File name:

1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9

Full analysis: https://app.any.run/tasks/145f21da-c29a-4198-8f27-1380bebe04b3
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 24, 2025, 21:37:40
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
ducdun
vilsel
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, PECompact2 compressed, 2 sections
MD5:

5F42177853057ED30E41A13202EB167B

SHA1:

DBD63866FDFBA45D38B1058D0A081C3A6A15A66C

SHA256:

1C1FF303E12B8A862FDD7EA8E15EDDCDD4ECDFF629C7F433A574734F731771D9

SSDEEP:

1536:Cmr1zQgnmW/1estc6Xmr1zQ1yQenPiEkL:CmrhQdkwstc6XmrhQ1caE+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • DUCDUN mutex has been found

      • 1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exe (PID: 7596)

    • DUCDUN has been detected (YARA)

      • 1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exe (PID: 7596)

  • SUSPICIOUS

    • Creates file in the systems drive root

      • 1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exe (PID: 7596)

    • Executable content was dropped or overwritten

      • 1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exe (PID: 7596)

  • INFO

    • The sample compiled with english language support

      • 1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exe (PID: 7596)

    • Reads the computer name

      • 1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exe (PID: 7596)

    • Create files in a temporary directory

      • 1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exe (PID: 7596)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 2136)
      • BackgroundTransferHost.exe (PID: 6372)
      • BackgroundTransferHost.exe (PID: 6872)
      • BackgroundTransferHost.exe (PID: 2616)
      • BackgroundTransferHost.exe (PID: 7880)

    • Checks supported languages

      • 1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exe (PID: 7596)

    • Creates files or folders in the user directory

      • BackgroundTransferHost.exe (PID: 6872)

    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 6872)
      • slui.exe (PID: 6516)

    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 6872)
      • slui.exe (PID: 6516)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:01:06 04:02:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, No debug
PEType: PE32
LinkerVersion: 6
CodeSize: 45056
InitializedDataSize: 28672
UninitializedDataSize: -
EntryPoint: 0x1150
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.57
ProductVersionNumber: 1.0.0.57
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: SBC
ProductName: Microsoft Windows
FileVersion: 1.00.0057
ProductVersion: 1.00.0057
InternalName: musicvn
OriginalFileName: musicvn.exe
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
145
Monitored processes
7
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #DUCDUN 1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
2136"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
2616"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
6372"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
6516C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6872"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
7596"C:\Users\admin\Desktop\1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exe" C:\Users\admin\Desktop\1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7880"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
Total events
7 939
Read events
7 922
Write events
16
Delete events
1

