File name:

_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe

Full analysis: https://app.any.run/tasks/70e21fd1-7fbf-46cf-bf66-cadafac74937
Verdict: Malicious activity
Analysis date: February 20, 2026, 13:57:58
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
inno
installer
delphi
auto-reg
nodejs
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

05D8C7D4BC49A2DA4587535ABAE9B06D

SHA1:

746D354C83BA5EE7AD558AC9669D40C31BE37831

SHA256:

DD1E7FD35306A22F511197716C7E9FE2C1BA149FFD275A5221C4452165A4B29D

SSDEEP:

786432:t2doR9U/z+OnlgN6xfxC8z1tGlNkpo6qb4R1wxBfuo:1R6v24xfelup1c4R10fj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • boost.exe (PID: 7460)
      • boost.exe (PID: 1344)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe (PID: 7944)
      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp (PID: 1848)
      • boost.exe (PID: 7460)

    • Reads the Windows owner or organization settings

      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp (PID: 1848)

    • Application launched itself

      • boost.exe (PID: 7460)
      • boost.exe (PID: 1344)

    • The executable file from the user directory is run by the CMD process

      • artifact.exe (PID: 8776)

  • INFO

    • Checks supported languages

      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe (PID: 7944)
      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp (PID: 1848)
      • boost.exe (PID: 7460)
      • boost.exe (PID: 8532)
      • boost.exe (PID: 8876)
      • boost.exe (PID: 1344)
      • boost.exe (PID: 8272)
      • boost.exe (PID: 9200)
      • artifact.exe (PID: 8776)

    • Create files in a temporary directory

      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe (PID: 7944)
      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp (PID: 1848)
      • boost.exe (PID: 7460)

    • Reads the computer name

      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp (PID: 1848)
      • boost.exe (PID: 8876)
      • boost.exe (PID: 1344)
      • boost.exe (PID: 8272)
      • boost.exe (PID: 9200)
      • boost.exe (PID: 7460)
      • boost.exe (PID: 8532)
      • artifact.exe (PID: 8776)

    • Creates files or folders in the user directory

      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp (PID: 1848)
      • boost.exe (PID: 7460)

    • The sample compiled with english language support

      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp (PID: 1848)

    • Compiled with Borland Delphi (YARA)

      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe (PID: 7944)
      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp (PID: 1848)

    • Detects InnoSetup installer (YARA)

      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe (PID: 7944)
      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp (PID: 1848)

    • Drops script file

      • _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp (PID: 1848)
      • boost.exe (PID: 7460)
      • boost.exe (PID: 1344)

    • Launching a file from a Registry key

      • boost.exe (PID: 7460)
      • boost.exe (PID: 1344)

    • Manual execution by a user

      • boost.exe (PID: 1344)

    • Checks proxy server information

      • boost.exe (PID: 7460)
      • boost.exe (PID: 1344)
      • slui.exe (PID: 2148)

    • Node.js compiler has been detected

      • boost.exe (PID: 7460)

    • Reads the machine GUID from the registry

      • artifact.exe (PID: 8776)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2026:01:02 11:55:47+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 725504
InitializedDataSize: 166912
UninitializedDataSize: -
EntryPoint: 0xb1e60
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: SmartPack UltraTool
FileDescription: HyperWare Setup
FileVersion:
LegalCopyright:
OriginalFileName:
ProductName: HyperWare
ProductVersion: 1.6.3
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
156
Monitored processes
14
Malicious processes
0
Suspicious processes
4

Behavior graph

Click at the process to see the details
start _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe _dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp slui.exe boost.exe boost.exe no specs boost.exe no specs comppkgsrv.exe no specs boost.exe boost.exe no specs boost.exe no specs comppkgsrv.exe no specs cmd.exe no specs conhost.exe no specs artifact.exe

