File name:

ultrafileopener_setup.exe

Full analysis: https://app.any.run/tasks/401c65f9-aeea-46ba-8c1c-4742260b96ca
Verdict: Malicious activity
Analysis date: April 22, 2025, 21:19:07
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

C19E7C2F7FFE2EB6CB5B6E7FFE4915AB

SHA1:

4F9B6A5D2F9F645E7CD403306D187DC2DA071ECE

SHA256:

DBAFA9901DA02D926A3EFC388040EDBF33F4D47348C473092B796D87CBFCA6CD

SSDEEP:

196608:nakPzxaWCaPTzsVUcTNeHW3xlg2Wg6PUP+pWNRRF2:naktGGz0U2r6g6cPUWNRR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • ultrafileopener_setup.exe (PID: 7736)
      • ufo.exe (PID: 8052)
      • ufo.exe (PID: 8080)
      • programmanagementconsole_setup.exe (PID: 8168)
      • ccmanagementservice.exe (PID: 7232)
      • pmc.exe (PID: 2316)
      • pmc.exe (PID: 5404)
      • ufo.exe (PID: 2320)
      • filextmgr.exe (PID: 8108)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • ultrafileopener_setup.exe (PID: 7852)
      • programmanagementconsole_setup.exe (PID: 8168)
      • gs922w32.exe (PID: 7308)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • ultrafileopener_setup.exe (PID: 7852)
      • programmanagementconsole_setup.exe (PID: 8168)
      • gs922w32.exe (PID: 7308)

    • Executable content was dropped or overwritten

      • ultrafileopener_setup.exe (PID: 7852)
      • programmanagementconsole_setup.exe (PID: 8168)
      • gs922w32.exe (PID: 7308)

    • Creates a software uninstall entry

      • ultrafileopener_setup.exe (PID: 7852)
      • gs922w32.exe (PID: 7308)

    • There is functionality for taking screenshot (YARA)

      • ultrafileopener_setup.exe (PID: 7852)
      • ccmanagementservice.exe (PID: 7232)

    • The process drops C-runtime libraries

      • programmanagementconsole_setup.exe (PID: 8168)
      • ultrafileopener_setup.exe (PID: 7852)

    • Executes as Windows Service

      • ccmanagementservice.exe (PID: 7232)

    • Process drops legitimate windows executable

      • programmanagementconsole_setup.exe (PID: 8168)
      • ultrafileopener_setup.exe (PID: 7852)

    • Reads security settings of Internet Explorer

      • programmanagementconsole_setup.exe (PID: 8168)
      • ultrafileopener_setup.exe (PID: 7852)
      • ufo.exe (PID: 2320)

    • Reads Microsoft Outlook installation path

      • ufo.exe (PID: 2320)

    • Reads Internet Explorer settings

      • ufo.exe (PID: 2320)

    • Changes default file association

      • filextmgr.exe (PID: 8108)

  • INFO

    • The sample compiled with english language support

      • ultrafileopener_setup.exe (PID: 7852)
      • programmanagementconsole_setup.exe (PID: 8168)

    • Create files in a temporary directory

      • ultrafileopener_setup.exe (PID: 7852)
      • programmanagementconsole_setup.exe (PID: 8168)
      • gs922w32.exe (PID: 7308)

    • Reads the computer name

      • ultrafileopener_setup.exe (PID: 7852)
      • pmc.exe (PID: 5404)
      • ccmanagementservice.exe (PID: 7232)
      • programmanagementconsole_setup.exe (PID: 8168)
      • gs922w32.exe (PID: 7308)
      • ufo.exe (PID: 2320)
      • identity_helper.exe (PID: 3176)

