File name:

1 (699)

Full analysis: https://app.any.run/tasks/841783b8-e07d-4471-80ec-f5a453ceb146
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 25, 2025, 03:32:28
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
ducdun
vilsel
stealer
upx
arch-exec
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

80A62E362A1726B6CB4502636872E170

SHA1:

6AE779E30A0D5D3F0F49BA68869C4239E9195014

SHA256:

7B8928606C67DF3BF17D9A575557078D620CC6A30E2A1E1F3505301A1702F557

SSDEEP:

768:Ruok8fv/dv/zF9XV2vGjhuOE2oL3h+b7Xr/kSsV+mNf6zGdJy:RdHfv/dXh9XVAGjhuOc7IAf6zG7y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • DUCDUN mutex has been found

      • backup.exe (PID: 2384)
      • backup.exe (PID: 7212)
      • backup.exe (PID: 7172)
      • backup.exe (PID: 7232)
      • backup.exe (PID: 7192)
      • backup.exe (PID: 7260)
      • backup.exe (PID: 7372)
      • backup.exe (PID: 7352)
      • backup.exe (PID: 7312)
      • backup.exe (PID: 7332)
      • backup.exe (PID: 7588)
      • backup.exe (PID: 7464)
      • backup.exe (PID: 7428)
      • backup.exe (PID: 7636)
      • backup.exe (PID: 7616)
      • backup.exe (PID: 7664)
      • 1 (699).exe (PID: 4208)
      • 1 (699).exe (PID: 7668)
      • data.exe (PID: 7392)

    • DUCDUN has been detected (YARA)

      • backup.exe (PID: 2384)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • backup.exe (PID: 7192)
      • backup.exe (PID: 7212)
      • backup.exe (PID: 7172)
      • 1 (699).exe (PID: 4208)
      • backup.exe (PID: 7312)
      • backup.exe (PID: 7332)
      • backup.exe (PID: 7352)
      • backup.exe (PID: 7372)
      • backup.exe (PID: 7428)
      • backup.exe (PID: 7616)
      • 1 (699).exe (PID: 7668)

    • Starts itself from another location

      • 1 (699).exe (PID: 4208)
      • backup.exe (PID: 7192)
      • backup.exe (PID: 7212)
      • backup.exe (PID: 7172)
      • backup.exe (PID: 7312)
      • backup.exe (PID: 7332)
      • backup.exe (PID: 7352)
      • backup.exe (PID: 7372)
      • backup.exe (PID: 7428)
      • backup.exe (PID: 7616)

    • Creates file in the systems drive root

      • 1 (699).exe (PID: 4208)
      • backup.exe (PID: 2384)
      • 1 (699).exe (PID: 7668)

  • INFO

    • Create files in a temporary directory

      • 1 (699).exe (PID: 4208)
      • backup.exe (PID: 7192)
      • backup.exe (PID: 2384)
      • backup.exe (PID: 7172)
      • backup.exe (PID: 7212)
      • backup.exe (PID: 7232)
      • backup.exe (PID: 7260)
      • backup.exe (PID: 7312)
      • backup.exe (PID: 7332)
      • backup.exe (PID: 7352)
      • backup.exe (PID: 7372)
      • data.exe (PID: 7392)
      • backup.exe (PID: 7428)
      • backup.exe (PID: 7464)
      • backup.exe (PID: 7588)
      • backup.exe (PID: 7616)
      • backup.exe (PID: 7664)
      • backup.exe (PID: 7636)
      • 1 (699).exe (PID: 7668)

    • Checks supported languages

      • backup.exe (PID: 2384)
      • backup.exe (PID: 7192)
      • backup.exe (PID: 7212)
      • backup.exe (PID: 7232)
      • 1 (699).exe (PID: 4208)
      • backup.exe (PID: 7172)
      • backup.exe (PID: 7260)
      • backup.exe (PID: 7292)
      • backup.exe (PID: 7312)
      • backup.exe (PID: 7332)
      • backup.exe (PID: 7352)
      • backup.exe (PID: 7372)
      • data.exe (PID: 7392)
      • backup.exe (PID: 7428)
      • backup.exe (PID: 7464)
      • backup.exe (PID: 7504)
      • backup.exe (PID: 7616)
      • backup.exe (PID: 7588)
      • backup.exe (PID: 7636)
      • backup.exe (PID: 7664)
      • 1 (699).exe (PID: 7668)

