File name:

UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_

Full analysis: https://app.any.run/tasks/644be67a-5af0-4258-b321-5dde5c160174
Verdict: Malicious activity
Analysis date: April 25, 2025, 12:15:50
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

F31D6529FF4AD98053F9A8A9832F95E3

SHA1:

ABDD5CE48E2D11A4C82FC90D9E9BEEB14B437CEE

SHA256:

801505B222599FB1B73DCF02AE754566BBE0BA03CB253592BC585B639F65F04E

SSDEEP:

384:CkwoxQKpXJBOLOMlT03YKmvgzILbfNGHEDPUw33XO3MxHBqIRK:CWOrAc3bfg2Uw3u3ChrK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Deletes shadow copies

      • cmd.exe (PID: 6708)
      • cmd.exe (PID: 3300)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exe (PID: 2140)
      • UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_ - Copy.exe (PID: 7800)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1512)

  • INFO

    • Checks supported languages

      • UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exe (PID: 2140)

    • Reads the computer name

      • UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exe (PID: 2140)

    • Reads the machine GUID from the registry

      • UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exe (PID: 2140)

    • Manual execution by a user

      • OpenWith.exe (PID: 7268)
      • OpenWith.exe (PID: 7484)
      • rundll32.exe (PID: 7552)
      • OpenWith.exe (PID: 7144)
      • rundll32.exe (PID: 2340)
      • rundll32.exe (PID: 4208)
      • OpenWith.exe (PID: 4988)
      • rundll32.exe (PID: 1228)
      • OpenWith.exe (PID: 3888)
      • rundll32.exe (PID: 1168)
      • rundll32.exe (PID: 7556)
      • rundll32.exe (PID: 7752)
      • OpenWith.exe (PID: 7692)
      • OpenWith.exe (PID: 6876)
      • UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_ - Copy.exe (PID: 7800)
      • firefox.exe (PID: 7012)

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 7484)
      • OpenWith.exe (PID: 7268)
      • OpenWith.exe (PID: 7144)

    • Application launched itself

      • firefox.exe (PID: 7012)
      • firefox.exe (PID: 7172)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (82.9)
.dll | Win32 Dynamic Link Library (generic) (7.4)
.exe | Win32 Executable (generic) (5.1)
.exe | Generic Win/DOS Executable (2.2)
.exe | DOS Executable Generic (2.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:04:17 14:02:05+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 48
CodeSize: 16384
InitializedDataSize: 2048
UninitializedDataSize: -
EntryPoint: 0x5e32
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: SF
FileVersion: 1.0.0.0
InternalName: SF.exe
LegalCopyright: Copyright © 2017
LegalTrademarks: -
OriginalFileName: SF.exe
ProductName: SF
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
162
Monitored processes
36
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start uds-trojan.win32.generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exe no specs openwith.exe no specs openwith.exe no specs rundll32.exe no specs openwith.exe no specs rundll32.exe no specs rundll32.exe no specs openwith.exe no specs rundll32.exe no specs openwith.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs openwith.exe no specs openwith.exe no specs uds-trojan.win32.generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_ - copy.exe slui.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs cmd.exe no specs conhost.exe no specs vssadmin.exe no specs cmd.exe no specs conhost.exe no specs vssadmin.exe no specs vssvc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1168"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\admin\Downloads\videothread.pngC:\Windows\System32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
1228"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\admin\Downloads\ledcustomer.pngC:\Windows\System32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
1512C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2140"C:\Users\admin\Desktop\UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exe" C:\Users\admin\Desktop\UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SF
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\uds-trojan.win32.generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2340"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\admin\Downloads\wantedcorrect.pngC:\Windows\System32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
2904vssadmin.exe delete shadows /all /quietC:\Windows\System32\vssadmin.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Command Line Interface for Microsoft® Volume Shadow Copy Service
Exit code:
2
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssadmin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3300"cmd.exe" /c vssadmin.exe delete shadows /all /quietC:\Windows\System32\cmd.exeUDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_ - Copy.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
2
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
3888"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Downloads\wantedcorrect.png.SatyrC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4208"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\admin\Downloads\leftmessage.jpgC:\Windows\System32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
4400\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
17 647
Read events
17 633
Write events
10
Delete events
4