    • Checks supported languages

      • ultrafileopener_setup.exe (PID: 7852)
      • ufo.exe (PID: 8052)
      • filextmgr.exe (PID: 8108)
      • programmanagementconsole_setup.exe (PID: 8168)
      • pmc.exe (PID: 5404)
      • pmc.exe (PID: 2316)
      • gs922w32.exe (PID: 7308)
      • ccmanagementservice.exe (PID: 7232)
      • identity_helper.exe (PID: 3176)
      • ufo.exe (PID: 2320)
      • ufo.exe (PID: 8080)

    • Creates files or folders in the user directory

      • ultrafileopener_setup.exe (PID: 7852)
      • ufo.exe (PID: 8052)
      • programmanagementconsole_setup.exe (PID: 8168)
      • ccmanagementservice.exe (PID: 7232)
      • pmc.exe (PID: 5404)
      • ufo.exe (PID: 2320)

    • Checks proxy server information

      • programmanagementconsole_setup.exe (PID: 8168)
      • ultrafileopener_setup.exe (PID: 7852)
      • ufo.exe (PID: 2320)
      • slui.exe (PID: 3884)

    • Creates files in the program directory

      • gs922w32.exe (PID: 7308)

    • Application launched itself

      • msedge.exe (PID: 5112)

    • Reads Environment values

      • identity_helper.exe (PID: 3176)

    • Manual execution by a user

      • msedge.exe (PID: 5112)
      • msedge.exe (PID: 4068)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:03 20:18:53+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 24064
InitializedDataSize: 118784
UninitializedDataSize: 1024
EntryPoint: 0x322b
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.7.3.140
ProductVersionNumber: 5.7.3.140
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
Comments: setup
CompanyName: CompuClever Systems Inc.
FileDescription: -
FileVersion: 5.7.3.140
InternalName: CompuClever Systems Inc. Ultra File Opener
LegalCopyright: CompuClever Systems Inc.
LegalTrademarks: -
OriginalFileName: ultrafileopener_setup.exe
ProductName: Ultra File Opener
ProductVersion: 5.7.3.140
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
181
Monitored processes
46
Malicious processes
6
Suspicious processes
5

Behavior graph

Click at the process to see the details
start ultrafileopener_setup.exe ufo.exe no specs ufo.exe no specs filextmgr.exe no specs programmanagementconsole_setup.exe pmc.exe no specs ccmanagementservice.exe no specs pmc.exe no specs gs922w32.exe ufo.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs ultrafileopener_setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
496"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5620 --field-trial-handle=2384,i,3855518800191523778,10990343835209945421,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
976"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6004 --field-trial-handle=2384,i,3855518800191523778,10990343835209945421,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
1188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=2384,i,3855518800191523778,10990343835209945421,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1852"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2384,i,3855518800191523778,10990343835209945421,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2092"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4984 --field-trial-handle=2384,i,3855518800191523778,10990343835209945421,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2236"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6428 --field-trial-handle=2384,i,3855518800191523778,10990343835209945421,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2316"C:\Users\admin\AppData\Local\CompuClever\Program Management Console\pmc.exe" /createuserguidC:\Users\admin\AppData\Local\CompuClever\Program Management Console\pmc.exeprogrammanagementconsole_setup.exe
User:
admin
Company:
CompuClever Systems Inc.
Integrity Level:
HIGH
Description:
Program Management Console
Exit code:
0
Version:
3.6.3.66
Modules
Images
c:\users\admin\appdata\local\compuclever\program management console\pmc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2320"C:\Users\admin\AppData\Local\CompuClever\Ultra File Opener\ufo.exe"C:\Users\admin\AppData\Local\CompuClever\Ultra File Opener\ufo.exe
ultrafileopener_setup.exe
User:
admin
Company:
CompuClever Systems Inc
Integrity Level:
HIGH
Description:
Ultra File Opener
Version:
5.7.3.140
Modules
Images
c:\users\admin\appdata\local\compuclever\ultra file opener\ufo.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6104 --field-trial-handle=2384,i,3855518800191523778,10990343835209945421,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2800"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6440 --field-trial-handle=2384,i,3855518800191523778,10990343835209945421,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
7 322
Read events
6 873
Write events
448
Delete events
1

