File name:

000.exe

Full analysis: https://app.any.run/tasks/c308c6b5-77dd-4b2f-9b8f-499086568e21
Verdict: Malicious activity
Analysis date: January 17, 2025, 14:23:40
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
darkroad
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

D5671758956B39E048680B6A8275E96A

SHA1:

33C341130BF9C93311001A6284692C86FEC200EF

SHA256:

4A900B344EF765A66F98CF39AC06273D565CA0F5D19F7EA4CA183786155D4A47

SSDEEP:

3072:V3LA1++iCeFj0im6X/AXpT8vVMCcHVcdhghUuzzo9YC:lLJlC6j0CX4XmvWHVcd62uo9P

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • DARKROAD has been detected (YARA)

      • 000.exe (PID: 6692)

  • SUSPICIOUS

    • Changes the desktop background image

      • 000.exe (PID: 6692)

    • Executing commands from a ".bat" file

      • 000.exe (PID: 6692)
      • rniw.exe (PID: 5956)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 6840)

    • Executable content was dropped or overwritten

      • cmd.exe (PID: 6840)
      • 000.exe (PID: 6692)
      • rniw.exe (PID: 5956)

    • Uses WMIC.EXE to obtain user accounts information

      • cmd.exe (PID: 6840)

    • Reads security settings of Internet Explorer

      • 000.exe (PID: 6692)

    • SQL CE related mutex has been found

      • 000.exe (PID: 6692)

    • There is functionality for taking screenshot (YARA)

      • 000.exe (PID: 6692)

    • Starts CMD.EXE for commands execution

      • 000.exe (PID: 6692)
      • rniw.exe (PID: 5956)

    • The process executes via Task Scheduler

      • PLUGScheduler.exe (PID: 908)

    • The system shut down or reboot

      • cmd.exe (PID: 6840)

    • Runs PING.EXE to delay simulation

      • cmd.exe (PID: 6012)

  • INFO

    • Reads the computer name

      • 000.exe (PID: 6692)

    • Checks supported languages

      • 000.exe (PID: 6692)

    • Creates files or folders in the user directory

      • 000.exe (PID: 6692)

    • Reads the machine GUID from the registry

      • 000.exe (PID: 6692)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 7104)
      • WMIC.exe (PID: 5340)

    • Creates files in the program directory

      • cmd.exe (PID: 6840)
      • 000.exe (PID: 6692)

    • Create files in a temporary directory

      • 000.exe (PID: 6692)

    • Checks proxy server information

      • 000.exe (PID: 6692)

    • Manual execution by a user

      • chrome.exe (PID: 6468)
      • rniw.exe (PID: 5956)
      • chrome.exe (PID: 2228)
      • notepad.exe (PID: 6032)
      • chrome.exe (PID: 6372)
      • chrome.exe (PID: 4672)

    • Application launched itself

      • chrome.exe (PID: 6468)
      • chrome.exe (PID: 6372)
      • chrome.exe (PID: 4672)
      • chrome.exe (PID: 2228)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (63.1)
.exe | Win64 Executable (generic) (23.8)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)
.exe | Generic Win/DOS Executable (1.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:03:16 13:26:30+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 48
CodeSize: 6978560
InitializedDataSize: 4608
UninitializedDataSize: -
EntryPoint: 0x6a9b16
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: 000
FileVersion: 0.0.0.0
InternalName: 000.exe
LegalCopyright: -
LegalTrademarks: -
OriginalFileName: 000.exe
ProductName: 000
ProductVersion: 0.0.0.0
AssemblyVersion: 0.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
390
Monitored processes
167
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start #DARKROAD 000.exe cmd.exe conhost.exe no specs taskkill.exe no specs taskkill.exe no specs wmic.exe no specs wmic.exe no specs shutdown.exe no specs plugscheduler.exe no specs rniw.exe cmd.exe no specs conhost.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs notepad.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs runaway.exe no specs ping.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs runaway.exe no specs ping.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs runaway.exe no specs ping.exe no specs chrome.exe no specs runaway.exe no specs ping.exe no specs runaway.exe no specs ping.exe no specs 000.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
132shutdown /f /r /t 0C:\Windows\SysWOW64\shutdown.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Shutdown and Annotation Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\shutdown.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
476ping 1.1.1.1 -n 1 -w 1000 C:\Windows\System32\PING.EXEcmd.exe
User:
UR NEXT
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nsi.dll
664ping 1.1.1.1 -n 1 -w 1000 C:\Windows\System32\PING.EXEcmd.exe
User:
UR NEXT
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nsi.dll
668ping 1.1.1.1 -n 1 -w 1000 C:\Windows\System32\PING.EXEcmd.exe
User:
UR NEXT
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nsi.dll
872ping 1.1.1.1 -n 1 -w 1000 C:\Windows\System32\PING.EXEcmd.exe
User:
UR NEXT
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nsi.dll
872"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=122.0.6261.70 --initial-client-data=0x218,0x21c,0x220,0x1f4,0x224,0x7fff7193dc40,0x7fff7193dc4c,0x7fff7193dc58C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
UR NEXT
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
904runaway.exe C:\Users\admin\AppData\Local\Temp\AEED.tmp\runaway.execmd.exe
User:
UR NEXT
Integrity Level:
MEDIUM
Description:
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\aeed.tmp\runaway.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
908"C:\Program Files\RUXIM\PLUGscheduler.exe"C:\Program Files\RUXIM\PLUGScheduler.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Update LifeCycle Component Scheduler
Exit code:
0
Version:
10.0.19041.3623 (WinBuild.160101.0800)
Modules
Images
c:\program files\ruxim\plugscheduler.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
932runaway.exe C:\Users\admin\AppData\Local\Temp\AEED.tmp\runaway.execmd.exe
User:
UR NEXT
Integrity Level:
MEDIUM
Description:
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\aeed.tmp\runaway.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
964ping 1.1.1.1 -n 1 -w 1000 C:\Windows\System32\PING.EXEcmd.exe
User:
UR NEXT
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nsi.dll
Total events
16 918
Read events
16 816
Write events
101
Delete events
1

