File name:

CosmicClientInstaller.exe

Full analysis: https://app.any.run/tasks/377f86e4-5a5c-4170-873a-9fff1fc31d60
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 21, 2025, 22:37:54
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
advancedinstaller
adware
takemyfile
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

5A906260FF434009AB6A270DDB88C51F

SHA1:

46D25E7166366624D0B4981D2C952FCB309F38CB

SHA256:

D56658C16FC6F9DC2FEA0DB1D75663E796F5A6A00B5B7F0D4585BF5C91E25E44

SSDEEP:

393216:oc2KzQ96zKDUf6I908SBoQ0i2TgnvzX4KDHJkc3Iw2b:/xQ8s6/90CQ0i1vzoKDzBw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • CosmicClientInstaller.exe (PID: 2880)
      • CosmicClientInstaller.exe (PID: 4708)
      • Cosmic Client.exe (PID: 3628)

    • ADWARE has been detected (SURICATA)

      • CosmicClientInstaller.exe (PID: 2880)

  • SUSPICIOUS

    • ADVANCEDINSTALLER mutex has been found

      • CosmicClientInstaller.exe (PID: 2880)

    • Executable content was dropped or overwritten

      • CosmicClientInstaller.exe (PID: 2880)
      • CosmicClientInstaller.exe (PID: 4708)

    • Reads security settings of Internet Explorer

      • CosmicClientInstaller.exe (PID: 2880)
      • CosmicClientInstaller.exe (PID: 4708)
      • msiexec.exe (PID: 6344)

    • Process drops legitimate windows executable

      • CosmicClientInstaller.exe (PID: 2880)
      • msiexec.exe (PID: 6344)
      • CosmicClientInstaller.exe (PID: 4708)

    • Application launched itself

      • CosmicClientInstaller.exe (PID: 2880)

    • Likely accesses (executes) a file from the Public directory

      • CosmicClientInstaller.exe (PID: 4708)

    • Reads the Windows owner or organization settings

      • CosmicClientInstaller.exe (PID: 4708)
      • msiexec.exe (PID: 5564)
      • CosmicClientInstaller.exe (PID: 2880)

    • Detects AdvancedInstaller (YARA)

      • CosmicClientInstaller.exe (PID: 2880)

    • There is functionality for taking screenshot (YARA)

      • CosmicClientInstaller.exe (PID: 2880)

    • Access to an unwanted program domain was detected

      • CosmicClientInstaller.exe (PID: 2880)

    • Checks for Java to be installed

      • msiexec.exe (PID: 6344)

  • INFO

    • The sample compiled with english language support

      • CosmicClientInstaller.exe (PID: 2880)
      • msiexec.exe (PID: 6344)
      • CosmicClientInstaller.exe (PID: 4708)
      • msiexec.exe (PID: 5564)

    • Reads Environment values

      • CosmicClientInstaller.exe (PID: 2880)
      • msiexec.exe (PID: 6344)
      • CosmicClientInstaller.exe (PID: 4708)
      • msiexec.exe (PID: 3960)

    • Reads the computer name

      • CosmicClientInstaller.exe (PID: 2880)
      • msiexec.exe (PID: 5564)
      • CosmicClientInstaller.exe (PID: 4708)
      • msiexec.exe (PID: 3960)
      • Cosmic Client.exe (PID: 3628)
      • msiexec.exe (PID: 6012)
      • msiexec.exe (PID: 6344)

    • Creates files or folders in the user directory

      • CosmicClientInstaller.exe (PID: 2880)
      • Cosmic Client.exe (PID: 3628)

    • Checks supported languages

      • CosmicClientInstaller.exe (PID: 2880)
      • msiexec.exe (PID: 5564)
      • msiexec.exe (PID: 6344)
      • CosmicClientInstaller.exe (PID: 4708)
      • msiexec.exe (PID: 3960)
      • msiexec.exe (PID: 6012)
      • Cosmic Client.exe (PID: 3628)

