File name:

LunarPatcher_Setup_v8.exe

Full analysis: https://app.any.run/tasks/3ef23153-944c-4a8f-a19b-b95bc078d027
Verdict: Malicious activity
Analysis date: February 26, 2026, 23:15:49
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
inno
installer
auto
generic
auto-sch
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

F5E61CE60380676FA906045330A59AE9

SHA1:

157C2F1ECE373C34D36389F3C6F39D012356469D

SHA256:

EE0AD9127D04CCB8D24E8FD96CCB1603FB83756580231D516E26AEE7ABA1BF6A

SSDEEP:

393216:Qo4lplhW6elZJx0E1bbMLjEkiSxuWJhtpdgDU/MlmQuM99LnSTj:QfnWplHxbSwNWJ9dqYMlmLMvTEj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • LunarPatcher.exe (PID: 9040)

    • Creates scheduled task from XML file

      • cmd.exe (PID: 9168)
      • cmd.exe (PID: 2364)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 2364)
      • cmd.exe (PID: 9168)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • LunarPatcher_Setup_v8.tmp (PID: 7644)

    • Executable content was dropped or overwritten

      • LunarPatcher_Setup_v8.exe (PID: 8892)
      • LunarPatcher_Setup_v8.tmp (PID: 7644)
      • LunarPatcher.exe (PID: 9040)

    • The process drops C-runtime libraries

      • LunarPatcher.exe (PID: 9040)

    • Creates scheduled task with highest privileges

      • schtasks.exe (PID: 3048)
      • cmd.exe (PID: 8240)
      • cmd.exe (PID: 4828)
      • schtasks.exe (PID: 6080)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 4756)
      • schtasks.exe (PID: 3508)

    • Starts CMD.EXE for commands execution

      • LunarPatcher.exe (PID: 9040)

    • Modifies hosts file to alter network resolution

      • LunarPatcher.exe (PID: 9040)

  • INFO

    • Checks supported languages

      • LunarPatcher_Setup_v8.exe (PID: 8892)
      • LunarPatcher_Setup_v8.tmp (PID: 7644)
      • LunarPatcher.exe (PID: 9040)

    • Create files in a temporary directory

      • LunarPatcher_Setup_v8.tmp (PID: 7644)
      • LunarPatcher_Setup_v8.exe (PID: 8892)
      • LunarPatcher.exe (PID: 9040)

    • Detects InnoSetup installer (YARA)

      • LunarPatcher_Setup_v8.exe (PID: 8892)
      • LunarPatcher_Setup_v8.tmp (PID: 7644)

    • Reads the computer name

      • LunarPatcher_Setup_v8.tmp (PID: 7644)
      • LunarPatcher.exe (PID: 9040)

    • Compiled with Borland Delphi (YARA)

      • LunarPatcher_Setup_v8.exe (PID: 8892)
      • LunarPatcher_Setup_v8.tmp (PID: 7644)

    • Creates files or folders in the user directory

      • LunarPatcher_Setup_v8.tmp (PID: 7644)

    • Creates a software uninstall entry

      • LunarPatcher_Setup_v8.tmp (PID: 7644)

    • Reads security settings of Internet Explorer

      • LunarPatcher_Setup_v8.tmp (PID: 7644)
      • LunarPatcher.exe (PID: 9040)

    • Process checks computer location settings

      • LunarPatcher_Setup_v8.tmp (PID: 7644)
      • LunarPatcher.exe (PID: 9040)

    • The sample compiled with english language support

      • LunarPatcher.exe (PID: 9040)

    • Creates files in the program directory

      • LunarPatcher.exe (PID: 9040)

    • Uses Task Scheduler to autorun other applications (AUTOMATE)

      • cmd.exe (PID: 8240)
      • cmd.exe (PID: 4828)

    • Checks proxy server information

      • slui.exe (PID: 7864)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2026:01:02 11:55:47+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 725504
InitializedDataSize: 264192
UninitializedDataSize: -
EntryPoint: 0xb1e60
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: KlodusSoft
FileDescription: Lunar Patcher Setup
FileVersion:
LegalCopyright:
OriginalFileName:
ProductName: Lunar Patcher
ProductVersion: 8.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
23
Malicious processes
2
Suspicious processes
5

Behavior graph

Click at the process to see the details
start lunarpatcher_setup_v8.exe lunarpatcher_setup_v8.tmp lunarpatcher.exe no specs #GENERIC lunarpatcher.exe cmd.exe no specs conhost.exe no specs schtasks.exe no specs cmd.exe conhost.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs cmd.exe conhost.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
1524\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2280\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2364"cmd.exe" /c schtasks /Create /TN "LunarPatcherAutoRefresh" /XML "C:\Users\admin\AppData\Local\Temp\lunarpatcher_task.xml" /FC:\Windows\System32\cmd.exeLunarPatcher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
2600\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2796\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3020\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3048schtasks /Create /SC ONLOGON /TN "LunarPatcherAutoRefresh" /TR "\"C:\Users\admin\AppData\Roaming\Lunar Patcher\LunarPatcher.exe\" /refresh" /F /RL HIGHEST /DELAY 0001:00C:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3508schtasks /Delete /TN "LunarPatcherAutoRefresh" /FC:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4544\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4756schtasks /Delete /TN "LunarPatcherAutoRefresh" /FC:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
4 552
Read events
4 527
Write events
25
Delete events
0

