analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1)

Full analysis: https://app.any.run/tasks/bcc1f464-a4a0-464d-8a85-58e6779d0935
Verdict: Malicious activity
Analysis date: August 19, 2024, 10:49:27
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

FBC16CEDEB1C77234171BE5290ED06B0

SHA1:

51CA56AA40E042439D121C932CBB2AB20EEEEAC2

SHA256:

01ACCF1B08E5349309A6D2CA074CA376D55BE3A79E573FEB051243F7332640E0

SSDEEP:

98304:SrqpPiR0LJI03XMAEbV6ggvpot5hOKZhlmi3WYll6+rS3bqij5ELAdEYDMaQ9+S0:PS6dtYOGG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Known privilege escalation attack

      • dllhost.exe (PID: 6564)

    • Creates or modifies Windows services

      • winver.exe (PID: 7132)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exe (PID: 6640)
      • BNZY1O1PB.exe (PID: 6664)
      • 3dsystem.exe (PID: 6864)
      • winver.exe (PID: 7132)

    • Drops the executable file immediately after the start

      • 01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exe (PID: 6640)
      • BNZY1O1PB.exe (PID: 6664)
      • 3dsystem.exe (PID: 6864)

    • Executes application which crashes

      • 01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exe (PID: 6640)

    • Creates file in the systems drive root

      • explorer.exe (PID: 6696)

    • The process creates files with name similar to system file names

      • BNZY1O1PB.exe (PID: 6664)

    • Executes as Windows Service

      • DirectX.exe (PID: 7068)

    • Connects to unusual port

      • BNZY1O1PB.exe (PID: 6664)
      • 3dsystem.exe (PID: 6864)
      • iexplore.exe (PID: 5152)
      • winver.exe (PID: 7132)

  • INFO

    • Checks supported languages

      • 01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exe (PID: 6640)
      • BNZY1O1PB.exe (PID: 6664)
      • 3dsystem.exe (PID: 6864)
      • DirectX.exe (PID: 6896)
      • iexplore.exe (PID: 5152)
      • DirectX.exe (PID: 7068)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 6696)
      • dllhost.exe (PID: 6564)

    • Reads the computer name

      • 01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exe (PID: 6640)
      • BNZY1O1PB.exe (PID: 6664)
      • DirectX.exe (PID: 6896)
      • 3dsystem.exe (PID: 6864)
      • DirectX.exe (PID: 7068)
      • iexplore.exe (PID: 5152)

    • Reads the machine GUID from the registry

      • BNZY1O1PB.exe (PID: 6664)
      • 3dsystem.exe (PID: 6864)

    • Creates files in the program directory

      • 3dsystem.exe (PID: 6864)
      • winver.exe (PID: 7132)

    • Checks proxy server information

      • WerFault.exe (PID: 6676)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 6676)

    • Reads the software policy settings

      • WerFault.exe (PID: 6676)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

ProductVersion: 2.0.1.1031
ProductName: 看图
OriginalFileName: 360AblumViewer.exe
LegalCopyright: (C) 360.cn Inc., All Rights Reserved.
InternalName: 360AblumViewer
FileVersion: 2.0.1.1031
FileDescription: 看图
CompanyName: 360.cn
CharacterSet: Unicode
LanguageCode: English (U.S.)
FileSubtype: -
ObjectFileType: Dynamic link library
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 2.0.1.1031
FileVersionNumber: 2.0.1.1031
Subsystem: Windows GUI
SubsystemVersion: 5.1
ImageVersion: -
OSVersion: 5.1
EntryPoint: 0x152ea3
UninitializedDataSize: -
InitializedDataSize: 705536
CodeSize: 2303488
LinkerVersion: 14.16
PEType: PE32
ImageFileCharacteristics: Executable, Large address aware, 32-bit
TimeStamp: 2021:11:11 03:37:53+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
141
Monitored processes
12
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start 01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exe explorer.exe no specs explorer.exe no specs rundll32.exe no specs werfault.exe bnzy1o1pb.exe CMSTPLUA 3dsystem.exe directx.exe no specs directx.exe no specs iexplore.exe winver.exe

