File name:

HopToDesk.exe

Full analysis: https://app.any.run/tasks/7eb131f0-360d-45c2-abdc-5a701afcde94
Verdict: Malicious activity
Analysis date: July 16, 2025, 19:56:13
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-startup
upx
rust
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

A8D307AC99B0B10493C1D479B2691CA1

SHA1:

AA05F4586D6ADBA0227AA006188F5601A6368ABA

SHA256:

EBD2C015CC43E0FEDF0122768D65E3256D78C57422111A3AD21EFE7663507EE5

SSDEEP:

98304:zhcIot/kAcTN7J3u0t1++5peHcBPlvYKGgkiwiaTB+XAgfU2v3hQmhrgCMOsdVt8:MEhLpq9xvNHWuG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Create files in the Startup directory

      • cmd.exe (PID: 1324)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • HopToDesk.exe (PID: 6664)
      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 3572)

    • Suspicious use of NETSH.EXE

      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 3572)
      • cmd.exe (PID: 1324)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • HopToDesk.exe (PID: 6664)
      • cmd.exe (PID: 1324)

    • Application launched itself

      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 6900)

    • Connects to unusual port

      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 5780)

    • Executable content was dropped or overwritten

      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 3572)
      • cmd.exe (PID: 1324)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 2076)

    • Starts application with an unusual extension

      • cmd.exe (PID: 1324)

    • Executing commands from a ".bat" file

      • HopToDesk.exe (PID: 3572)

    • Starts CMD.EXE for commands execution

      • HopToDesk.exe (PID: 3572)

    • Stops a currently running service

      • sc.exe (PID: 2504)
      • sc.exe (PID: 3480)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 1324)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 1324)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • cmd.exe (PID: 1324)

    • Windows service management via SC.EXE

      • sc.exe (PID: 6004)
      • sc.exe (PID: 3932)
      • sc.exe (PID: 2120)
      • sc.exe (PID: 6408)

    • Searches for installed software

      • reg.exe (PID: 2148)
      • reg.exe (PID: 4768)
      • reg.exe (PID: 4544)
      • reg.exe (PID: 3112)
      • reg.exe (PID: 3768)
      • reg.exe (PID: 1964)
      • reg.exe (PID: 6488)
      • reg.exe (PID: 4088)
      • reg.exe (PID: 3760)
      • reg.exe (PID: 6764)
      • reg.exe (PID: 2532)
      • reg.exe (PID: 4688)
      • HopToDesk.exe (PID: 3556)
      • HopToDesk.exe (PID: 5780)
      • HopToDesk.exe (PID: 6900)
      • HopToDesk.exe (PID: 3556)

    • Creates a software uninstall entry

      • reg.exe (PID: 4544)
      • reg.exe (PID: 4768)
      • reg.exe (PID: 3768)
      • reg.exe (PID: 3112)
      • reg.exe (PID: 1964)
      • reg.exe (PID: 6488)
      • reg.exe (PID: 4088)
      • reg.exe (PID: 2148)
      • reg.exe (PID: 6764)
      • reg.exe (PID: 4688)
      • reg.exe (PID: 2532)
      • reg.exe (PID: 3760)

    • The process executes VB scripts

      • cmd.exe (PID: 1324)

    • Creates a new Windows service

      • sc.exe (PID: 4836)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 1324)

    • Executes as Windows Service

      • HopToDesk.exe (PID: 6900)
      • HopToDesk.exe (PID: 3556)

    • Sets the service to start on system boot

      • sc.exe (PID: 4748)

    • Starts itself from another location

      • HopToDesk.exe (PID: 3572)

    • There is functionality for taking screenshot (YARA)

      • HopToDesk.exe (PID: 3556)
      • HopToDesk.exe (PID: 6900)
      • HopToDesk.exe (PID: 5780)

  • INFO

    • The sample compiled with english language support

      • HopToDesk.exe (PID: 2140)
      • cmd.exe (PID: 1324)

    • Reads the computer name

      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 6664)
      • HopToDesk.exe (PID: 3572)
      • HopToDesk.exe (PID: 3556)
      • HopToDesk.exe (PID: 6900)
      • HopToDesk.exe (PID: 3556)
      • HopToDesk.exe (PID: 5780)

    • Create files in a temporary directory

      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 3572)
      • cscript.exe (PID: 6376)
      • cscript.exe (PID: 4860)
      • cscript.exe (PID: 2096)

    • Checks supported languages

      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 6664)
      • HopToDesk.exe (PID: 3572)
      • chcp.com (PID: 4264)
      • chcp.com (PID: 3624)
      • chcp.com (PID: 5456)
      • HopToDesk.exe (PID: 6900)
      • HopToDesk.exe (PID: 3556)
      • HopToDesk.exe (PID: 5780)
      • HopToDesk.exe (PID: 3556)

    • Checks proxy server information

      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 3556)
      • slui.exe (PID: 6304)

    • Creates files or folders in the user directory

      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 3556)

