File name:

Activator.exe

Full analysis: https://app.any.run/tasks/5e4ab373-f4f7-4d7b-9c53-a4326f990173
Verdict: Malicious activity
Analysis date: May 16, 2025, 02:19:11
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
MD5:

063E6D3B5C4C8A35D0A12BD6D25176F9

SHA1:

203DF188A8922CB75AD6BBB5232C40B9DCEB8BFF

SHA256:

DDA1582FCDF7355BB64D7029F6C8C92F7768D93FA5F8921AF38D63A1BEBF5E3F

SSDEEP:

12288:l+Qz1ml4GzNM2zcUs0wdaE8UrJac8dqVH6sA5fUrvvD8GaWdeA7X2zSrmm1eMNoc:lmlZMuxs1f538sA5crYGaWcmX5feHqx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • Activator.exe (PID: 2096)
      • processlassosetup64.exe (PID: 6620)

    • Executable content was dropped or overwritten

      • processlassosetup64.exe (PID: 6620)

    • The process creates files with name similar to system file names

      • processlassosetup64.exe (PID: 6620)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • processlassosetup64.exe (PID: 6620)

    • Creates a software uninstall entry

      • processlassosetup64.exe (PID: 6620)

    • Executes as Windows Service

      • srvstub.exe (PID: 6652)

    • Creates file in the systems drive root

      • Activator.exe (PID: 2096)

    • Reads security settings of Internet Explorer

      • ShellExperienceHost.exe (PID: 4724)
      • Activator.exe (PID: 2096)

    • The process executes via Task Scheduler

      • bitsumsessionagent.exe (PID: 3796)

  • INFO

    • Checks supported languages

      • Activator.exe (PID: 2096)
      • processlassosetup64.exe (PID: 6620)
      • InstallHelper.exe (PID: 6808)
      • InstallHelper.exe (PID: 6240)
      • InstallHelper.exe (PID: 4696)
      • InstallHelper.exe (PID: 6712)
      • InstallHelper.exe (PID: 5556)
      • InstallHelper.exe (PID: 5576)
      • InstallHelper.exe (PID: 4424)
      • InstallHelper.exe (PID: 6436)
      • srvstub.exe (PID: 6652)
      • InstallHelper.exe (PID: 6112)
      • ProcessGovernor.exe (PID: 616)
      • InstallHelper.exe (PID: 3888)
      • ShellExperienceHost.exe (PID: 4724)

    • The sample compiled with english language support

      • Activator.exe (PID: 2096)
      • processlassosetup64.exe (PID: 6620)

    • Compiled with Borland Delphi (YARA)

      • Activator.exe (PID: 2096)
      • slui.exe (PID: 5960)

    • Reads the computer name

      • Activator.exe (PID: 2096)
      • processlassosetup64.exe (PID: 6620)
      • InstallHelper.exe (PID: 6808)
      • InstallHelper.exe (PID: 4696)
      • InstallHelper.exe (PID: 6712)
      • InstallHelper.exe (PID: 5556)
      • InstallHelper.exe (PID: 5576)
      • InstallHelper.exe (PID: 4424)
      • InstallHelper.exe (PID: 6240)
      • InstallHelper.exe (PID: 6112)
      • InstallHelper.exe (PID: 6436)
      • srvstub.exe (PID: 6652)
      • ProcessGovernor.exe (PID: 616)
      • InstallHelper.exe (PID: 3888)
      • ShellExperienceHost.exe (PID: 4724)

    • Manual execution by a user

      • processlassosetup64.exe (PID: 6192)
      • processlassosetup64.exe (PID: 6620)
      • ProcessLassoLauncher.exe (PID: 5116)
      • notepad++.exe (PID: 6208)

    • Create files in a temporary directory

      • processlassosetup64.exe (PID: 6620)

    • Creates files in the program directory

      • processlassosetup64.exe (PID: 6620)
      • InstallHelper.exe (PID: 5576)
      • InstallHelper.exe (PID: 3888)
      • ProcessGovernor.exe (PID: 616)

