File name:

$TXRAJNL.investigation

Full analysis: https://app.any.run/tasks/979386c8-708d-45a3-82df-2fc36e588a0e
Verdict: Malicious activity
Analysis date: February 24, 2026, 17:07:23
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/octet-stream
File info: data
MD5:

8B74C585CAD901E5E4F77269924F2AD1

SHA1:

80BD6652B299FB1A1EA3ADCF89DF7CD6C20D7F4D

SHA256:

FA0EC43DFDE36D248DAE8231F6851317DD774FB0DE74C35FBCAB1F97B3A7BA31

SSDEEP:

3:ue//PtllbTo+BYll:ue5sll

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Potential DLL hijacking behavior detected

      • SetupHost.exe (PID: 1856)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • MediaCreationTool_22H2EXE.exe (PID: 3048)
      • MediaCreationTool_22H2EXE.exe (PID: 3344)

    • Executable content was dropped or overwritten

      • MediaCreationTool_22H2EXE.exe (PID: 3344)

    • The process creates files with name similar to system file names

      • MediaCreationTool_22H2EXE.exe (PID: 3344)

  • INFO

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 8416)
      • OpenWith.exe (PID: 4136)
      • OpenWith.exe (PID: 2448)

    • Reads security settings of Internet Explorer

      • OpenWith.exe (PID: 2448)
      • notepad.exe (PID: 8980)
      • notepad.exe (PID: 8544)
      • OpenWith.exe (PID: 4136)
      • notepad.exe (PID: 6236)
      • OpenWith.exe (PID: 8416)

    • Launches file with unassociated extension

      • OpenWith.exe (PID: 4136)

    • Checks proxy server information

      • slui.exe (PID: 3404)
      • SetupHost.exe (PID: 1856)

    • Checks supported languages

      • MediaCreationTool_22H2EXE.exe (PID: 3344)
      • SetupHost.exe (PID: 1856)

    • Reads the computer name

      • MediaCreationTool_22H2EXE.exe (PID: 3344)
      • SetupHost.exe (PID: 1856)

    • Manual execution by a user

      • MediaCreationTool_22H2EXE.exe (PID: 3048)
      • MediaCreationTool_22H2EXE.exe (PID: 3344)

    • The sample compiled with english language support

      • MediaCreationTool_22H2EXE.exe (PID: 3344)

    • The sample compiled with arabic language support

      • MediaCreationTool_22H2EXE.exe (PID: 3344)

    • The sample compiled with chinese language support

      • MediaCreationTool_22H2EXE.exe (PID: 3344)

    • Reads Environment values

      • SetupHost.exe (PID: 1856)

    • Process checks computer location settings

      • SetupHost.exe (PID: 1856)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
11
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start openwith.exe no specs notepad.exe no specs slui.exe openwith.exe no specs notepad.exe no specs openwith.exe no specs notepad.exe no specs mediacreationtool_22h2exe.exe no specs mediacreationtool_22h2exe.exe setuphost.exe vdsldr.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1856"C:\$Windows.~WS\Sources\SetupHost.Exe" /Download /Web C:\$Windows.~WS\Sources\SetupHost.exe
MediaCreationTool_22H2EXE.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Modern Setup Host
Version:
10.0.19041.572 (vb_release_svc_prod1.201007-1724)
Modules
Images
c:\$windows.~ws\sources\setuphost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1908C:\WINDOWS\System32\vdsldr.exe -EmbeddingC:\Windows\System32\vdsldr.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Virtual Disk Service Loader
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vdsldr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2448C:\WINDOWS\system32\OpenWith.exe -EmbeddingC:\Windows\System32\OpenWith.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3048"C:\Users\admin\Desktop\MediaCreationTool_22H2EXE.exe" C:\Users\admin\Desktop\MediaCreationTool_22H2EXE.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows 10 Setup
Exit code:
3221226540
Version:
10.0.19041.572 (vb_release_svc_prod1.201007-1724)
Modules
Images
c:\users\admin\desktop\mediacreationtool_22h2exe.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
3344"C:\Users\admin\Desktop\MediaCreationTool_22H2EXE.exe" C:\Users\admin\Desktop\MediaCreationTool_22H2EXE.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows 10 Setup
Version:
10.0.19041.572 (vb_release_svc_prod1.201007-1724)
Modules
Images
c:\users\admin\desktop\mediacreationtool_22h2exe.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3404C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4136"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\$TXRAJNL.investigationC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6236"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\MediaCreationTool_22H2EXE.investigationC:\Windows\System32\notepad.exeOpenWith.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
8416C:\WINDOWS\system32\OpenWith.exe -EmbeddingC:\Windows\System32\OpenWith.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
8544"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\WPSettings.datC:\Windows\System32\notepad.exeOpenWith.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
Total events
7 633
Read events
7 595
Write events
36
Delete events
2