Process information

PID
CMD
Path
Indicators
Parent process
1344C:\Users\admin\AppData\Local\ProSoftionTechMax\boost.exeC:\Users\admin\AppData\Local\ProSoftionTechMax\boost.exe
explorer.exe
User:
admin
Company:
Junyoung Choi
Integrity Level:
MEDIUM
Description:
Boost Note - Local
Version:
0.23.0
Modules
Images
c:\users\admin\appdata\local\prosoftiontechmax\boost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\appdata\local\prosoftiontechmax\ffmpeg.dll
1848"C:\Users\admin\AppData\Local\Temp\is-5OIIC4HP3S.tmp\_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp" /SL5="$1C033A,70423296,893440,C:\Users\admin\Desktop\_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe" C:\Users\admin\AppData\Local\Temp\is-5OIIC4HP3S.tmp\_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp
_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe
User:
admin
Company:
SmartPack UltraTool
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Version:
51.1054.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-5oiic4hp3s.tmp\_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
2148C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5768C:\Windows\System32\CompPkgSrv.exe -EmbeddingC:\Windows\System32\CompPkgSrv.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Component Package Support Server
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\comppkgsrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
6668C:\WINDOWS\system32\cmd.exe /d /s /c ""C:\Users\admin\AppData\Local\Temp\1771596024962\artifact.exe""C:\Windows\System32\cmd.exeboost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
7460"C:\Users\admin\AppData\Local\ProSoftionTechMax\boost.exe"C:\Users\admin\AppData\Local\ProSoftionTechMax\boost.exe
_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmp
User:
admin
Company:
Junyoung Choi
Integrity Level:
MEDIUM
Description:
Boost Note - Local
Version:
0.23.0
Modules
Images
c:\users\admin\appdata\local\prosoftiontechmax\boost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7944"C:\Users\admin\Desktop\_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe" C:\Users\admin\Desktop\_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe
explorer.exe
User:
admin
Company:
SmartPack UltraTool
Integrity Level:
MEDIUM
Description:
HyperWare Setup
Version:
Modules
Images
c:\users\admin\desktop\_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
7988\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
8272"C:\Users\admin\AppData\Local\ProSoftionTechMax\boost.exe" --type=gpu-process --field-trial-handle=1668,9085928186621211794,16112488804185393472,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1680 /prefetch:2C:\Users\admin\AppData\Local\ProSoftionTechMax\boost.exeboost.exe
User:
admin
Company:
Junyoung Choi
Integrity Level:
LOW
Description:
Boost Note - Local
Version:
0.23.0
Modules
Images
c:\users\admin\appdata\local\prosoftiontechmax\boost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
8472C:\Windows\System32\CompPkgSrv.exe -EmbeddingC:\Windows\System32\CompPkgSrv.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Component Package Support Server
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\comppkgsrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
Total events
8 614
Read events
8 610
Write events
2
Delete events
2

Modification events

(PID) Process:(7460) boost.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:electron.app.Boost Note - Local
Value:
C:\Users\admin\AppData\Local\ProSoftionTechMax\boost.exe
(PID) Process:(7460) boost.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
Operation:delete valueName:electron.app.Boost Note - Local
Value:
(PID) Process:(1344) boost.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:electron.app.Boost Note - Local
Value:
C:\Users\admin\AppData\Local\ProSoftionTechMax\boost.exe
(PID) Process:(1344) boost.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
Operation:delete valueName:electron.app.Boost Note - Local
Value:
Executable files
19
Suspicious files
236
Text files
1 389
Unknown types
6