    • Reads CPU info

      • InstallHelper.exe (PID: 6808)
      • InstallHelper.exe (PID: 6240)
      • InstallHelper.exe (PID: 4696)
      • InstallHelper.exe (PID: 6712)
      • InstallHelper.exe (PID: 5556)
      • InstallHelper.exe (PID: 5576)
      • InstallHelper.exe (PID: 4424)
      • InstallHelper.exe (PID: 6436)
      • InstallHelper.exe (PID: 6112)
      • ProcessGovernor.exe (PID: 616)
      • InstallHelper.exe (PID: 3888)

    • Reads the software policy settings

      • slui.exe (PID: 732)

    • Process checks computer location settings

      • ShellExperienceHost.exe (PID: 4724)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (38.3)
.exe | Win32 Executable (generic) (26.2)
.exe | Win16/32 Executable Delphi generic (12)
.exe | Generic Win/DOS Executable (11.6)
.exe | DOS Executable Generic (11.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:04:20 12:16:33+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 647168
InitializedDataSize: 57344
UninitializedDataSize: 1204224
EntryPoint: 0x1c3870
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: RadiXX11
FileDescription: Activator for Bitsum CPU optimizers
FileVersion: 1.0.0.0
InternalName: Activator.exe
LegalCopyright: © 2017, RadiXX11
LegalTrademarks: -
OriginalFileName: Activator.exe
ProductName: Bitsum Optimizers Activator
ProductVersion: 1.0.0.0
Comments: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
161
Monitored processes
25
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start activator.exe sppextcomobj.exe no specs slui.exe processlassosetup64.exe no specs processlassosetup64.exe installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs srvstub.exe no specs processgovernor.exe no specs installhelper.exe no specs slui.exe shellexperiencehost.exe no specs systemsettingsbroker.exe no specs processlassolauncher.exe no specs processlasso.exe bitsumsessionagent.exe no specs notepad++.exe no specs activator.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
616"C:\Program Files\Process Lasso\processgovernor.exe"C:\Program Files\Process Lasso\ProcessGovernor.exesrvstub.exe
User:
SYSTEM
Company:
Bitsum LLC
Integrity Level:
SYSTEM
Description:
Process Lasso Core Engine
Version:

Modules
Images
c:\program files\process lasso\processgovernor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
732"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1676C:\Windows\System32\SystemSettingsBroker.exe -EmbeddingC:\Windows\System32\SystemSettingsBroker.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
System Settings Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\systemsettingsbroker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
2096"C:\Users\admin\AppData\Local\Temp\Activator.exe" C:\Users\admin\AppData\Local\Temp\Activator.exe
explorer.exe
User:
admin
Company:
RadiXX11
Integrity Level:
HIGH
Description:
Activator for Bitsum CPU optimizers
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\activator.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2516C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
3796"C:\Program Files\Process Lasso\bitsumsessionagent.exe" ----------------------------------------------------------------C:\Program Files\Process Lasso\bitsumsessionagent.exesvchost.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
MEDIUM
Description:
Process Lasso Session Agent
Version:

Modules
Images
c:\program files\process lasso\bitsumsessionagent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3888"C:\Program Files\Process Lasso\installHelper.exe" /initconfigC:\Program Files\Process Lasso\InstallHelper.exeprocesslassosetup64.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4424"C:\Program Files\Process Lasso\InstallHelper.exe" /enable_update_checkC:\Program Files\Process Lasso\InstallHelper.exeprocesslassosetup64.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
1
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4608"C:\Program Files\Process Lasso\ProcessLasso.exe" "C:\Program Files\Process Lasso\ProcessLassoLauncher.exe" "/showwindow" "/nodelay"C:\Program Files\Process Lasso\ProcessLasso.exe
ProcessLassoLauncher.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso
Version:

Modules
Images
c:\program files\process lasso\processlasso.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4696"C:\Program Files\Process Lasso\installHelper.exe" /migrateC:\Program Files\Process Lasso\InstallHelper.exeprocesslassosetup64.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
10 013
Read events
9 802
Write events
205
Delete events
6