Modification events

(PID) Process:(7172) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(7172) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
Operation:delete keyName:(default)
Value:
(PID) Process:(7172) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
Operation:writeName:ProgID
Value:
FirefoxURL-308046B0AF4A39CB
(PID) Process:(7172) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
Operation:writeName:Hash
Value:
Y6Qlcm2nOMk=
(PID) Process:(7172) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Operation:delete keyName:(default)
Value:
(PID) Process:(7172) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Operation:writeName:ProgID
Value:
FirefoxURL-308046B0AF4A39CB
(PID) Process:(7172) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Operation:writeName:Hash
Value:
yMdhJ96Zaqk=
(PID) Process:(7172) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice
Operation:delete keyName:(default)
Value:
(PID) Process:(7172) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice
Operation:writeName:ProgID
Value:
FirefoxHTML-308046B0AF4A39CB
(PID) Process:(7172) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice
Operation:writeName:Hash
Value:
a4BzKQ0tK8I=
Executable files
4
Suspicious files
2 614
Text files
38
Unknown types
2

Dropped files

PID
Process
Filename
Type
2140UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exeC:\Users\admin\Desktop\samejava.jpgbinary
MD5:E433C74F7D6E4C50C266A9A3A8CE78F9
SHA256:14C0681FA9B9BC0B819A32F32BD40CECB68943596C4290EE8F609F55324D90D5
2140UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exeC:\Users\admin\Desktop\perfectflorida.jpgbinary
MD5:B1973081F0BE85D21CF475D6947CE955
SHA256:97B925CBC0F667420049648D508B31F37D0819AF024FC3ADB81EFDE0EFF0D450
2140UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exeC:\Users\admin\Desktop\perfectflorida.jpg.Satyrbinary
MD5:B1973081F0BE85D21CF475D6947CE955
SHA256:97B925CBC0F667420049648D508B31F37D0819AF024FC3ADB81EFDE0EFF0D450
2140UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exeC:\Users\admin\Desktop\callswar.rtfbinary
MD5:C35960EAC25DAA36605957D7F363596A
SHA256:27AB0F2BCAEBA86EF72C52117896269C0B291DC7DD277A85FB4158CEFFBEB9C3
2140UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exeC:\Users\admin\Desktop\whentaking.png.Satyrbinary
MD5:0C7273324FBC549B40CD53CC6DFA8014
SHA256:8D1387AA7A2B34B5704398DBC7EF2E4AE33CF6A25DC1719CCFCFFFB56A459DB9
2140UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exeC:\Users\admin\Desktop\evidencerepair.rtf.Satyrbinary
MD5:6DCB526F456FFF55C4EC565905B7922E
SHA256:2D4A2C14B30BBE72F914CF826D74630DFBDC32BBAA6A55B79A18C86FB9D678DE
2140UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exeC:\Users\admin\Desktop\evidenceprotein.rtf.Satyrbinary
MD5:0749969184FF7E63A69CBC38A58121E4
SHA256:4CF07DAFF71C36CB9A1CED3F88800A4958631122FCF2A6BCFBF64B9790802BCA
2140UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exeC:\Users\admin\Desktop\babycommunities.rtfbinary
MD5:6AA542D6DA8F95D938D5F7F1B75713B2
SHA256:4C519602D06672EC1C4733D0DE4F522C5883B825C7D5367CA2BAF8D93F32B967
2140UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exeC:\Users\admin\Desktop\babycommunities.rtf.Satyrbinary
MD5:6AA542D6DA8F95D938D5F7F1B75713B2
SHA256:4C519602D06672EC1C4733D0DE4F522C5883B825C7D5367CA2BAF8D93F32B967
2140UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_.exeC:\Users\admin\Desktop\leathertopic.rtf.Satyrbinary
MD5:2194563704E5BF59110C73E8E0A6AAEF
SHA256:5E50B3B3D836FD81112E6FFCC7B453D38A281CFCA9A7D9D13E5257885972031A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
72
DNS requests
93
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7984
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7172
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
7172
firefox.exe
POST
200
184.24.77.65:80
http://r10.o.lencr.org/
unknown
whitelisted
7984
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7172
firefox.exe
POST
200
184.24.77.65:80
http://r10.o.lencr.org/
unknown
whitelisted
7172
firefox.exe
POST
200
184.24.77.75:80
http://r11.o.lencr.org/
unknown
whitelisted
7172
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
7172
firefox.exe
POST
200
184.24.77.75:80
http://r11.o.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7984
SIHClient.exe
52.149.20.212:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7984
SIHClient.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
7984
SIHClient.exe
13.95.31.18:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 2.23.246.101
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
nexusrules.officeapps.live.com
  • 52.111.229.43
whitelisted
location.services.mozilla.com
  • 35.190.72.216
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
UDS-Trojan.Win32.Generic-801505b222599fb1b73dcf02ae754566bbe0ba03cb253592bc585b639f65f04e.ex_