    • Reads the machine GUID from the registry

      • CosmicClientInstaller.exe (PID: 2880)
      • CosmicClientInstaller.exe (PID: 4708)
      • msiexec.exe (PID: 5564)
      • Cosmic Client.exe (PID: 3628)

    • Create files in a temporary directory

      • CosmicClientInstaller.exe (PID: 2880)
      • msiexec.exe (PID: 6344)
      • CosmicClientInstaller.exe (PID: 4708)

    • Reads the software policy settings

      • CosmicClientInstaller.exe (PID: 2880)
      • CosmicClientInstaller.exe (PID: 4708)
      • msiexec.exe (PID: 5564)
      • slui.exe (PID: 3672)
      • Cosmic Client.exe (PID: 3628)

    • Checks proxy server information

      • CosmicClientInstaller.exe (PID: 2880)
      • slui.exe (PID: 3672)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6344)
      • msiexec.exe (PID: 5564)

    • Process checks computer location settings

      • CosmicClientInstaller.exe (PID: 2880)
      • msiexec.exe (PID: 6344)

    • Reads Microsoft Office registry keys

      • msiexec.exe (PID: 6344)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 5564)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:01:15 13:42:34+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.24
CodeSize: 1505792
InitializedDataSize: 690176
UninitializedDataSize: -
EntryPoint: 0x11e5d3
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: Debug
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Cosmic Games
FileDescription: Cosmic Client Installer
FileVersion: 1
InternalName: Cosmic Client Installer
LegalCopyright: Copyright (C) 2023 Cosmic Games
OriginalFileName: Cosmic Client Installer.exe
ProductName: Cosmic Client
ProductVersion: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
146
Monitored processes
8
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start #ADWARE cosmicclientinstaller.exe msiexec.exe msiexec.exe cosmicclientinstaller.exe msiexec.exe no specs msiexec.exe no specs cosmic client.exe slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
2880"C:\Users\admin\Desktop\CosmicClientInstaller.exe" C:\Users\admin\Desktop\CosmicClientInstaller.exe
explorer.exe
User:
admin
Company:
Cosmic Games
Integrity Level:
MEDIUM
Description:
Cosmic Client Installer
Exit code:
0
Version:
1.0
Modules
Images
c:\users\admin\desktop\cosmicclientinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3628"C:\Program Files\Cosmic Client\Cosmic Client.exe" C:\Program Files\Cosmic Client\Cosmic Client.exe
msiexec.exe
User:
admin
Company:
Cosmic Games ULC
Integrity Level:
MEDIUM
Description:
Cosmic Client
Exit code:
1
Version:
1.0
Modules
Images
c:\program files\cosmic client\cosmic client.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3672C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3960C:\Windows\syswow64\MsiExec.exe -Embedding F9FDCEB709ED9D3DB8A8FD1365ACE974C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4708"C:\Users\admin\Desktop\CosmicClientInstaller.exe" /i "C:\Users\admin\AppData\Roaming\Cosmic Games\Cosmic Client 1.0\install\A68543B\Cosmic Client Installer.x64.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\Cosmic Client" SHORTCUTDIR="C:\Users\Public\Desktop" SECONDSEQUENCE="1" CLIENTPROCESSID="2880" AI_MORE_CMD_LINE=1C:\Users\admin\Desktop\CosmicClientInstaller.exe
CosmicClientInstaller.exe
User:
admin
Company:
Cosmic Games
Integrity Level:
HIGH
Description:
Cosmic Client Installer
Exit code:
0
Version:
1.0
Modules
Images
c:\users\admin\desktop\cosmicclientinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5564C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
6012C:\Windows\syswow64\MsiExec.exe -Embedding 78B6DC409FF2AF92FAF1101AEF2B352A E Global\MSI0000C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6344C:\Windows\syswow64\MsiExec.exe -Embedding A8F33B6B25B3BBC22C5401E1BF56FCCF CC:\Windows\SysWOW64\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
19 772
Read events
19 649
Write events
115
Delete events
8

