File name:

Activator.exe

Full analysis: https://app.any.run/tasks/5e4ab373-f4f7-4d7b-9c53-a4326f990173
Verdict: Malicious activity
Analysis date: May 16, 2025, 02:19:11
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
MD5:

063E6D3B5C4C8A35D0A12BD6D25176F9

SHA1:

203DF188A8922CB75AD6BBB5232C40B9DCEB8BFF

SHA256:

DDA1582FCDF7355BB64D7029F6C8C92F7768D93FA5F8921AF38D63A1BEBF5E3F

SSDEEP:

12288:l+Qz1ml4GzNM2zcUs0wdaE8UrJac8dqVH6sA5fUrvvD8GaWdeA7X2zSrmm1eMNoc:lmlZMuxs1f538sA5crYGaWcmX5feHqx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • Activator.exe (PID: 2096)
      • processlassosetup64.exe (PID: 6620)

    • Executable content was dropped or overwritten

      • processlassosetup64.exe (PID: 6620)

    • The process creates files with name similar to system file names

      • processlassosetup64.exe (PID: 6620)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • processlassosetup64.exe (PID: 6620)

    • Creates a software uninstall entry

      • processlassosetup64.exe (PID: 6620)

    • Executes as Windows Service

      • srvstub.exe (PID: 6652)

    • Creates file in the systems drive root

      • Activator.exe (PID: 2096)

    • Reads security settings of Internet Explorer

      • ShellExperienceHost.exe (PID: 4724)
      • Activator.exe (PID: 2096)

    • The process executes via Task Scheduler

      • bitsumsessionagent.exe (PID: 3796)

  • INFO

    • The sample compiled with english language support

      • Activator.exe (PID: 2096)
      • processlassosetup64.exe (PID: 6620)

    • Compiled with Borland Delphi (YARA)

      • Activator.exe (PID: 2096)
      • slui.exe (PID: 5960)

    • Checks supported languages

      • Activator.exe (PID: 2096)
      • processlassosetup64.exe (PID: 6620)
      • InstallHelper.exe (PID: 6808)
      • InstallHelper.exe (PID: 6240)
      • InstallHelper.exe (PID: 4424)
      • InstallHelper.exe (PID: 4696)
      • InstallHelper.exe (PID: 6712)
      • InstallHelper.exe (PID: 5556)
      • InstallHelper.exe (PID: 5576)
      • srvstub.exe (PID: 6652)
      • InstallHelper.exe (PID: 6436)
      • ProcessGovernor.exe (PID: 616)
      • InstallHelper.exe (PID: 6112)
      • InstallHelper.exe (PID: 3888)
      • ShellExperienceHost.exe (PID: 4724)

    • Reads the computer name

      • Activator.exe (PID: 2096)
      • processlassosetup64.exe (PID: 6620)
      • InstallHelper.exe (PID: 6808)
      • InstallHelper.exe (PID: 4696)
      • InstallHelper.exe (PID: 6712)
      • InstallHelper.exe (PID: 5556)
      • InstallHelper.exe (PID: 5576)
      • InstallHelper.exe (PID: 6240)
      • InstallHelper.exe (PID: 6436)
      • srvstub.exe (PID: 6652)
      • ProcessGovernor.exe (PID: 616)
      • InstallHelper.exe (PID: 6112)
      • InstallHelper.exe (PID: 4424)
      • InstallHelper.exe (PID: 3888)
      • ShellExperienceHost.exe (PID: 4724)

    • Manual execution by a user

      • processlassosetup64.exe (PID: 6620)
      • processlassosetup64.exe (PID: 6192)
      • notepad++.exe (PID: 6208)
      • ProcessLassoLauncher.exe (PID: 5116)

    • Create files in a temporary directory

      • processlassosetup64.exe (PID: 6620)

    • Creates files in the program directory

      • processlassosetup64.exe (PID: 6620)
      • InstallHelper.exe (PID: 5576)
      • ProcessGovernor.exe (PID: 616)
      • InstallHelper.exe (PID: 3888)

    • Reads CPU info

      • InstallHelper.exe (PID: 6808)
      • InstallHelper.exe (PID: 6240)
      • InstallHelper.exe (PID: 4696)
      • InstallHelper.exe (PID: 6712)
      • InstallHelper.exe (PID: 5556)
      • InstallHelper.exe (PID: 5576)
      • InstallHelper.exe (PID: 4424)
      • InstallHelper.exe (PID: 3888)
      • InstallHelper.exe (PID: 6436)
      • ProcessGovernor.exe (PID: 616)
      • InstallHelper.exe (PID: 6112)