Modification events

(PID) Process:(8052) ufo.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ultra File Opener\Capabilities\FileAssociations
Operation:writeName:.mpg
Value:
CompuClever Ultra File Opener
(PID) Process:(8052) ufo.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ultra File Opener\Capabilities\FileAssociations
Operation:writeName:.viv
Value:
CompuClever Ultra File Opener
(PID) Process:(8052) ufo.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ultra File Opener\Capabilities\FileAssociations
Operation:writeName:.p64
Value:
CompuClever Ultra File Opener
(PID) Process:(8052) ufo.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ultra File Opener\Capabilities\FileAssociations
Operation:writeName:.261
Value:
CompuClever Ultra File Opener
(PID) Process:(8080) ufo.exeKey:HKEY_CURRENT_USER\SOFTWARE\Compuclever\Preference
Operation:writeName:.ithmb
Value:
(PID) Process:(8080) ufo.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ithmb\OpenWithProgids
Operation:writeName:Ultra File Opener
Value:
(PID) Process:(8080) ufo.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ithmb\UserChoice
Operation:writeName:Progid
Value:
Ultra File Opener
(PID) Process:(8080) ufo.exeKey:HKEY_CURRENT_USER\SOFTWARE\Compuclever\Preference
Operation:writeName:.bluebutton
Value:
(PID) Process:(8080) ufo.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bluebutton\OpenWithProgids
Operation:writeName:Ultra File Opener
Value:
(PID) Process:(8080) ufo.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bluebutton\UserChoice
Operation:writeName:Progid
Value:
Ultra File Opener
Executable files
173
Suspicious files
174
Text files
393
Unknown types
0