Modification events

(PID) Process:(5564) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(5564) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
BC150000B660C72090FADB01
(PID) Process:(5564) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
B33CC54E9818702167E0C69AD718ECFEC8D87C7BB119B7974AA06A2BCACD5168
(PID) Process:(5564) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:writeName:C:\Config.Msi\
Value:
(PID) Process:(5564) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:C:\Config.Msi\190343.rbs
Value:
31193744
(PID) Process:(5564) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:C:\Config.Msi\190343.rbsLow
Value:
639283776
(PID) Process:(5564) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35D26D469C129DA49828EEAE4F06E9FC
Operation:writeName:31D8E75D9A1885943B6BCF25A58645B3
Value:
C:\Program Files\Cosmic Client\
(PID) Process:(5564) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0524AFD6162ECA944B2472098A2FDDE6
Operation:writeName:31D8E75D9A1885943B6BCF25A58645B3
Value:
02:\Software\Cosmic Games\Cosmic Client\Version
(PID) Process:(5564) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D48DDA809E1EB7E4EAD319F3472260FB
Operation:writeName:31D8E75D9A1885943B6BCF25A58645B3
Value:
02:\Software\Caphyon\Advanced Installer\LZMA\{D57E8D13-81A9-4958-B3B6-FC525A68543B}\1.0\AI_ExePath
(PID) Process:(5564) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB9F69E49FD5ECF48A6BD1273297909B
Operation:writeName:31D8E75D9A1885943B6BCF25A58645B3
Value:
02:\Software\Cosmic Games\{D57E8D13-81A9-4958-B3B6-FC525A68543B}\AI_IA_ENABLE
Executable files
41
Suspicious files
11
Text files
25
Unknown types
12

Dropped files

PID
Process
Filename
Type
2880CosmicClientInstaller.exeC:\Users\admin\AppData\Roaming\Cosmic Games\Cosmic Client 1.0\install\holder0.aiph
MD5:
SHA256:
2880CosmicClientInstaller.exeC:\Users\admin\AppData\Local\Temp\MSIE23D.LOG
MD5:
SHA256:
2880CosmicClientInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3EC49180A59F0C351C30F112AD97CFA5_B1F00FA1D2ECD5D781E44CEE5DF6C96Abinary
MD5:D72481D633F407FB93E2837966F003F3
SHA256:5ED9E5E080D39BD281A34AFA8A3F832319248B60EED61013466B144242377DD7
2880CosmicClientInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_C5856A5EB1E3B74AE8014850A678CDBFbinary
MD5:E61EC15DAC7E40E3D027E9D142F79380
SHA256:4343367B4C9C16FC60006D1A472774DDCEF853A0495FE36191DC75B1B83552CD
2880CosmicClientInstaller.exeC:\Users\admin\AppData\Local\AdvinstAnalytics\5ec6a1d8c8fe80765ec277d0\1.0\tracking.initext
MD5:F73D4F9C669DB78648926FB4AA2F34A7
SHA256:4F979CB5AF6FBEBC73A3CD18AC8A9E04C7FF436524AC4562DB249290E41E6C55
2880CosmicClientInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_C5856A5EB1E3B74AE8014850A678CDBFder
MD5:786F0041EE5594B7F1E882E30C7C8FCC
SHA256:44E6B985D947D4CCFBD07628F8795646202DB2FA0C67356049E822DFCA692021
2880CosmicClientInstaller.exeC:\Users\admin\AppData\Roaming\Cosmic Games\Cosmic Client 1.0\install\decoder.dllexecutable
MD5:DCA95F4411A1C7EEB221C095C9EF8196
SHA256:51E89BFA578FDCDCB324F5CAA2C36C5CC8F1DBD73658BED39445C57C722B91F4
2880CosmicClientInstaller.exeC:\Users\admin\AppData\Roaming\Cosmic Games\Cosmic Client 1.0\install\A68543B\Cosmic Client Installer.x64.msiexecutable
MD5:D3ECAA109D218560F01669FDF2AC1E6F
SHA256:2938851B5A339BDB25B4A255460CFDE3739FAE15BAD38A9F6179676565935E73
2880CosmicClientInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3EC49180A59F0C351C30F112AD97CFA5_B1F00FA1D2ECD5D781E44CEE5DF6C96Ader
MD5:C7B15C1938E04CBB8D42C190751E7AB1
SHA256:0E1158684B4516708D647DFF4119572BD32D421C759A0700FA85D047E722F59A
2880CosmicClientInstaller.exeC:\Users\admin\AppData\Local\Temp\INAE5D8.tmpexecutable
MD5:98F245E028C22B01EB8B03D4AE49A691
SHA256:0ECDAABCA537DB2F69583BE76BBB35C1FF1DEE8528CAEE4D6DA627B79629FF20
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
38
TCP/UDP connections
32
DNS requests
19
Threats
15

