File name:

1 (313)

Full analysis: https://app.any.run/tasks/ace6fbca-ede0-43d0-ba38-eeffedbdf653
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 24, 2025, 21:27:53
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
ducdun
vilsel
stealer
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

6DAEC328D4750CA332D5517A837B3CC0

SHA1:

5E573901C3B769675947B63599BD408869A203C1

SHA256:

8B85F72CAC65C67512F12226A5E78AAAC1DE925B3230971D62D43AA9BAB7476F

SSDEEP:

3072:LpVRjhu4AfAG7sdgfmg7zHGgky0KUj6TjR9i4/:LRh/AfAG9fDGy0Z6jR5/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • DUCDUN mutex has been found

      • backup.exe (PID: 6068)
      • backup.exe (PID: 7208)
      • backup.exe (PID: 5576)
      • backup.exe (PID: 7240)
      • backup.exe (PID: 7188)
      • backup.exe (PID: 6620)
      • backup.exe (PID: 7348)
      • backup.exe (PID: 7368)
      • backup.exe (PID: 7328)
      • backup.exe (PID: 7288)
      • backup.exe (PID: 7308)
      • backup.exe (PID: 7428)
      • backup.exe (PID: 7448)
      • backup.exe (PID: 7404)
      • backup.exe (PID: 7500)
      • backup.exe (PID: 7524)
      • backup.exe (PID: 7544)
      • backup.exe (PID: 7572)
      • 1 (313).exe (PID: 2284)

    • DUCDUN has been detected (YARA)

      • 1 (313).exe (PID: 2284)
      • backup.exe (PID: 6068)

  • SUSPICIOUS

    • Starts itself from another location

      • 1 (313).exe (PID: 2284)
      • backup.exe (PID: 5576)
      • backup.exe (PID: 6620)
      • backup.exe (PID: 7188)
      • backup.exe (PID: 7308)
      • backup.exe (PID: 7288)
      • backup.exe (PID: 7348)
      • backup.exe (PID: 7328)
      • backup.exe (PID: 7524)
      • backup.exe (PID: 7404)

    • Executable content was dropped or overwritten

      • backup.exe (PID: 5576)
      • backup.exe (PID: 6620)
      • backup.exe (PID: 7188)
      • backup.exe (PID: 7328)
      • backup.exe (PID: 7288)
      • backup.exe (PID: 7308)
      • backup.exe (PID: 7348)
      • 1 (313).exe (PID: 2284)
      • backup.exe (PID: 7524)
      • backup.exe (PID: 7404)

    • Creates file in the systems drive root

      • backup.exe (PID: 6068)
      • 1 (313).exe (PID: 2284)

  • INFO

    • Checks supported languages

      • backup.exe (PID: 6068)
      • 1 (313).exe (PID: 2284)
      • backup.exe (PID: 5576)
      • backup.exe (PID: 6620)
      • backup.exe (PID: 7188)
      • backup.exe (PID: 7208)
      • backup.exe (PID: 7240)
      • backup.exe (PID: 7264)
      • backup.exe (PID: 7288)
      • backup.exe (PID: 7308)
      • backup.exe (PID: 7328)
      • backup.exe (PID: 7348)
      • backup.exe (PID: 7368)
      • backup.exe (PID: 7404)
      • backup.exe (PID: 7428)
      • backup.exe (PID: 7476)
      • backup.exe (PID: 7500)
      • backup.exe (PID: 7544)
      • backup.exe (PID: 7524)
      • backup.exe (PID: 7448)
      • backup.exe (PID: 7572)

    • The sample compiled with english language support

      • 1 (313).exe (PID: 2284)

    • Create files in a temporary directory

      • backup.exe (PID: 5576)
      • backup.exe (PID: 6068)
      • backup.exe (PID: 6620)
      • backup.exe (PID: 7188)
      • backup.exe (PID: 7240)
      • backup.exe (PID: 7288)
      • backup.exe (PID: 7308)
      • backup.exe (PID: 7328)
      • backup.exe (PID: 7208)
      • backup.exe (PID: 7348)
      • backup.exe (PID: 7368)
      • backup.exe (PID: 7428)
      • backup.exe (PID: 7404)
      • backup.exe (PID: 7448)
      • backup.exe (PID: 7500)
      • backup.exe (PID: 7544)
      • backup.exe (PID: 7524)
      • backup.exe (PID: 7572)
      • 1 (313).exe (PID: 2284)