Dropped files

PID
Process
Filename
Type
1848_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmpC:\Users\admin\AppData\Local\Temp\is-PUZNC3EFR0.tmp\boost.exe
MD5:
SHA256:
1848_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmpC:\Users\admin\AppData\Local\ProSoftionTechMax\boost.exe
MD5:
SHA256:
1848_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmpC:\Users\admin\AppData\Local\Temp\is-PUZNC3EFR0.tmp\icudtl.dat
MD5:
SHA256:
1848_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmpC:\Users\admin\AppData\Local\ProSoftionTechMax\icudtl.dat
MD5:
SHA256:
1848_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmpC:\Users\admin\AppData\Local\Temp\is-PUZNC3EFR0.tmp\LICENSES.chromium.html
MD5:
SHA256:
1848_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmpC:\Users\admin\AppData\Local\ProSoftionTechMax\LICENSES.chromium.html
MD5:
SHA256:
1848_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmpC:\Users\admin\AppData\Local\Temp\is-PUZNC3EFR0.tmp\resources.pak
MD5:
SHA256:
1848_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmpC:\Users\admin\AppData\Local\ProSoftionTechMax\resources.pak
MD5:
SHA256:
1848_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmpC:\Users\admin\AppData\Local\Temp\is-PUZNC3EFR0.tmp\d3dcompiler_47.dllexecutable
MD5:7641E39B7DA4077084D2AFE7C31032E0
SHA256:44422E6936DC72B7AC5ED16BB8BCAE164B7554513E52EFB66A3E942CEC328A47
1848_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.tmpC:\Users\admin\AppData\Local\Temp\is-PUZNC3EFR0.tmp\ffmpeg.dllexecutable
MD5:9DF599F07D3C0C3EB34643781E70D377
SHA256:EAE1CB62D87421BC43DB881EDBDEBB200E2140F9062B4B783E41D20E46A8E55B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
38
TCP/UDP connections
38
DNS requests
19
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5516
RUXIMICS.exe
GET
200
23.216.77.30:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
7864
SIHClient.exe
GET
304
74.178.240.61:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
5516
RUXIMICS.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
23.216.77.30:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
2328
svchost.exe
GET
200
23.216.77.30:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
7864
SIHClient.exe
GET
200
135.233.95.135:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
2328
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
7864
SIHClient.exe
GET
200
74.178.240.61:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
POST
500
48.192.1.65:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
US
xml
512 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5516
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
184.86.251.7:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
5516
RUXIMICS.exe
23.216.77.30:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
23.216.77.30:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
2328
svchost.exe
23.216.77.30:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5516
RUXIMICS.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
www.bing.com
  • 184.86.251.7
  • 184.86.251.8
  • 184.86.251.14
  • 184.86.251.30
  • 184.86.251.24
  • 184.86.251.4
  • 184.86.251.9
  • 184.86.251.15
  • 184.86.251.27
whitelisted
self.events.data.microsoft.com
  • 13.89.179.13
  • 40.79.150.121
whitelisted
google.com
  • 142.251.141.142
whitelisted
crl.microsoft.com
  • 23.216.77.30
  • 23.216.77.18
  • 23.55.110.211
  • 23.55.110.193
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
kapa.is
  • 188.114.96.3
  • 188.114.97.3
unknown
client.wns.windows.com
  • 172.211.123.249
whitelisted
webhook.site
  • 178.63.67.106
  • 178.63.67.153
whitelisted

Threats

PID
Process
Class
Message
Attempted Information Leak
HUNTING [ANY.RUN] Windows PC hostname observed in outbound connection
Misc activity
SUSPICIOUS [ANY.RUN] Sent Host Name in HTTP POST Body
Attempted Information Leak
HUNTING [ANY.RUN] Windows PC hostname observed in outbound connection
2292
svchost.exe
Misc activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (webhook .site)
8776
artifact.exe
Misc activity
ET INFO Webhook/HTTP Request Inspection Service Domain (webhook .site in TLS SNI)
8776
artifact.exe
Misc activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (webhook .site) in TLS SNI
2292
svchost.exe
Misc activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (webhook .site)
Misc activity
ET INFO Go-http-client User-Agent Observed Outbound
Misc activity
ET USER_AGENTS Go HTTP Client User-Agent
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
_dd1e7fd35306a22f511197716c7e9fe2c1ba149ffd275a5221c4452165a4b29d.exe