Process information

PID
CMD
Path
Indicators
Parent process
6640"C:\Users\admin\Desktop\01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exe" C:\Users\admin\Desktop\01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exe
explorer.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
看图
Exit code:
3221225477
Version:
2.0.1.1031
Modules
Images
c:\users\admin\desktop\01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6664explorer.exe C:\Users\admin\3389\C:\Windows\SysWOW64\explorer.exe01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcp_win.dll
6696C:\WINDOWS\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -EmbeddingC:\Windows\explorer.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\twinapi.dll
6800C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
6676C:\WINDOWS\SysWOW64\WerFault.exe -u -p 6640 -s 900C:\Windows\SysWOW64\WerFault.exe
01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
6664"C:\Users\admin\3389\BNZY1O1PB.exe" /f at.dllC:\Users\admin\3389\BNZY1O1PB.exe
explorer.exe
User:
admin
Company:
深圳市迅雷网络技术有限公司
Integrity Level:
MEDIUM
Description:
迅雷游戏
Exit code:
0
Version:
1.0.0.32
Modules
Images
c:\users\admin\3389\bnzy1o1pb.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6564C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}C:\Windows\SysWOW64\dllhost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ucrtbase.dll
c:\windows\syswow64\combase.dll
6864"C:\Users\admin\3389\3dsystem.exe" /f at.dllC:\Users\admin\3389\3dsystem.exe
dllhost.exe
User:
admin
Company:
深圳市迅雷网络技术有限公司
Integrity Level:
HIGH
Description:
迅雷游戏
Exit code:
0
Version:
1.0.0.32
Modules
Images
c:\users\admin\3389\3dsystem.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6896"C:\Program Files\Thunder\DirectX.exe" /f at.dllC:\Program Files\Thunder\DirectX.exedllhost.exe
User:
admin
Company:
深圳市迅雷网络技术有限公司
Integrity Level:
HIGH
Description:
迅雷游戏
Exit code:
0
Version:
1.0.0.32
Modules
Images
c:\program files\thunder\directx.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7068"C:\Program Files\Thunder\DirectX.exe" /f at.dllC:\Program Files\Thunder\DirectX.exeservices.exe
User:
SYSTEM
Company:
深圳市迅雷网络技术有限公司
Integrity Level:
SYSTEM
Description:
迅雷游戏
Exit code:
0
Version:
1.0.0.32
Modules
Images
c:\program files\thunder\directx.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
Total events
26 611
Read events
26 560
Write events
50
Delete events
1