    • Reads the computer name

      • backup.exe (PID: 7264)
      • backup.exe (PID: 7476)
      • 1 (313).exe (PID: 2284)

    • Reads the software policy settings

      • slui.exe (PID: 7748)

    • UPX packer has been detected

      • 1 (313).exe (PID: 2284)
      • backup.exe (PID: 6068)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Microsoft Visual Basic 6 (69.4)
.exe | Win64 Executable (generic) (23.3)
.exe | Win32 Executable (generic) (3.8)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2007:08:25 04:02:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 16384
InitializedDataSize: 24576
UninitializedDataSize: 65536
EntryPoint: 0x14b70
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.57
ProductVersionNumber: 1.0.0.57
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: SBC
ProductName: Microsoft Windows
FileVersion: 1.00.0057
ProductVersion: 1.00.0057
InternalName: musicvn
OriginalFileName: musicvn.exe
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
24
Malicious processes
19
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #DUCDUN 1 (313).exe #DUCDUN backup.exe no specs #DUCDUN backup.exe #DUCDUN backup.exe #DUCDUN backup.exe #DUCDUN backup.exe no specs #DUCDUN backup.exe no specs backup.exe no specs #DUCDUN backup.exe #DUCDUN backup.exe #DUCDUN backup.exe #DUCDUN backup.exe #DUCDUN backup.exe no specs #DUCDUN backup.exe #DUCDUN backup.exe no specs #DUCDUN backup.exe no specs backup.exe no specs #DUCDUN backup.exe no specs #DUCDUN backup.exe #DUCDUN backup.exe no specs #DUCDUN backup.exe no specs sppextcomobj.exe no specs slui.exe slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2284"C:\Users\admin\AppData\Local\Temp\1 (313).exe" C:\Users\admin\AppData\Local\Temp\1 (313).exe
explorer.exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\1 (313).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
5576C:\Users\admin\AppData\Local\Temp\acrobat_sbx\backup.exe C:\Users\admin\AppData\Local\Temp\acrobat_sbx\C:\Users\admin\AppData\Local\Temp\acrobat_sbx\backup.exe
1 (313).exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrobat_sbx\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
6068C:\Users\admin\AppData\Local\Temp\{9EE293E3-390D-48FF-A2D0-59F3E2EC8873}\backup.exe C:\Users\admin\AppData\Local\Temp\{9EE293E3-390D-48FF-A2D0-59F3E2EC8873}\C:\Users\admin\AppData\Local\Temp\{9EE293E3-390D-48FF-A2D0-59F3E2EC8873}\backup.exe
1 (313).exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\{9ee293e3-390d-48ff-a2d0-59f3e2ec8873}\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
6620C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\backup.exe C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\backup.exe
backup.exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrobat_sbx\adobe\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7188C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\backup.exe C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\backup.exe
backup.exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrobat_sbx\adobe\acrobat\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7208C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\backup.exe C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\C:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\backup.exe
backup.exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrobat_sbx\adobe\acrobat\dc\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7240C:\Users\admin\AppData\Local\Temp\acrobat_sbx\NGL\backup.exe C:\Users\admin\AppData\Local\Temp\acrobat_sbx\NGL\C:\Users\admin\AppData\Local\Temp\acrobat_sbx\NGL\backup.exe
backup.exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrobat_sbx\ngl\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7264C:\Users\admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\admin\AppData\Local\Temp\acrocef_low\C:\Users\admin\AppData\Local\Temp\acrocef_low\backup.exe1 (313).exe
User:
admin
Company:
SBC
Integrity Level:
LOW
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrocef_low\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7288C:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\backup.exe C:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\C:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\backup.exe
1 (313).exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrord32_super_sbx\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
7308C:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\Adobe\backup.exe C:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\Adobe\C:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\Adobe\backup.exe
backup.exe
User:
admin
Company:
SBC
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00.0057
Modules
Images
c:\users\admin\appdata\local\temp\acrord32_super_sbx\adobe\backup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
Total events
1 264
Read events
1 226
Write events
19
Delete events
19