Modification events

(PID) Process:(7596) 1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoFolderOptions
Value:
1
(PID) Process:(7596) 1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams
Operation:delete valueName:Settings
Value:
(PID) Process:(2136) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2136) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2136) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6872) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6872) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6872) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6372) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6372) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
1
Suspicious files
9
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
6872BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\78856793-37ae-4980-bf57-e0aa61c426a9.down_data
MD5:
SHA256:
75961c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exeC:\Users\admin\Desktop\temp.zip~RF10c9ab.TMPcompressed
MD5:76CDB2BAD9582D23C1F6F4D868218D6C
SHA256:8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
75961c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exeC:\Users\admin\Desktop\1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.datbinary
MD5:C61D0ECB469909966776D8739E6A7D0E
SHA256:7B9D8B715BA8AB955E529EF83894F26B93459B638A71A6425CA27D91066E7384
75961c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exeC:\Users\admin\Desktop\temp.zipcompressed
MD5:76CDB2BAD9582D23C1F6F4D868218D6C
SHA256:8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
75961c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exeC:\Users\admin\Desktop\backup.exeexecutable
MD5:CA72F24D539F92C62D446CB73CC67102
SHA256:3A39B7F3C187433D280888777C28C20D2BC383655B81EC3FC7F2F6D860B7C719
75961c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exeC:\Users\admin\Desktop\1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.zipcompressed
MD5:F6727F17BFA0F33364DD9261E5D9EDF1
SHA256:538D073891B5F21CD07C06DDB52A919F2CCAC3C081C989EA812C85863052C67B
6872BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\436b1a36-e576-4c67-9205-7b0d15fa2ac9.39305a72-c357-442a-a5b9-1b549895811a.down_metabinary
MD5:F6AD0BD18E47B75B184D854B7A45A57F
SHA256:7EB343EA7447D246B5EB2A0275ABB5B1A868A5628569B80B9E7652971EEABF76
6872BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\436b1a36-e576-4c67-9205-7b0d15fa2ac9.up_meta_securebinary
MD5:0775FE68C2F77FFD9DD5DB1C6CB055D9
SHA256:3AC6A8579261D33FFF6E6963E014505D5F3E1B5FF8B66899BDCE1515420300F0
75961c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9.exeC:\Users\admin\AppData\Local\Temp\2La07624compressed
MD5:4542F56047D33366A0919A1E2CF28F91
SHA256:CAFE32CC705DFAE4981C15367A306EBB3FBE0B014DB54FFF20D32D87FD689D1C
6872BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\78856793-37ae-4980-bf57-e0aa61c426a9.39305a72-c357-442a-a5b9-1b549895811a.down_metabinary
MD5:F6AD0BD18E47B75B184D854B7A45A57F
SHA256:7EB343EA7447D246B5EB2A0275ABB5B1A868A5628569B80B9E7652971EEABF76
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
56
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4108
RUXIMICS.exe
GET
200
23.48.23.159:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.48.23.159:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
304
20.12.23.50:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
8156
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
8156
SIHClient.exe
GET
200
23.48.23.190:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
POST
200
20.190.159.4:443
https://login.live.com/RST2.srf
unknown
xml
11.0 Kb
whitelisted
POST
200
20.190.160.4:443
https://login.live.com/RST2.srf
unknown
xml
1.35 Kb
whitelisted
POST
400
40.126.32.140:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
20.190.160.130:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
GET
200
20.103.156.88:443
https://arc.msn.com/v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=88000045&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:AC7699B0-48EA-FD22-C8DC-06A02098A0F0&ctry=US&time=20250324T213753Z&lc=en-US&pl=en-US&idtp=mid&uid=9115d6d1-9f4e-4053-9297-2a8c833b3912&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=9d49c043b4b04676a135976b2200e070&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.3636&currsel=137271744000000000&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.4046&disphorzres=1280&dispsize=15.3&dispvertres=720&fosver=16299&isu=0&lo=3968017&metered=false&nettype=ethernet&npid=sc-88000045&oemName=DELL&oemid=DELL&ossku=Professional&prevosver=15063&smBiosDm=DELL&stabedgever=122.0.2365.59&tl=2&tsu=1358547&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=2
unknown
binary
2.96 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4108
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4108
RUXIMICS.exe
23.48.23.159:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
23.48.23.159:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6544
svchost.exe
20.190.160.131:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3216
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7648
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.142
whitelisted
crl.microsoft.com
  • 23.48.23.159
  • 23.48.23.193
  • 23.48.23.176
  • 23.48.23.145
  • 23.48.23.194
  • 23.48.23.166
  • 23.48.23.173
  • 23.48.23.147
  • 23.48.23.158
  • 23.48.23.190
  • 23.48.23.162
  • 23.48.23.137
  • 23.48.23.177
  • 23.48.23.169
whitelisted
login.live.com
  • 20.190.160.131
  • 40.126.32.68
  • 20.190.160.128
  • 20.190.160.64
  • 40.126.32.138
  • 20.190.160.67
  • 40.126.32.74
  • 40.126.32.134
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
www.bing.com
  • 104.126.37.154
  • 104.126.37.139
  • 104.126.37.144
  • 104.126.37.145
  • 104.126.37.131
  • 104.126.37.163
  • 104.126.37.162
  • 104.126.37.130
  • 104.126.37.136
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
1c1ff303e12b8a862fdd7ea8e15eddcdd4ecdff629c7f433a574734f731771d9