Modification events

(PID) Process:(6696) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(6696) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
0400000000000000030000000E0000000F0000000C0000000D0000000B000000050000000A000000090000000800000001000000070000000600000002000000FFFFFFFF
(PID) Process:(6696) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0
Operation:writeName:MRUListEx
Value:
0400000006000000010000000500000008000000020000000C0000000B0000000A00000009000000070000000000000003000000FFFFFFFF
(PID) Process:(6696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Operation:writeName:Locked
Value:
1
(PID) Process:(6696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Ribbon
Operation:writeName:MinimizedStateTabletModeOff
Value:
0
(PID) Process:(6696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Ribbon
Operation:writeName:QatItems
Value:
3C7369713A637573746F6D554920786D6C6E733A7369713D22687474703A2F2F736368656D61732E6D6963726F736F66742E636F6D2F77696E646F77732F323030392F726962626F6E2F716174223E3C7369713A726962626F6E206D696E696D697A65643D2266616C7365223E3C7369713A71617420706F736974696F6E3D2230223E3C7369713A736861726564436F6E74726F6C733E3C7369713A636F6E74726F6C206964513D227369713A3136313238222076697369626C653D2266616C73652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3136313239222076697369626C653D2266616C73652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3132333532222076697369626C653D2266616C73652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3132333834222076697369626C653D22747275652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3132333336222076697369626C653D22747275652220617267756D656E743D223022202F3E3C7369713A636F6E74726F6C206964513D227369713A3132333537222076697369626C653D2266616C73652220617267756D656E743D223022202F3E3C2F7369713A736861726564436F6E74726F6C733E3C2F7369713A7161743E3C2F7369713A726962626F6E3E3C2F7369713A637573746F6D55493E
(PID) Process:(6696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser
Operation:writeName:ITBar7Layout
Value:
13000000000000000000000020000000100000000000000001000000010700005E01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6696) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\4\0
Operation:writeName:2
Value:
4E003100000000001359325612003333383900003A0009000400EFBE13593256135932562E0000007526000000000D0000000000000000000000000000008ECC28013300330038003900000014000000
(PID) Process:(6696) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\4\0\2
Operation:delete valueName:MRUList
Value:
(PID) Process:(6696) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\0\4\0
Operation:writeName:MRUListEx
Value:
020000000000000001000000FFFFFFFF
Executable files
8
Suspicious files
7
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
6676WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_01accf1b08e53493_3d1073a7edcf31aba9a4a09577f2eccaa7f664_ace953fe_be366de8-350b-4b78-95df-77090c4fbb82\Report.wer
MD5:
SHA256:
664001accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exeC:\Users\admin\3389\BNZY1O1PB.exeexecutable
MD5:BA7BA700C39C576330F18819E075D6BE
SHA256:13675A7BC3274837F9E53C192646180B98B57AC9CDC675FC67C2CF2BF14DF053
68643dsystem.exeC:\Program Files\Thunder\at.dllbinary
MD5:4D203806F4AE0355B490BA538794A686
SHA256:5DAF973EB400FC29AE151AEF633DED1097C9F30575DB222879D903A9BE5C1D61
6664BNZY1O1PB.exeC:\Users\admin\3389\3dsystem.exeexecutable
MD5:BA7BA700C39C576330F18819E075D6BE
SHA256:13675A7BC3274837F9E53C192646180B98B57AC9CDC675FC67C2CF2BF14DF053
68643dsystem.exeC:\Windows\SysWOW64\DirectX.exeexecutable
MD5:BA7BA700C39C576330F18819E075D6BE
SHA256:13675A7BC3274837F9E53C192646180B98B57AC9CDC675FC67C2CF2BF14DF053
68643dsystem.exeC:\Windows\SysWOW64\at.dllbinary
MD5:4D203806F4AE0355B490BA538794A686
SHA256:5DAF973EB400FC29AE151AEF633DED1097C9F30575DB222879D903A9BE5C1D61
6676WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC7FC.tmp.WERInternalMetadata.xmlxml
MD5:B15534D77B6695BC2A084223FBCB7E8A
SHA256:3F7E11BF4FA90DFA812C30AB31AD7A212213C687FC6D6E534B6F48ECFB7F46C7
664001accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exeC:\Users\admin\3389\at.dllbinary
MD5:4D203806F4AE0355B490BA538794A686
SHA256:5DAF973EB400FC29AE151AEF633DED1097C9F30575DB222879D903A9BE5C1D61
664001accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1).exeC:\Users\admin\3389\libexpat.dllexecutable
MD5:3C6D7543F7DA78D10F33DB5CECF99F63
SHA256:21E45345242F87FB1889919ED47DA370FFA72907126C5FE4C54B3476B8ACAC51
68643dsystem.exeC:\Program Files\Thunder\libexpat.dllexecutable
MD5:3C6D7543F7DA78D10F33DB5CECF99F63
SHA256:21E45345242F87FB1889919ED47DA370FFA72907126C5FE4C54B3476B8ACAC51
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
37
DNS requests
9
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1432
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
188
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1432
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4324
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3888
svchost.exe
239.255.255.250:1900
whitelisted
6664
BNZY1O1PB.exe
185.135.73.29:5000
Gigabit Hosting Sdn Bhd
HK
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.238
whitelisted
watson.events.data.microsoft.com
  • 52.168.117.173
whitelisted
abc.masktable.com
  • 38.147.172.126
unknown
dns.msftncsi.com
  • 131.107.255.255
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
01accf1b08e5349309a6d2ca074ca376d55be3a79e573feb051243f7332640e0 (1)