    • Process checks computer location settings

      • ShellExperienceHost.exe (PID: 4724)

    • Reads the software policy settings

      • slui.exe (PID: 732)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (38.3)
.exe | Win32 Executable (generic) (26.2)
.exe | Win16/32 Executable Delphi generic (12)
.exe | Generic Win/DOS Executable (11.6)
.exe | DOS Executable Generic (11.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:04:20 12:16:33+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 647168
InitializedDataSize: 57344
UninitializedDataSize: 1204224
EntryPoint: 0x1c3870
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: RadiXX11
FileDescription: Activator for Bitsum CPU optimizers
FileVersion: 1.0.0.0
InternalName: Activator.exe
LegalCopyright: © 2017, RadiXX11
LegalTrademarks: -
OriginalFileName: Activator.exe
ProductName: Bitsum Optimizers Activator
ProductVersion: 1.0.0.0
Comments: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
161
Monitored processes
25
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start activator.exe sppextcomobj.exe no specs slui.exe processlassosetup64.exe no specs processlassosetup64.exe installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs installhelper.exe no specs srvstub.exe no specs processgovernor.exe no specs installhelper.exe no specs slui.exe shellexperiencehost.exe no specs systemsettingsbroker.exe no specs processlassolauncher.exe no specs processlasso.exe bitsumsessionagent.exe no specs notepad++.exe no specs activator.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
616"C:\Program Files\Process Lasso\processgovernor.exe"C:\Program Files\Process Lasso\ProcessGovernor.exesrvstub.exe
User:
SYSTEM
Company:
Bitsum LLC
Integrity Level:
SYSTEM
Description:
Process Lasso Core Engine
Version:

Modules
Images
c:\program files\process lasso\processgovernor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
732"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1676C:\Windows\System32\SystemSettingsBroker.exe -EmbeddingC:\Windows\System32\SystemSettingsBroker.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
System Settings Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\systemsettingsbroker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
2096"C:\Users\admin\AppData\Local\Temp\Activator.exe" C:\Users\admin\AppData\Local\Temp\Activator.exe
explorer.exe
User:
admin
Company:
RadiXX11
Integrity Level:
HIGH
Description:
Activator for Bitsum CPU optimizers
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\activator.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2516C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
3796"C:\Program Files\Process Lasso\bitsumsessionagent.exe" ----------------------------------------------------------------C:\Program Files\Process Lasso\bitsumsessionagent.exesvchost.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
MEDIUM
Description:
Process Lasso Session Agent
Version:

Modules
Images
c:\program files\process lasso\bitsumsessionagent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3888"C:\Program Files\Process Lasso\installHelper.exe" /initconfigC:\Program Files\Process Lasso\InstallHelper.exeprocesslassosetup64.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4424"C:\Program Files\Process Lasso\InstallHelper.exe" /enable_update_checkC:\Program Files\Process Lasso\InstallHelper.exeprocesslassosetup64.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
1
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4608"C:\Program Files\Process Lasso\ProcessLasso.exe" "C:\Program Files\Process Lasso\ProcessLassoLauncher.exe" "/showwindow" "/nodelay"C:\Program Files\Process Lasso\ProcessLasso.exe
ProcessLassoLauncher.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso
Version:

Modules
Images
c:\program files\process lasso\processlasso.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4696"C:\Program Files\Process Lasso\installHelper.exe" /migrateC:\Program Files\Process Lasso\InstallHelper.exeprocesslassosetup64.exe
User:
admin
Company:
Bitsum LLC
Integrity Level:
HIGH
Description:
Process Lasso Install Assistant
Exit code:
0
Version:

Modules
Images
c:\program files\process lasso\installhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
10 013
Read events
9 802
Write events
205
Delete events
6