    • Process checks computer location settings

      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 6664)
      • HopToDesk.exe (PID: 3572)

    • Reads the machine GUID from the registry

      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 5780)
      • HopToDesk.exe (PID: 3556)

    • Reads the software policy settings

      • HopToDesk.exe (PID: 2140)
      • HopToDesk.exe (PID: 5780)
      • HopToDesk.exe (PID: 3556)
      • slui.exe (PID: 6304)

    • Changes the display of characters in the console

      • cmd.exe (PID: 1324)

    • Creates files in the program directory

      • cmd.exe (PID: 1324)

    • Reads security settings of Internet Explorer

      • cscript.exe (PID: 6376)
      • cscript.exe (PID: 2096)
      • cscript.exe (PID: 4860)

    • Launching a file from the Startup directory

      • cmd.exe (PID: 1324)

    • Application based on Rust

      • HopToDesk.exe (PID: 3556)
      • HopToDesk.exe (PID: 6900)
      • HopToDesk.exe (PID: 5780)

    • UPX packer has been detected

      • HopToDesk.exe (PID: 3556)
      • HopToDesk.exe (PID: 6900)
      • HopToDesk.exe (PID: 5780)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:31 08:23:26+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.36
CodeSize: 7229440
InitializedDataSize: 24576
UninitializedDataSize: 10592256
EntryPoint: 0x10ff5b0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.43.1.0
ProductVersionNumber: 1.43.1.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Begonia Holdings
ProductVersion: 1.43.1
ProductName: HopToDesk
FileDescription: HopToDesk
LegalCopyright: Copyright © 2025 Begonia Holdings. Copyright © 2025 Purslane Ltd.
FileVersion: 1.43.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
202
Monitored processes
68
Malicious processes
5
Suspicious processes
2

Behavior graph

Click at the process to see the details
start hoptodesk.exe netsh.exe no specs conhost.exe no specs hoptodesk.exe netsh.exe no specs conhost.exe no specs hoptodesk.exe netsh.exe no specs conhost.exe no specs cmd.exe conhost.exe no specs chcp.com no specs sc.exe no specs sc.exe no specs taskkill.exe no specs taskkill.exe no specs reg.exe no specs reg.exe no specs netsh.exe no specs reg.exe no specs schtasks.exe no specs chcp.com no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cscript.exe no specs cscript.exe no specs cscript.exe no specs sc.exe no specs sc.exe no specs hoptodesk.exe no specs sc.exe no specs sc.exe no specs chcp.com no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs sc.exe no specs netsh.exe no specs findstr.exe no specs netsh.exe no specs netsh.exe no specs sc.exe no specs hoptodesk.exe no specs hoptodesk.exe reg.exe no specs hoptodesk.exe slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
236reg add HKEY_CLASSES_ROOT\.hoptodesk\DefaultIcon /f /ve /t REG_SZ /d "\"C:\Program Files (x86)\HopToDesk\HopToDesk.exe\",0"C:\Windows\SysWOW64\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
472taskkill /F /IM HopToDesk.exe /FI "PID ne 3572"C:\Windows\SysWOW64\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
504netsh advfirewall firewall delete rule name="HopToDesk Service"C:\Windows\SysWOW64\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1324"C:\WINDOWS\SysWOW64\cmd.exe" /C C:\Users\admin\AppData\Local\Temp\HopToDesk_install.batC:\Windows\SysWOW64\cmd.exe
HopToDesk.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1336reg delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HopToDesk /fC:\Windows\SysWOW64\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1568reg add HKEY_CLASSES_ROOT\.hoptodesk /fC:\Windows\SysWOW64\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1660reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HopToDesk /fC:\Windows\SysWOW64\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1948reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System /f /v SoftwareSASGeneration /t REG_DWORD /d 1C:\Windows\SysWOW64\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1964reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HopToDesk /f /v InstallLocation /t REG_SZ /d "C:\Program Files (x86)\HopToDesk"C:\Windows\SysWOW64\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1964findstr /c:"HopToDesk Service" C:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
22 009
Read events
21 988
Write events
17
Delete events
4

Modification events

(PID) Process:(2140) HopToDesk.exeKey:HKEY_CLASSES_ROOT\HopToDesk
Operation:writeName:URL Protocol
Value:
(PID) Process:(6664) HopToDesk.exeKey:HKEY_CLASSES_ROOT\HopToDesk
Operation:writeName:URL Protocol
Value:
(PID) Process:(3572) HopToDesk.exeKey:HKEY_CLASSES_ROOT\HopToDesk
Operation:writeName:URL Protocol
Value:
(PID) Process:(6312) reg.exeKey:HKEY_CLASSES_ROOT\HopToDesk\shell\open\command
Operation:delete keyName:(default)
Value:
(PID) Process:(6312) reg.exeKey:HKEY_CLASSES_ROOT\HopToDesk\shell\open
Operation:delete keyName:(default)
Value:
(PID) Process:(6312) reg.exeKey:HKEY_CLASSES_ROOT\HopToDesk\shell
Operation:delete keyName:(default)
Value:
(PID) Process:(6312) reg.exeKey:HKEY_CLASSES_ROOT\HopToDesk
Operation:delete keyName:(default)
Value:
(PID) Process:(2148) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HopToDesk
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\HopToDesk\HopToDesk.exe
(PID) Process:(4544) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HopToDesk
Operation:writeName:DisplayVersion
Value:
1.43.1
(PID) Process:(3112) reg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HopToDesk
Operation:writeName:VersionMajor
Value:
1
Executable files
7
Suspicious files
3
Text files
18
Unknown types
7