Modification events

(PID) Process:(7644) LunarPatcher_Setup_v8.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4B9C8D1-E2F3-4567-890A-BCDEF1234567}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.7.0
(PID) Process:(7644) LunarPatcher_Setup_v8.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4B9C8D1-E2F3-4567-890A-BCDEF1234567}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Users\admin\AppData\Roaming\Lunar Patcher
(PID) Process:(7644) LunarPatcher_Setup_v8.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4B9C8D1-E2F3-4567-890A-BCDEF1234567}_is1
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Roaming\Lunar Patcher\
(PID) Process:(7644) LunarPatcher_Setup_v8.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4B9C8D1-E2F3-4567-890A-BCDEF1234567}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(7644) LunarPatcher_Setup_v8.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4B9C8D1-E2F3-4567-890A-BCDEF1234567}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(7644) LunarPatcher_Setup_v8.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4B9C8D1-E2F3-4567-890A-BCDEF1234567}_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
(PID) Process:(7644) LunarPatcher_Setup_v8.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4B9C8D1-E2F3-4567-890A-BCDEF1234567}_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
desktopicon
(PID) Process:(7644) LunarPatcher_Setup_v8.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4B9C8D1-E2F3-4567-890A-BCDEF1234567}_is1
Operation:writeName:Inno Setup: Language
Value:
english
(PID) Process:(7644) LunarPatcher_Setup_v8.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4B9C8D1-E2F3-4567-890A-BCDEF1234567}_is1
Operation:writeName:DisplayName
Value:
Lunar Patcher version 8.0.0
(PID) Process:(7644) LunarPatcher_Setup_v8.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4B9C8D1-E2F3-4567-890A-BCDEF1234567}_is1
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Roaming\Lunar Patcher\LunarPatcher.exe
Executable files
9
Suspicious files
2
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
7644LunarPatcher_Setup_v8.tmpC:\Users\admin\AppData\Roaming\Lunar Patcher\is-68S1GL83VS.tmp
MD5:
SHA256:
7644LunarPatcher_Setup_v8.tmpC:\Users\admin\AppData\Roaming\Lunar Patcher\LunarPatcher.exe
MD5:
SHA256:
7644LunarPatcher_Setup_v8.tmpC:\Users\admin\AppData\Local\Temp\is-OUY9JMC2DI.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7644LunarPatcher_Setup_v8.tmpC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lunar Patcher.lnkbinary
MD5:A404CF0FE30DD793D7C9B38492282C8E
SHA256:8C09259322B986DCA578A06CA95152EEDCCC9CDB6A72C973895512E51AD56E11
8892LunarPatcher_Setup_v8.exeC:\Users\admin\AppData\Local\Temp\is-TWD0XDAUPO.tmp\LunarPatcher_Setup_v8.tmpexecutable
MD5:0B7C1E414D641AF04B9C7020E66E254A
SHA256:CF7000425851EAC14F967BC70BE0E67C81C2F1BB16FD0D94D15208D2853F43AB
7644LunarPatcher_Setup_v8.tmpC:\Users\admin\AppData\Roaming\Lunar Patcher\unins000.datbinary
MD5:CE8C1C87E6307824950FEC634476342D
SHA256:E798123E508454A86E43ED5D2D48B8E2DBD56FBD04ABB8A9753001D1B2BC442B
7644LunarPatcher_Setup_v8.tmpC:\Users\admin\AppData\Roaming\Lunar Patcher\unins000.exeexecutable
MD5:84E7BD9C2B2ABD4F490780D824D66CC5
SHA256:3E45A12808975ECCEA78A3F8C1BF53AD2B7E598B917CA9E98B13241892809D38
7644LunarPatcher_Setup_v8.tmpC:\Users\admin\AppData\Roaming\Lunar Patcher\is-Y3IVRQAP11.tmpexecutable
MD5:84E7BD9C2B2ABD4F490780D824D66CC5
SHA256:3E45A12808975ECCEA78A3F8C1BF53AD2B7E598B917CA9E98B13241892809D38
9040LunarPatcher.exeC:\Users\admin\AppData\Local\Temp\.net\LunarPatcher\2350\D3DCompiler_47_cor3.dllexecutable
MD5:A7349236212B0E5CEC2978F2CFA49A1A
SHA256:A05D04A270F68C8C6D6EA2D23BEBF8CD1D5453B26B5442FA54965F90F1C62082
9040LunarPatcher.exeC:\Users\admin\AppData\Local\Temp\.net\LunarPatcher\2350\wpfgfx_cor3.dllexecutable
MD5:C0364436841E2B0F4EC096A12662702E
SHA256:BA56CF777A370395C385ECBA19129EFBC6673D5EF5F18C23F8D90D23B140A6F1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
48
TCP/UDP connections
50
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
8788
SIHClient.exe
GET
304
74.179.77.204:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
7428
svchost.exe
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
8788
SIHClient.exe
GET
200
135.233.95.135:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
7428
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
8788
SIHClient.exe
GET
200
74.179.77.204:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
8788
SIHClient.exe
GET
304
74.179.77.204:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
2.16.241.218:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7428
svchost.exe
23.55.110.211:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
23.55.110.211:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
23.55.110.211:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
7428
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
www.bing.com
  • 2.16.241.218
  • 2.16.241.201
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
google.com
  • 216.58.215.142
whitelisted
crl.microsoft.com
  • 23.55.110.211
  • 23.55.110.193
  • 2.16.164.120
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
login.live.com
  • 20.190.160.67
  • 20.190.160.130
  • 40.126.32.68
  • 40.126.32.72
  • 40.126.32.76
  • 20.190.160.20
  • 40.126.32.138
  • 40.126.32.140
  • 20.190.160.131
  • 20.190.160.5
  • 40.126.32.134
  • 20.190.160.64
  • 20.190.160.128
  • 40.126.32.136
whitelisted
slscr.update.microsoft.com
  • 74.179.77.204
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 135.233.95.135
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
LunarPatcher_Setup_v8.exe