Modification events

(PID) Process:(6620) processlassosetup64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ProcessLasso
Operation:writeName:ConfigFileEx
Value:
MigratingConfigPath
(PID) Process:(6620) processlassosetup64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ProcessLasso
Operation:delete valueName:ConfigFile
Value:
(PID) Process:(6620) processlassosetup64.exeKey:HKEY_CURRENT_USER\SOFTWARE\ProcessLasso
Operation:writeName:InstallerLanguageDWORD
Value:
1033
(PID) Process:(6808) InstallHelper.exeKey:HKEY_CURRENT_USER\SOFTWARE\ProcessLasso
Operation:writeName:Language
Value:
1033
(PID) Process:(6808) InstallHelper.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:Language
Value:
1033
(PID) Process:(6808) InstallHelper.exeKey:HKEY_CURRENT_USER\SOFTWARE\ProcessLasso
Operation:writeName:InstallerLanguageDWORD
Value:
1033
(PID) Process:(6808) InstallHelper.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:InstallerLanguageDWORD
Value:
1033
(PID) Process:(6808) InstallHelper.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\ProcessLasso
Operation:writeName:ProcessLasso
Value:
09040000
(PID) Process:(6808) InstallHelper.exeKey:HKEY_CURRENT_USER\SOFTWARE\ProcessLasso
Operation:writeName:ProcessLasso
Value:
09040000
(PID) Process:(6808) InstallHelper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
Operation:writeName:C:\Program Files\Process Lasso\ProcessLasso.exe
Value:
1
Executable files
33
Suspicious files
5
Text files
13
Unknown types
0

Dropped files

PID
Process
Filename
Type
6620processlassosetup64.exeC:\Program Files\Process Lasso\ProcessLasso.exeexecutable
MD5:DAA4A5C2A19D119A1C7FE81A1989F773
SHA256:1BCFB4A9E5FC1710DE6F5C90D20D907C920F3D1CB7B74C923D8A5927F21F7FD1
6620processlassosetup64.exeC:\Program Files\Process Lasso\pl_rsrc_english.dllexecutable
MD5:CCEE70D788A787B112CE223C31C18647
SHA256:D961F2CB3DE93E14CEDC58A56241D505217D1DF535B8571976408BAB855CE617
6620processlassosetup64.exeC:\Users\admin\AppData\Local\Temp\nsv5D61.tmp\LangDLL.dllexecutable
MD5:68B287F4067BA013E34A1339AFDB1EA8
SHA256:18E8B40BA22C7A1687BD16E8D585380BC2773FFF5002D7D67E9485FCC0C51026
6620processlassosetup64.exeC:\Users\admin\AppData\Local\Temp\nsv5D61.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
6620processlassosetup64.exeC:\Program Files\Process Lasso\ProcessGovernor.exeexecutable
MD5:F9C80131BFC19FCE6320A2DABCBDD150
SHA256:75A58B00D2DD87BD237F2ED4A982F8AA7E7FF1A89C4D90A9A0EFFA1FD2AFB76A
6620processlassosetup64.exeC:\Program Files\Process Lasso\bitsumsessionagent.exeexecutable
MD5:B37B47399C56B0B24CB2B35321FEFBA6
SHA256:6A992937DEFBCAB8AEB6589D8FDF3D73836EAD3F05562A788D3E85F190836D00
6620processlassosetup64.exeC:\Program Files\Process Lasso\TweakScheduler.exeexecutable
MD5:95ACE5C74B60EADC7310D7C9726A6307
SHA256:2A4D16F335C6FF9BF8FD7F462EA89B4C5A164783CAAD403CD907CA2B0441DB22
6620processlassosetup64.exeC:\Program Files\Process Lasso\ProcessLassoLauncher.exeexecutable
MD5:9BB8789C1789495EF5F40AA80777769E
SHA256:03DB2ED159E4C71E98843E49563D20D530C6E602D9EE0B50A9B6BEB246674EA3
6620processlassosetup64.exeC:\Program Files\Process Lasso\CPUEater.exeexecutable
MD5:A9B905F3371AEDDB90F105399A327CAB
SHA256:B188A9D4C0D6812A77BC5FE37FF7D929486C215D7B2A0CF345AD67F8143091EE
6620processlassosetup64.exeC:\Program Files\Process Lasso\InstallHelper.exeexecutable
MD5:733A9806CB856528DA409B07D51ADDB5
SHA256:47D0DBD63518E30B2DCD555B252FED0293461F23093523D9369A19AE8A33C1B7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
23
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5400
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5400
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.159.131:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2112
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
google.com
  • 142.250.74.206
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 23.219.150.101
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.159.131
  • 20.190.159.23
  • 20.190.159.64
  • 40.126.31.0
  • 40.126.31.131
  • 40.126.31.2
  • 20.190.159.2
  • 20.190.159.0
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted
nexusrules.officeapps.live.com
  • 52.111.243.30
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Activator.exe