Dropped files

PID
Process
Filename
Type
7852ultrafileopener_setup.exeC:\Users\admin\AppData\Local\Temp\nsiBEFE.tmp\SightOfUser.dllexecutable
MD5:D36158FA9D7C23B23D2326A0B892F710
SHA256:1ED2A029B05113B38954C9C0E2EECAE33A89752A9263FDF7924DFE11AAACF715
7852ultrafileopener_setup.exeC:\Users\admin\AppData\Local\CompuClever\Ultra File Opener\ufo.exeexecutable
MD5:1288DFBA688B3DDDC699290C64D9120A
SHA256:971E494F7DCC1C3421E363BC8119AF978A1B99D3451F361A9DFB7E32EB6CE5F0
7852ultrafileopener_setup.exeC:\Users\admin\AppData\Local\Temp\nsiBEFE.tmp\Intel-Software-Partner-Logo-60.bmpimage
MD5:5C2E2FADD3A3C8A496C48FC9822AA724
SHA256:E1437D495D8CC27735A6B38E4A551D96128D72987275E20AE54298DF069BF534
7852ultrafileopener_setup.exeC:\Users\admin\AppData\Local\CompuClever\Ultra File Opener\CC_MOD_GMWTL.dllexecutable
MD5:7F8F3C7B35B3E073258482E76263D0DC
SHA256:AC80E812F2E55C8523907657D0513CAEBA15D7CA6947E12F43EA7C6C43985B67
7852ultrafileopener_setup.exeC:\Users\admin\AppData\Local\CompuClever\Ultra File Opener\CORE_RL_Magick++_.dllexecutable
MD5:03A9653A6D63E443FA8CD3887A971951
SHA256:7AD88A8C9610E83A141598B1DA3FD12594DDF21C21D48E66AD9635911607718F
7852ultrafileopener_setup.exeC:\Users\admin\AppData\Local\CompuClever\Ultra File Opener\7z.dllexecutable
MD5:082ED4C9B8F8EA63026CA31D25B1BD03
SHA256:DA84E8224B27FB58E525B0CCB00AE3755DB2FF75C6AF5276C2C68ACAD01302F1
7852ultrafileopener_setup.exeC:\Users\admin\AppData\Local\CompuClever\Ultra File Opener\CC_MOD_PE.dllexecutable
MD5:E5191AE17971ED3FFD822C3BE68A6AD9
SHA256:1F1261D54CA8B3E977E374F70F257405800037DB69C15ACA7672CD128ED38CE1
7852ultrafileopener_setup.exeC:\Users\admin\AppData\Local\CompuClever\Ultra File Opener\CORE_RL_jbig_.dllexecutable
MD5:0D511B5214CC1FFC57D5B32C653394DF
SHA256:1D9E5320F0E93DABA2DD5B92233ECB5175D4B0F475155FA213A683612B8C123C
7852ultrafileopener_setup.exeC:\Users\admin\AppData\Local\CompuClever\Ultra File Opener\CC_MOD_7ZIP.dllexecutable
MD5:A0464033CF5E53F6C605489DB16B5AAF
SHA256:770908B6A77359980ECB8A90A0047CD8322D39B58A5856F136F8BC875259CB59
7852ultrafileopener_setup.exeC:\Users\admin\AppData\Local\Temp\nsiBEFE.tmp\nsDialogs.dllexecutable
MD5:70D4C5F9ACC5DDF934B73FA311ADE7D8
SHA256:02869B76936E3C3102BB36E34B41BC989770BF81DCA09F31C561BB6BE52285EE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
69
DNS requests
72
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.164:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
8168
programmanagementconsole_setup.exe
POST
200
50.17.213.191:80
http://s.compuclever.com/trackFromService.php
unknown
malicious
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7852
ultrafileopener_setup.exe
POST
200
50.17.213.191:80
http://s.compuclever.com/trackFromService.php
unknown
malicious
2320
ufo.exe
GET
200
50.17.213.191:80
http://update.compuclever.com/ultrafileopener/ad/1.1.2.xml
unknown
unknown
2392
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2392
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3396
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5d32607d-eea9-44fc-ac55-77800b9862a5?P1=1745626152&P2=404&P3=2&P4=nOeHEquwqeDvgj6Bx5KSzsYDFLrz5G1T2T%2fnANt8pEFzLLetgPEs2ClE5GeUgxsyQE0DzEdKdvN5Y8e6SdXY4w%3d%3d
unknown
whitelisted
3396
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5d32607d-eea9-44fc-ac55-77800b9862a5?P1=1745626152&P2=404&P3=2&P4=nOeHEquwqeDvgj6Bx5KSzsYDFLrz5G1T2T%2fnANt8pEFzLLetgPEs2ClE5GeUgxsyQE0DzEdKdvN5Y8e6SdXY4w%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
23.48.23.164:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
8168
programmanagementconsole_setup.exe
50.17.213.191:80
s.compuclever.com
AMAZON-AES
US
malicious

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.48.23.164
  • 23.48.23.161
  • 23.48.23.146
  • 23.48.23.160
  • 23.48.23.150
  • 23.48.23.157
  • 23.48.23.155
  • 23.48.23.162
  • 23.48.23.159
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.78
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 40.126.32.140
  • 40.126.32.68
  • 20.190.160.64
  • 20.190.160.20
  • 20.190.160.17
  • 20.190.160.3
  • 20.190.160.132
  • 20.190.160.2
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
s.compuclever.com
  • 50.17.213.191
malicious
update.compuclever.com
  • 50.17.213.191
unknown
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted

Threats

PID
Process
Class
Message
8168
programmanagementconsole_setup.exe
A Network Trojan was detected
ET USER_AGENTS Suspicious User-Agent (Session) - Possible Trojan-Clicker
7852
ultrafileopener_setup.exe
A Network Trojan was detected
ET USER_AGENTS Suspicious User-Agent (Session) - Possible Trojan-Clicker
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ultrafileopener_setup.exe