    • The sample compiled with english language support

      • backup.exe (PID: 7192)
      • backup.exe (PID: 7212)
      • 1 (699).exe (PID: 4208)
      • backup.exe (PID: 7172)
      • backup.exe (PID: 7312)
      • backup.exe (PID: 7332)
      • backup.exe (PID: 7352)
      • backup.exe (PID: 7428)
      • backup.exe (PID: 7616)
      • backup.exe (PID: 7372)

    • Reads the computer name

      • backup.exe (PID: 7292)
      • backup.exe (PID: 7504)
      • 1 (699).exe (PID: 4208)
      • 1 (699).exe (PID: 7668)

    • UPX packer has been detected

      • backup.exe (PID: 2384)

    • Reads the software policy settings

      • slui.exe (PID: 7848)

    • Manual execution by a user

      • 1 (699).exe (PID: 7668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Microsoft Visual Basic 6 (56.4)
.exe | Win64 Executable (generic) (19)
.exe | UPX compressed Win32 Executable (18.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Generic Win/DOS Executable (1.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:01:06 04:02:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 16384
InitializedDataSize: 24576
UninitializedDataSize: 65536
EntryPoint: 0x14b70
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.57
ProductVersionNumber: 1.0.0.57
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: SBC
ProductName: Microsoft Windows
FileVersion: 1.00.0057
ProductVersion: 1.00.0057
InternalName: musicvn
OriginalFileName: musicvn.exe
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
25
Malicious processes
19
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #DUCDUN 1 (699).exe #DUCDUN backup.exe no specs #DUCDUN backup.exe #DUCDUN backup.exe #DUCDUN backup.exe #DUCDUN backup.exe no specs #DUCDUN backup.exe no specs backup.exe no specs #DUCDUN backup.exe #DUCDUN backup.exe #DUCDUN backup.exe #DUCDUN backup.exe #DUCDUN data.exe no specs #DUCDUN backup.exe update.exe no specs #DUCDUN backup.exe no specs backup.exe no specs #DUCDUN backup.exe no specs #DUCDUN backup.exe #DUCDUN backup.exe no specs #DUCDUN backup.exe no specs sppextcomobj.exe no specs slui.exe slui.exe no specs #DUCDUN 1 (699).exe

Process information

PID
CMD
Path
Indicators
Parent process
2384C:\Users\admin\AppData\Local\Temp\{9EE293E3-390D-48FF-A2D0-59F3E2EC8873}\backup.exe C:\Users\admin\AppData\Local\Temp\{9EE293E3-390D-48FF-A2D0-59F3E2EC8873}\C:\Users\admin\AppData\Local\Temp\{9EE293E3-390D-48FF-A2D0-59F3E2EC8873}\backup.exe
1 (699).exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\{9ee293e3-390d-48ff-a2d0-59f3e2ec8873}\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
4208"C:\Users\admin\AppData\Local\Temp\1 (699).exe" C:\Users\admin\AppData\Local\Temp\1 (699).exe
explorer.exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\1 (699).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7172C:\Users\admin\AppData\Local\Temp\acrobat_sbx\backup.exe C:\Users\admin\AppData\Local\Temp\acrobat_sbx\C:\Users\admin\AppData\Local\Temp\acrobat_sbx\backup.exe
1 (699).exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrobat_sbx\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7192C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\backup.exe C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\backup.exe
backup.exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrobat_sbx\adobe\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7212C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\backup.exe C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\backup.exe
backup.exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrobat_sbx\adobe\acrobat\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7232C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\backup.exe C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\backup.exe
backup.exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrobat_sbx\adobe\acrobat\dc\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7260C:\Users\admin\AppData\Local\Temp\acrobat_sbx\NGL\backup.exe C:\Users\admin\AppData\Local\Temp\acrobat_sbx\NGL\C:\Users\admin\AppData\Local\Temp\acrobat_sbx\NGL\backup.exe
backup.exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrobat_sbx\ngl\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7292C:\Users\admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\admin\AppData\Local\Temp\acrocef_low\C:\Users\admin\AppData\Local\Temp\acrocef_low\backup.exe1 (699).exe
User:
admin
Company:
SBC
Integrity Level:
LOW
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrocef_low\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7312C:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\backup.exe C:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\C:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\backup.exe
1 (699).exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrord32_super_sbx\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7332C:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\Adobe\backup.exe C:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\Adobe\C:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\Adobe\backup.exe
backup.exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrord32_super_sbx\adobe\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
Total events
1 413
Read events
1 375
Write events
19
Delete events
19

