxy server information

      • slui.exe (PID: 4980)

    • Reads the software policy settings

      • slui.exe (PID: 4980)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2013:04:01 07:08:22+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 106496
InitializedDataSize: 12288
UninitializedDataSize: -
EntryPoint: 0x290c
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
ProductName: Project1
FileVersion: 1
ProductVersion: 1
InternalName: TJprojMain
OriginalFileName: TJprojMain.exe
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
135
Monitored processes
12
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #JEEFO 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  #JEEFO icsys.icn.exe #JEEFO explorer.exe spoolsv.exe #JEEFO svchost.exe spoolsv.exe no specs explorer.exe no specs svchost.exe no specs 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  no specs slui.exe 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
668c:\users\admin\desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  C:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe 
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe 
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4980C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5364c:\windows\resources\themes\explorer.exe ROC:\Windows\Resources\Themes\explorer.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
1.00
Modules
Images
c:\windows\resources\themes\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
5972c:\windows\resources\svchost.exe ROC:\Windows\Resources\svchost.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
1.00
Modules
Images
c:\windows\resources\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7836"C:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe" C:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
1.00
Modules
Images
c:\users\admin\desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7936"C:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe" C:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
1.00
Modules
Images
c:\users\admin\desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7960c:\users\admin\desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  C:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe 
2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe 
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
8068C:\Windows\Resources\Themes\icsys.icn.exeC:\Windows\Resources\Themes\icsys.icn.exe
2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
1.00
Modules
Images
c:\windows\resources\themes\icsys.icn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
8088c:\windows\resources\themes\explorer.exeC:\Windows\Resources\Themes\explorer.exe
icsys.icn.exe
User:
admin
Integrity Level:
HIGH
Version:
1.00
Modules
Images
c:\windows\resources\themes\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
8108c:\windows\resources\spoolsv.exe SEC:\Windows\Resources\spoolsv.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
1.00
Modules
Images
c:\windows\resources\spoolsv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
Total events
3 925
Read events
3 906
Write events
15
Delete events
4

Modification events

(PID) Process:(7936) 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exeKey:HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Explorer\Process
Operation:writeName:LO
Value:
1
(PID) Process:(8068) icsys.icn.exeKey:HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Explorer\Process
Operation:writeName:LO
Value:
1
(PID) Process:(8128) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Explorer
Value:
c:\windows\resources\themes\explorer.exe RO
(PID) Process:(8128) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Svchost
Value:
c:\windows\resources\svchost.exe RO
(PID) Process:(8128) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Explorer
Value:
(PID) Process:(8128) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Svchost
Value:
(PID) Process:(8088) explorer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Explorer
Value:
c:\windows\resources\themes\explorer.exe RO
(PID) Process:(8088) explorer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Svchost
Value:
c:\windows\resources\svchost.exe RO
(PID) Process:(8088) explorer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Explorer
Value:
(PID) Process:(8088) explorer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Svchost
Value:
Executable files
26
Suspicious files
7
Text files
916
Unknown types
0

Dropped files

PID
Process
Filename
Type
79362025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exeC:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe executable
MD5:43143ED85E9429C34A76CBE87B0B7ED4
SHA256:D927A2022B49A37739B0845A0C9AEBAB40E6C89F8843158A782E308118EE3518
79362025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exeC:\Windows\Resources\Themes\icsys.icn.exeexecutable
MD5:6053A9DF817CECCE1933A09FB1247415
SHA256:F62BD1801DD5D6F6FC5F169D8181A567E0A52C68C6490BAA9C794E2D0FBDBAAA
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_decimal.pydexecutable
MD5:A15B76716FADEC654996CA12FC7F1806
SHA256:7A50820B86E6641BD5948EF7467F581742480C6AB2AB5F78D3A8AAB5DB5FEEF8
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_tcl_data\encoding\cp1252.enctext
MD5:5900F51FD8B5FF75E65594EB7DD50533
SHA256:14DF3AE30E81E7620BE6BBB7A9E42083AF1AE04D94CF1203565F8A3C0542ACE0
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_tcl_data\clock.tcltext
MD5:F1E825244CC9741595F47F4979E971A5
SHA256:F0CF27CB4B5D9E3B5D7C84B008981C8957A0FF94671A52CC6355131E55DD59FB
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_tcl_data\auto.tcltext
MD5:5E9B3E874F8FBEAADEF3A004A1B291B5
SHA256:F385515658832FEB75EE4DCE5BD53F7F67F2629077B7D049B86A730A49BD0840
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_tcl_data\encoding\cp1251.enctext
MD5:55FB20FB09C610DB38C22CF8ADD4F7B8
SHA256:2D1BED2422E131A140087FAF1B12B8A46F7DE3B6413BAE8BC395C06F0D70B9B0
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_ssl.pydexecutable
MD5:B92B8E24411BF2F5A8B3CFE432EF8B65
SHA256:241CA6C3F0A2BE00F45922DCC8904C9438A4F726394082B1ADD676313916ABF3
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_tcl_data\encoding\ascii.enctext
MD5:68D69C53B4A9F0AABD60646CA7E06DAE
SHA256:294C97175FD0894093B866E73548AE660AEED0C3CC1E73867EB66E52D34C0DD2
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_tcl_data\encoding\cp1254.enctext
MD5:35AD7A8FC0B80353D1C471F6792D3FD8
SHA256:BC4CBE4C99FD65ABEA45FBDAF28CC1D5C42119280125FBBD5C2C11892AE460B2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
21
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
23.216.77.22:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
23.216.77.22:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7412
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4980
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.142
whitelisted
crl.microsoft.com
  • 23.216.77.22
  • 23.216.77.6
  • 23.216.77.38
  • 23.216.77.7
  • 23.216.77.29
  • 23.216.77.18
  • 23.216.77.35
  • 23.216.77.41
  • 23.216.77.19
whitelisted
www.microsoft.com
  • 69.192.161.161
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn