File name:

2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn

Full analysis: https://app.any.run/tasks/b9ca9649-c5c3-445d-88aa-54d839c90ee0
Verdict: Malicious activity
Analysis date: May 19, 2025, 17:28:07
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
jeefo
auto-reg
python
pyinstaller
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
MD5:

51B9A7C1C2B05C11CCBCAA5795F3A42F

SHA1:

29ED2070C9C66F69EF20F3A7C6721F4F5C5AE778

SHA256:

C105492D6F4AE893BFECAACDBFB64496F999357ED71A9648CFDB4BEE85FBD637

SSDEEP:

98304:Hcp1T2Q6r2WZ9J5RnFe4lkDVsONwfz1Tw2HQxFG9A/XTKNV2aSceq1rEAUKKarHa:rd7fyx6mDW8dRp+IBVMoY21

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • JEEFO has been detected

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • explorer.exe (PID: 8088)
      • icsys.icn.exe (PID: 8068)
      • svchost.exe (PID: 8128)

    • Changes the autorun value in the registry

      • explorer.exe (PID: 8088)
      • svchost.exe (PID: 8128)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)
      • explorer.exe (PID: 8088)
      • icsys.icn.exe (PID: 8068)
      • spoolsv.exe (PID: 8108)

    • Starts application with an unusual extension

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)

    • The process drops C-runtime libraries

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)

    • Process drops legitimate windows executable

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)

    • Starts itself from another location

      • icsys.icn.exe (PID: 8068)
      • explorer.exe (PID: 8088)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • spoolsv.exe (PID: 8108)
      • svchost.exe (PID: 8128)

    • Process drops python dynamic module

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)

    • The process creates files with name similar to system file names

      • icsys.icn.exe (PID: 8068)
      • spoolsv.exe (PID: 8108)

    • Application launched itself

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)

    • Loads Python modules

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 668)

    • There is functionality for taking screenshot (YARA)

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 668)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)

    • Creates or modifies Windows services

      • svchost.exe (PID: 8128)

  • INFO

    • Create files in a temporary directory

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • explorer.exe (PID: 8088)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)
      • icsys.icn.exe (PID: 8068)
      • svchost.exe (PID: 8128)
      • spoolsv.exe (PID: 8148)
      • spoolsv.exe (PID: 8108)

    • The sample compiled with english language support

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)
      • explorer.exe (PID: 8088)
      • icsys.icn.exe (PID: 8068)
      • spoolsv.exe (PID: 8108)

    • Checks supported languages

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe (PID: 7936)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)
      • explorer.exe (PID: 8088)
      • icsys.icn.exe (PID: 8068)
      • spoolsv.exe (PID: 8148)
      • spoolsv.exe (PID: 8108)
      • svchost.exe (PID: 8128)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 668)

    • Reads the computer name

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)
      • svchost.exe (PID: 8128)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 668)

    • Auto-launch of the file from Registry key

      • explorer.exe (PID: 8088)
      • svchost.exe (PID: 8128)

    • Reads the machine GUID from the registry

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 668)

    • Checks proxy server information

      • slui.exe (PID: 4980)

    • PyInstaller has been detected (YARA)

      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 668)
      • 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  (PID: 7960)

    • Reads the software policy settings

      • slui.exe (PID: 4980)

    • Manual execution by a user

      • explorer.exe (PID: 5364)
      • svchost.exe (PID: 5972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2013:04:01 07:08:22+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 106496
InitializedDataSize: 12288
UninitializedDataSize: -
EntryPoint: 0x290c
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
ProductName: Project1
FileVersion: 1
ProductVersion: 1
InternalName: TJprojMain
OriginalFileName: TJprojMain.exe
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
135
Monitored processes
12
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #JEEFO 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  #JEEFO icsys.icn.exe #JEEFO explorer.exe spoolsv.exe #JEEFO svchost.exe spoolsv.exe no specs explorer.exe no specs svchost.exe no specs 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  no specs slui.exe 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
668c:\users\admin\desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  C:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe 
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe 
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4980C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5364c:\windows\resources\themes\explorer.exe ROC:\Windows\Resources\Themes\explorer.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
1.00
Modules
Images
c:\windows\resources\themes\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
5972c:\windows\resources\svchost.exe ROC:\Windows\Resources\svchost.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
1.00
Modules
Images
c:\windows\resources\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7836"C:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe" C:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
1.00
Modules
Images
c:\users\admin\desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7936"C:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe" C:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
1.00
Modules
Images
c:\users\admin\desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7960c:\users\admin\desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe  C:\Users\admin\Desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe 
2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\desktop\2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe 
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
8068C:\Windows\Resources\Themes\icsys.icn.exeC:\Windows\Resources\Themes\icsys.icn.exe
2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
1.00
Modules
Images
c:\windows\resources\themes\icsys.icn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
8088c:\windows\resources\themes\explorer.exeC:\Windows\Resources\Themes\explorer.exe
icsys.icn.exe
User:
admin
Integrity Level:
HIGH
Version:
1.00
Modules
Images
c:\windows\resources\themes\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
8108c:\windows\resources\spoolsv.exe SEC:\Windows\Resources\spoolsv.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
1.00
Modules
Images
c:\windows\resources\spoolsv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
Total events
3 925
Read events
3 906
Write events
15
Delete events
4