Modification events

(PID) Process:(2448) OpenWith.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.investigation\OpenWithList
Operation:writeName:MRUList
Value:
ab
(PID) Process:(2448) OpenWith.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.investigation\OpenWithProgids
Operation:writeName:investigation_auto_file
Value:
(PID) Process:(2448) OpenWith.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
139
(PID) Process:(2448) OpenWith.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.investigation\UserChoice
Operation:writeName:ProgId
Value:
Applications\NOTEPAD.EXE
(PID) Process:(2448) OpenWith.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.investigation\UserChoice
Operation:writeName:Hash
Value:
1eq+RkBwQSc=
(PID) Process:(3344) MediaCreationTool_22H2EXE.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup\Volatile
Operation:delete keyName:(default)
Value:
(PID) Process:(3344) MediaCreationTool_22H2EXE.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup
Operation:delete valueName:CorrelationVector
Value:
IYXEGxww/0WC95lB.37
(PID) Process:(1856) SetupHost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup
Operation:writeName:CorrelationVector
Value:
MKoS74WSU0WhgiYM.0
(PID) Process:(1856) SetupHost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup\Volatile
Operation:writeName:InstallTicks
Value:
0
(PID) Process:(1856) SetupHost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OneSettings\WSD\Setup360
Operation:writeName:ETag
Value:
2149:66A2A386
Executable files
19
Suspicious files
1
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
3344MediaCreationTool_22H2EXE.exeC:\$Windows.~WS\Sources\DU.dllexecutable
MD5:7727A405C9878C2FE052922C1F965384
SHA256:4912ABC0A250DFAF63A48E4165E94AB701505F14BCC7A1464D5588FA2D434564
3344MediaCreationTool_22H2EXE.exeC:\$Windows.~WS\Sources\setupplatform.dllexecutable
MD5:0DB2EB7B159D7289DFBDF3CA29D44704
SHA256:CBEEC25C578F4E8EAE81BB8829C3B7BC81648DA6F63EEB4A606B9A66660D6D91
3344MediaCreationTool_22H2EXE.exeC:\$Windows.~WS\Sources\DiagTrack.dllexecutable
MD5:6C3F6A6BC5EDE978E9DFE1ACCE386339
SHA256:B55D66F2943F1C63EA9B39DAE88AA2A4F91775CEFFFEFD263BD302866A7BD91C
3344MediaCreationTool_22H2EXE.exeC:\$Windows.~WS\Sources\setupplatform.cfgtext
MD5:033E7ADC314C248CC29A9F14906C21E5
SHA256:C40FDDBB16853406D12D30E01E170DE8474728BB8EC24794DB721DE0A7F67927
3344MediaCreationTool_22H2EXE.exeC:\$Windows.~WS\Sources\DiagTrackRunner.exeexecutable
MD5:76F30A1E149792D2542A253B920CBEF6
SHA256:488CBC8330952DD13B797BB40E4E30610ED03483C25919C39555F7B334A3C159
3344MediaCreationTool_22H2EXE.exeC:\$Windows.~WS\Sources\wdsclientapi.dllexecutable
MD5:C8622591EA490127898FF612C4D0FCE8
SHA256:00436605B013E26F39B3FF6AAB1E5577FE6E4950C4C803D534D0BBD912B3F7E0
3344MediaCreationTool_22H2EXE.exeC:\$Windows.~WS\Sources\SetupCore.dllexecutable
MD5:55A4344E76136460BE2C8547C38567B4
SHA256:A9AC64EC515D04589DFC38B25D68D01F281BBB794D0DF9EC4205FE473703AEF5
3344MediaCreationTool_22H2EXE.exeC:\$Windows.~WS\Sources\wdscore.dllexecutable
MD5:07F3FAC5518C90B22DFB9778EA280D0A
SHA256:65467BF1FBF10C2A399FE532B780F3604FDA5B00DB8319787CB6867BEDE4B90E
3344MediaCreationTool_22H2EXE.exeC:\$Windows.~WS\Sources\wdsimage.dllexecutable
MD5:B5D99819CB865C4DA4EBE8880F5ADA7E
SHA256:4ED57014301E91B0504E0C2A62F4EE969CCF4C179DE9788D1307DBC71186D543
3344MediaCreationTool_22H2EXE.exeC:\$Windows.~WS\Sources\Diager.dllexecutable
MD5:4396BDD1707419909F04A92184AD1317
SHA256:AE0F8123D3EF8801961211D7D71780BEE76C418EBC8C6893B385D5FABA6BB68F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
34
TCP/UDP connections
31
DNS requests
25
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
51.124.78.146:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
US
whitelisted
3004
svchost.exe
GET
304
51.124.78.146:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
2912
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
2912
SIHClient.exe
GET
200
135.233.95.135:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
2912
SIHClient.exe
GET
200
135.233.95.144:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
2912
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
3004
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
356
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
356
svchost.exe
POST
200
40.126.31.130:443
https://login.live.com/RST2.srf
US
xml
10.3 Kb
whitelisted
1856
SetupHost.exe
HEAD
302
88.221.169.205:443
https://go.microsoft.com/fwlink/?LinkId=841361
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
3004
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7244
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3412
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
356
svchost.exe
40.126.31.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
356
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
3004
svchost.exe
2.16.164.98:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
3004
svchost.exe
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
whitelisted
self.events.data.microsoft.com
  • 20.52.64.200
  • 20.189.173.16
whitelisted
google.com
  • 172.217.16.206
whitelisted
client.wns.windows.com
  • 172.211.123.249
  • 172.211.123.248
whitelisted
login.live.com
  • 40.126.31.130
  • 20.190.159.73
  • 40.126.31.71
  • 20.190.159.68
  • 20.190.159.4
  • 40.126.31.0
  • 40.126.31.67
  • 20.190.159.64
  • 20.190.159.0
  • 20.190.159.71
  • 20.190.159.129
  • 20.190.159.2
  • 40.126.31.131
  • 20.190.159.75
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
crl.microsoft.com
  • 2.16.164.98
  • 2.16.164.9
  • 2.16.164.73
  • 2.16.164.81
  • 2.16.164.120
  • 2.16.164.66
  • 2.16.164.91
  • 2.16.164.104
  • 2.16.164.129
  • 2.16.164.51
  • 2.16.164.33
  • 2.16.164.112
whitelisted
www.microsoft.com
  • 23.59.18.102
whitelisted
slscr.update.microsoft.com
  • 135.233.95.144
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 135.233.95.135
whitelisted

Threats

PID
Process
Class
Message
3004
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
$TXRAJNL.investigation