Modification events

(PID) Process:(4208) 1 (699).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoFolderOptions
Value:
1
(PID) Process:(4208) 1 (699).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams
Operation:delete valueName:Settings
Value:
(PID) Process:(7172) backup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoFolderOptions
Value:
1
(PID) Process:(7172) backup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams
Operation:delete valueName:Settings
Value:
(PID) Process:(7212) backup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoFolderOptions
Value:
1
(PID) Process:(7212) backup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams
Operation:delete valueName:Settings
Value:
(PID) Process:(7260) backup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoFolderOptions
Value:
1
(PID) Process:(7260) backup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams
Operation:delete valueName:Settings
Value:
(PID) Process:(7312) backup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoFolderOptions
Value:
1
(PID) Process:(7312) backup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams
Operation:delete valueName:Settings
Value:
Executable files
22
Suspicious files
30
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
42081 (699).exeC:\Users\admin\AppData\Local\Temp\{9EE293E3-390D-48FF-A2D0-59F3E2EC8873}\backup.exeexecutable
MD5:282BFEA8E7AC43CB6A3D6EB08FE7936D
SHA256:A40AC00A9C0C30349CC7402DAF123D1E8AA2312695F165E0599E952DF7BDE6CC
42081 (699).exeC:\Users\admin\AppData\Local\Temp\backup.exeexecutable
MD5:282BFEA8E7AC43CB6A3D6EB08FE7936D
SHA256:A40AC00A9C0C30349CC7402DAF123D1E8AA2312695F165E0599E952DF7BDE6CC
42081 (699).exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\backup.exeexecutable
MD5:282BFEA8E7AC43CB6A3D6EB08FE7936D
SHA256:A40AC00A9C0C30349CC7402DAF123D1E8AA2312695F165E0599E952DF7BDE6CC
7212backup.exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\backup.exeexecutable
MD5:9EAA37BE972A13B7D3BF0561D3E56C82
SHA256:A0D9E982239D59DD578411745A666AF80E5CCFC072BF6ED3DA7DE45ECE8E14EE
7212backup.exeC:\Users\admin\AppData\Local\Temp\~DFC97B0D0C694DD123.TMPbinary
MD5:3CC972C59D0284B88A8EB297D2C75D0D
SHA256:73F5B1ED2922C97CEA43A39057BB17665D656D59C1400E2F227A216093A2D808
42081 (699).exeC:\Users\admin\AppData\Local\Temp\acrocef_low\backup.exeexecutable
MD5:282BFEA8E7AC43CB6A3D6EB08FE7936D
SHA256:A40AC00A9C0C30349CC7402DAF123D1E8AA2312695F165E0599E952DF7BDE6CC
7312backup.exeC:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\Adobe\backup.exeexecutable
MD5:A90F6A739E11565A4B8E022FE60C7CFB
SHA256:44669E6CF7E87DB50D582C0EDD57538897A2175E09D059D26AA8176D6F085B6C
42081 (699).exeC:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\backup.exeexecutable
MD5:282BFEA8E7AC43CB6A3D6EB08FE7936D
SHA256:A40AC00A9C0C30349CC7402DAF123D1E8AA2312695F165E0599E952DF7BDE6CC
7172backup.exeC:\Users\admin\AppData\Local\Temp\~DFD9AFF1C6678CD84B.TMPbinary
MD5:55DECB5FE68F586B92C4C1135EA36E94
SHA256:6528CB5DB7015E1A70662282EDA8B68ECCFC0683A7FD3890A75B35E4554C41C4
7260backup.exeC:\Users\admin\AppData\Local\Temp\~DF8C87861102B0565C.TMPbinary
MD5:25B2376ED8AD698EB0DA1A70CE11427E
SHA256:40AF402ABDA6324C195547278E32E8FB9150D50A4564AA365570D81F77771DE7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
25
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7724
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
6872
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6872
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.160.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2112
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7724
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.78
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
client.wns.windows.com
  • 40.115.3.253
  • 40.113.110.67
whitelisted
login.live.com
  • 20.190.160.67
  • 40.126.32.140
  • 20.190.160.131
  • 20.190.160.2
  • 20.190.160.20
  • 20.190.160.130
  • 40.126.32.72
  • 40.126.32.138
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
1 (699)