Dropped files

PID
Process
Filename
Type
2140HopToDesk.exeC:\Users\admin\AppData\Local\Temp\sciter.dllexecutable
MD5:FC2311CA280C197F5ED16DEF6D464B6B
SHA256:285F3E6A051A7C61845CD7E4D2120781B6BDF411239F70A85C65B38A52D38F28
2140HopToDesk.exeC:\Users\admin\AppData\Roaming\HopToDesk\config\HopToDesk.2140_ThreadId(17)_1752695789191691400text
MD5:8ECB4B0090DC03E16DB3EA5B084C2F01
SHA256:FD829D9B5F3EA4F50A9C216C1BFD19EC262D7A9F4499B62B67BC8925265D7EDB
2140HopToDesk.exeC:\Users\admin\AppData\Roaming\HopToDesk\config\HopToDesk2.tomltext
MD5:C90E6CF08676524C708A53EB4A2E9FDA
SHA256:3DD14A97D2C5B8E5D69F374A32C21521151925BC1C23073C633E71FF653BB845
3572HopToDesk.exeC:\Users\admin\AppData\Local\Temp\HopToDesk_uninstall_shortcut.vbsbinary
MD5:55854B3D5041EC6D5AF64B6E1E33C49D
SHA256:7EC83ED2365D665B21CAA68FE4FFEDDCD584F8193D9F44CC9964AC922CD08D99
2140HopToDesk.exeC:\Users\admin\AppData\Roaming\HopToDesk\config\HopToDesk2.2140_ThreadId(1)_1752695787989773100text
MD5:C90E6CF08676524C708A53EB4A2E9FDA
SHA256:3DD14A97D2C5B8E5D69F374A32C21521151925BC1C23073C633E71FF653BB845
6376cscript.exeC:\Users\admin\AppData\Local\Temp\HopToDesk.lnklnk
MD5:A4B93DF45452DDF1AAC36AEED003F3EF
SHA256:D66EF1B5FCA68834997D56325215F1441B6225FDFB211E083319FE8816AD8D64
2140HopToDesk.exeC:\Users\admin\AppData\Roaming\HopToDesk\config\HopToDesk.tomltext
MD5:8ECB4B0090DC03E16DB3EA5B084C2F01
SHA256:FD829D9B5F3EA4F50A9C216C1BFD19EC262D7A9F4499B62B67BC8925265D7EDB
1324cmd.exeC:\Program Files (x86)\HopToDesk\privacyhelper.exeexecutable
MD5:EC3857AABB195B1F8308AAEE41C35DBD
SHA256:A6BFCD89555C5CD74568F7D2A490CC8A86C4B629E94E4496980A37D072E2FF4C
4860cscript.exeC:\Users\admin\AppData\Local\Temp\Uninstall HopToDesk.lnklnk
MD5:6FBCF69A3C3D510047B25EDE4B3409B4
SHA256:6979F0EB95B6492B399ED71EC6951446C6333BB0CA67B1CF6A9DEEAEB7F9FE6A
2096cscript.exeC:\Users\admin\AppData\Local\Temp\HopToDesk Tray.lnklnk
MD5:04C213F7A369122ABD47109BA00D3B72
SHA256:F9372B2193DE47F7F120A61D729C14BCF20A6C0ABC2B47443255128F2FA590F5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
38
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
23.55.110.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4916
RUXIMICS.exe
GET
200
23.55.110.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.55.110.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4916
RUXIMICS.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
104.21.48.1:443
https://api.hoptodesk.com/
unknown
binary
597 b
unknown
POST
500
20.83.72.98:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
GET
200
104.21.96.1:443
https://api.hoptodesk.com/
unknown
binary
597 b
unknown
GET
200
104.21.96.1:443
https://api.hoptodesk.com/
unknown
binary
597 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4916
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4916
RUXIMICS.exe
23.55.110.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.55.110.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.55.110.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4916
RUXIMICS.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
5944
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.110
whitelisted
crl.microsoft.com
  • 23.55.110.193
  • 23.55.110.211
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
api.hoptodesk.com
  • 104.21.32.1
  • 104.21.64.1
  • 104.21.48.1
  • 104.21.80.1
  • 104.21.16.1
  • 104.21.96.1
  • 104.21.112.1
unknown
turn.hoptodesk.com
  • 45.76.236.44
unknown
self.events.data.microsoft.com
  • 20.42.73.28
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HopToDesk.exe