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6584
RUXIMICS.exe
GET
200
23.216.77.22:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.22:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6584
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2880
CosmicClientInstaller.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSE67Nbq3jfQQg8yXEpbmqLTNn7XwQUm1%2BwNrqdBq4ZJ73AoCLAi4s4d%2B0CEAQYo%2BN1kQEJn1IzRHJdMBU%3D
unknown
whitelisted
GET
200
23.156.128.153:443
https://cdn.cosmicclient.com/bootstrap/manifest.yml.gpg?1753137500657263500
unknown
binary
801 b
unknown
GET
200
23.156.128.153:443
https://cdn.cosmicclient.com/bootstrap/manifest.yml?f6b06e4a1ea96709ca8c1a151e0c59142d70f4fb724613ceb0fd47b959fde199
unknown
text
2.67 Kb
unknown
GET
200
23.156.128.21:443
https://cdn.cosmicclient.com/bootstrap/jcef/windows_x64.tar.zst.gpg?1753137501852107500
unknown
binary
801 b
unknown
GET
200
23.156.128.229:443
https://cdn.cosmicclient.com/bootstrap/java/windows_x64.tar.zst.gpg?1753137501636408300
unknown
binary
801 b
unknown
GET
200
23.156.128.153:443
https://cdn.cosmicclient.com/bootstrap/launcher.jar.gpg?1753137502296980800
unknown
unknown
GET
23.156.128.229:443
https://cdn.cosmicclient.com/bootstrap/java/windows_x64.tar.zst?04a842e8127215eb6673f1077ef634ff97bb28cba27dd7528cdbfc49f8a78687
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6584
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6584
RUXIMICS.exe
23.216.77.22:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.216.77.22:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6584
RUXIMICS.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2880
CosmicClientInstaller.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.174
whitelisted
crl.microsoft.com
  • 23.216.77.22
  • 23.216.77.6
  • 23.216.77.30
  • 23.216.77.42
  • 23.216.77.8
  • 23.216.77.36
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
cdn.cosmicclient.com
  • 23.156.128.104
  • 23.156.128.153
  • 23.156.128.21
  • 23.156.128.229
unknown
collect.installeranalytics.com
  • 3.227.106.113
  • 34.195.50.84
whitelisted
self.events.data.microsoft.com
  • 20.42.73.30
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
x1.c.lencr.org
  • 23.209.209.135
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET USER_AGENTS Go HTTP Client User-Agent
Misc activity
ET INFO Go-http-client User-Agent Observed Outbound
Misc activity
ET USER_AGENTS Go HTTP Client User-Agent
Misc activity
ET INFO Go-http-client User-Agent Observed Outbound
Misc activity
ET INFO Go-http-client User-Agent Observed Outbound
Misc activity
ET USER_AGENTS Go HTTP Client User-Agent
Misc activity
ET INFO Go-http-client User-Agent Observed Outbound
Misc activity
ET USER_AGENTS Go HTTP Client User-Agent
Misc activity
ET USER_AGENTS Go HTTP Client User-Agent
Misc activity
ET INFO Go-http-client User-Agent Observed Outbound
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CosmicClientInstaller.exe