Modification events

(PID) Process:(6620) processlassosetup64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ProcessLasso
Operation:writeName:ConfigFileEx
Value:
MigratingConfigPath
(PID) Process:(6620) processlassosetup64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ProcessLasso
Operation:delete valueName:ConfigFile
Value:
(PID) Process:(6620) processlassosetup64.exeKey:HKEY_CURRENT_USER\SOFTWARE\ProcessLasso
Operation:writeName:InstallerLanguageDWORD
Value:
1033
(PID) Process:(6808) InstallHelper.exeKey:HKEY_CURRENT_USER\SOFTWARE\ProcessLasso
Operation:writeName:Language
Value:
1033
(PID) Process:(6808) InstallHelper.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:Language
Value:
1033
(PID) Process:(6808) InstallHelper.exeKey:HKEY_CURRENT_USER\SOFTWARE\ProcessLasso
Operation:writeName:InstallerLanguageDWORD
Value:
1033
(PID) Process:(6808) InstallHelper.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:InstallerLanguageDWORD
Value:
1033
(PID) Process:(6808) InstallHelper.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:ProcessLasso
Value:
09040000
(PID) Process:(6808) InstallHelper.exeKey:HKEY_CURRENT_USER\SOFTWARE\ProcessLasso
Operation:writeName:ProcessLasso
Value:
09040000
(PID) Process:(6808) InstallHelper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
Operation:writeName:C:\Program Files\Process Lasso\ProcessLasso.exe
Value:
1
Executable files
33
Suspicious files
5
Text files
13
Unknown types
0

Dropped files

PID
Process
Filename
Type
6620processlassosetup64.exeC:\Program Files\Process Lasso\ProcessGovernor.exeexecutable
MD5:F9C80131BFC19FCE6320A2DABCBDD150
SHA256:75A58B00D2DD87BD237F2ED4A982F8AA7E7FF1A89C4D90A9A0EFFA1FD2AFB76A
6620processlassosetup64.exeC:\Program Files\Process Lasso\InstallHelper.exeexecutable
MD5:733A9806CB856528DA409B07D51ADDB5
SHA256:47D0DBD63518E30B2DCD555B252FED0293461F23093523D9369A19AE8A33C1B7
6620processlassosetup64.exeC:\Users\admin\AppData\Local\Temp\nsv5D61.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
6620processlassosetup64.exeC:\Program Files\Process Lasso\srvstub.exeexecutable
MD5:67E8527053FDD747EF23E5D7A26B952E
SHA256:FF979D01FA52120B3BFF8F92CB5CD80B751BE294B1007A45E3D99DA2E2A25178
6620processlassosetup64.exeC:\Program Files\Process Lasso\vistammsc.exeexecutable
MD5:415B43F39A967678A304E36F32A1F7B2
SHA256:12439FCA99C760408FA0776ED496D89935C0A76B1917FF5A3584E5A3AADADCF7
6620processlassosetup64.exeC:\Program Files\Process Lasso\ProcessLassoLauncher.exeexecutable
MD5:9BB8789C1789495EF5F40AA80777769E
SHA256:03DB2ED159E4C71E98843E49563D20D530C6E602D9EE0B50A9B6BEB246674EA3
6620processlassosetup64.exeC:\Program Files\Process Lasso\QuickUpgrade.exeexecutable
MD5:D4057B1B3629356FCE5AEE7F02A5B5CD
SHA256:D866EC59A325115F4572FF33465267023184E63AA2AEB2DDBA03FCD37649B9DA
6620processlassosetup64.exeC:\Program Files\Process Lasso\CPUEater.exeexecutable
MD5:A9B905F3371AEDDB90F105399A327CAB
SHA256:B188A9D4C0D6812A77BC5FE37FF7D929486C215D7B2A0CF345AD67F8143091EE
6620processlassosetup64.exeC:\Program Files\Process Lasso\LogViewer.exeexecutable
MD5:5E08CBA022F337381BA16CCD8CB8EAE4
SHA256:B8200F26623EE942F35A6D44E8F000A659705A77B1AD6CE0CE8E762EA08A07E2
6620processlassosetup64.exeC:\Program Files\Process Lasso\testlasso.exeexecutable
MD5:1E990422A0D5AB42BE1D6C1197A4B15B
SHA256:72D41381168C28FE19A78D87167CA123EC10665161EAD13142E501B757C1D5F6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
23
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5400
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5400
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.159.131:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2112
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
google.com
  • 142.250.74.206
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 23.219.150.101
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.159.131
  • 20.190.159.23
  • 20.190.159.64
  • 40.126.31.0
  • 40.126.31.131
  • 40.126.31.2
  • 20.190.159.2
  • 20.190.159.0
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted
nexusrules.officeapps.live.com
  • 52.111.243.30
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Activator.exe