Modification events

(PID) Process:(7936) 2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exeKey:HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Explorer\Process
Operation:writeName:LO
Value:
1
(PID) Process:(8068) icsys.icn.exeKey:HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Explorer\Process
Operation:writeName:LO
Value:
1
(PID) Process:(8128) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Explorer
Value:
c:\windows\resources\themes\explorer.exe RO
(PID) Process:(8128) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Svchost
Value:
c:\windows\resources\svchost.exe RO
(PID) Process:(8128) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Explorer
Value:
(PID) Process:(8128) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Svchost
Value:
(PID) Process:(8088) explorer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Explorer
Value:
c:\windows\resources\themes\explorer.exe RO
(PID) Process:(8088) explorer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:Svchost
Value:
c:\windows\resources\svchost.exe RO
(PID) Process:(8088) explorer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Explorer
Value:
(PID) Process:(8088) explorer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Svchost
Value:
Executable files
26
Suspicious files
7
Text files
916
Unknown types
0

Dropped files

PID
Process
Filename
Type
79362025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exeC:\Windows\Resources\Themes\icsys.icn.exeexecutable
MD5:6053A9DF817CECCE1933A09FB1247415
SHA256:F62BD1801DD5D6F6FC5F169D8181A567E0A52C68C6490BAA9C794E2D0FBDBAAA
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_lzma.pydexecutable
MD5:70FA9A50E011FB79CC12EA0EBECD24EE
SHA256:FDDDF079526D16FAFD455F4FA2141F89E861EB6C0689DA5C0F6E9A162291CE27
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_tcl_data\encoding\ascii.enctext
MD5:68D69C53B4A9F0AABD60646CA7E06DAE
SHA256:294C97175FD0894093B866E73548AE660AEED0C3CC1E73867EB66E52D34C0DD2
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_ctypes.pydexecutable
MD5:B153695F6E2C9D69400AFD403AB2433F
SHA256:CF85EF542CA2D896383894E0BEAE23581CB5A4C50E3D044ADF85F3A406FBFB34
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\VCRUNTIME140.dllexecutable
MD5:D012E07AD4F2BAE1F1010FEE9152F130
SHA256:97113D1B0BDFF2FC3B69B2C09FE0B485B9A901E097C12A7CF616A2FCF3BA37F6
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_bz2.pydexecutable
MD5:02A38B38E2971243FFE7BF4F6595BB18
SHA256:6272808EE415A2D2E4FF09DF9136EC567E29F47DA720CE260F76AFC88982A735
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_queue.pydexecutable
MD5:FCEC1DEAFEAF2102C0FD957FAD2BD462
SHA256:8FA6A134B945C02066ED574A2F108A0102793B8EEB13F663CAFEC6FC76B81E22
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_hashlib.pydexecutable
MD5:C58AE6199A509B1AC2937EA2C62D5235
SHA256:0B87F424B1282DB86BF0EB28E86AFB3A81F3C4F5D84C0E0FF02C7A23231B05B5
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_ssl.pydexecutable
MD5:B92B8E24411BF2F5A8B3CFE432EF8B65
SHA256:241CA6C3F0A2BE00F45922DCC8904C9438A4F726394082B1ADD676313916ABF3
79602025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn.exe C:\Users\admin\AppData\Local\Temp\_MEI79602\_tcl_data\auto.tcltext
MD5:5E9B3E874F8FBEAADEF3A004A1B291B5
SHA256:F385515658832FEB75EE4DCE5BD53F7F67F2629077B7D049B86A730A49BD0840
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
21
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.216.77.22:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
23.216.77.22:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7412
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4980
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.142
whitelisted
crl.microsoft.com
  • 23.216.77.22
  • 23.216.77.6
  • 23.216.77.38
  • 23.216.77.7
  • 23.216.77.29
  • 23.216.77.18
  • 23.216.77.35
  • 23.216.77.41
  • 23.216.77.19
whitelisted
www.microsoft.com
  • 69.192.161.161
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-05-19_51b9a7c1c2b05c11ccbcaa5795f3a42f_black-basta_elex_swisyn