Modification events

(PID) Process:(5576) backup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoFolderOptions
Value:
1
(PID) Process:(5576) backup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams
Operation:delete valueName:Settings
Value:
(PID) Process:(7188) backup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoFolderOptions
Value:
1
(PID) Process:(7188) backup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams
Operation:delete valueName:Settings
Value:
(PID) Process:(7240) backup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoFolderOptions
Value:
1
(PID) Process:(7240) backup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams
Operation:delete valueName:Settings
Value:
(PID) Process:(7288) backup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoFolderOptions
Value:
1
(PID) Process:(7288) backup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams
Operation:delete valueName:Settings
Value:
(PID) Process:(7308) backup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Operation:writeName:NoFolderOptions
Value:
1
(PID) Process:(7308) backup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams
Operation:delete valueName:Settings
Value:
Executable files
21
Suspicious files
24
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
5576backup.exeC:\Users\admin\AppData\Local\Temp\~DF6B9252E1AC399C06.TMPbinary
MD5:114A53DD789537A9D371272C602B1DD0
SHA256:3002232B264BA2D689757AFC3FE6FA42D0026EB8C64F21674B7EB8900A0049CE
6620backup.exeC:\Users\admin\AppData\Local\Temp\~DFCCD6D93393FE56D2.TMPbinary
MD5:AC5FF9226716C50122DD4A642BC0B7D6
SHA256:4AF68BE562F2B5DF56849F910757D20AE27ECE9ECEC7AFCD62E6F1283005E22A
6620backup.exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\backup.exeexecutable
MD5:1DB0D0F0BCC3E82DCA023A3B1E95D45F
SHA256:4738351D688C5BD24C2B4833C8747C19D5C793D506442E374C979E4B64B0400B
22841 (313).exeC:\Users\admin\AppData\Local\Temp\backup.exeexecutable
MD5:AC21EC39166C0B18353E4C368C1179A1
SHA256:512D548EAC50A3E52AB8F643A29434CA5612A95C598423F55FAC0B947E720B4A
5576backup.exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\NGL\backup.exeexecutable
MD5:1D828117F4ADFF13BFFCBDDBEEEAFF48
SHA256:14D6B3A3AB7A191D07A178919E4BD9E50543EAEE2447D17A183ABF2D158AABD0
7328backup.exeC:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\backup.exeexecutable
MD5:FEB98F8D6E0EB40D9960A9952E24A6AF
SHA256:72DB2B01F1A70BD8116FBDDDF6ED8F0930D2FCF32FB58340B37F4DAE2CFD4B31
22841 (313).exeC:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\backup.exeexecutable
MD5:036F1077AF91BAB78D9481C422E3CBE0
SHA256:A6C8581406C513A451283AD16681C507108418D39F8F8D59ABB90A3F2E4F4C6B
7348backup.exeC:\Users\admin\AppData\Local\Temp\~DF835B7312F43DBC65.TMPbinary
MD5:268173568014C25E0C52FCC2AECF508C
SHA256:5ECCE2643453D3DFBA09012B5F07AA404A6925CDDDF03D5208A7575D4F554495
22841 (313).exeC:\Users\admin\AppData\Local\Temp\{9EE293E3-390D-48FF-A2D0-59F3E2EC8873}\backup.exeexecutable
MD5:AC21EC39166C0B18353E4C368C1179A1
SHA256:512D548EAC50A3E52AB8F643A29434CA5612A95C598423F55FAC0B947E720B4A
7348backup.exeC:\Users\admin\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\backup.exeexecutable
MD5:C0F35453BCEFF6B88FC218EA4A27E889
SHA256:233737645C00F8342F0AD3E2AB3AEB3B2529A1F91420532C79404A4ECD55FB54
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
24
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
8176
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
1812
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1812
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6544
svchost.exe
40.126.31.128:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
3216
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
8176
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.238
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.166
  • 23.48.23.173
  • 23.48.23.158
  • 23.48.23.147
  • 23.48.23.143
  • 23.48.23.169
  • 23.48.23.141
  • 23.48.23.193
  • 23.48.23.176
whitelisted
login.live.com
  • 40.126.31.128
  • 40.126.31.71
  • 20.190.159.68
  • 20.190.159.2
  • 20.190.159.71
  • 40.126.31.3
  • 20.190.159.130
  • 40.126.31.0
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
1 (313)