Modification events

(PID) Process:(6692) 000.exeKey:HKEY_CURRENT_USER\Control Panel\Desktop
Operation:writeName:Wallpaper
Value:
(PID) Process:(6692) 000.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Operation:writeName:DisableTaskMgr
Value:
1
(PID) Process:(6692) 000.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Media\WMSDK\Namespace
Operation:writeName:LocalBase
Value:
C:\Users\admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
(PID) Process:(6692) 000.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Media\WMSDK\Namespace
Operation:writeName:DTDFile
Value:
C:\Users\admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
(PID) Process:(6692) 000.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Media\WMSDK\Namespace
Operation:writeName:LocalDelta
Value:
C:\Users\admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML
(PID) Process:(6692) 000.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Media\WMSDK\Namespace
Operation:writeName:RemoteDelta
Value:
C:\Users\admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSR.XML
(PID) Process:(6692) 000.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP
Operation:writeName:ProxyStyle
Value:
1
(PID) Process:(6692) 000.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP
Operation:writeName:ProxyName
Value:
(PID) Process:(6692) 000.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP
Operation:writeName:ProxyPort
Value:
80
(PID) Process:(6692) 000.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP
Operation:writeName:ProxyBypass
Value:
0
Executable files
3
Suspicious files
44
Text files
426
Unknown types
0

Dropped files

PID
Process
Filename
Type
6692000.exeC:\Users\admin\AppData\Local\Temp\rniw.exeexecutable
MD5:9232120B6FF11D48A90069B25AA30ABC
SHA256:70FAA0E1498461731F873D3594F20CBF2BEAA6F123A06B66F9DF59A9CDF862BE
6692000.exeC:\Users\admin\AppData\Local\Temp\icon.icoimage
MD5:A4B9662CF3B6EA6626F6081C0D8C13F3
SHA256:84A1C2713642090523F05D9FB015C537FD210D3200CADAF442BB67CF1834B356
6692000.exeC:\Users\admin\AppData\Local\Temp\text.txttext
MD5:9037EBF0A18A1C17537832BC73739109
SHA256:38C889B5D7BDCB79BBCB55554C520A9CE74B5BFC29C19D1E4CB1419176C99F48
6840cmd.exeC:\Users\admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N0XT.txttext
MD5:9037EBF0A18A1C17537832BC73739109
SHA256:38C889B5D7BDCB79BBCB55554C520A9CE74B5BFC29C19D1E4CB1419176C99F48
6840cmd.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\rniw.exeexecutable
MD5:9232120B6FF11D48A90069B25AA30ABC
SHA256:70FAA0E1498461731F873D3594F20CBF2BEAA6F123A06B66F9DF59A9CDF862BE
6840cmd.exeC:\Users\admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N8XT.txttext
MD5:9037EBF0A18A1C17537832BC73739109
SHA256:38C889B5D7BDCB79BBCB55554C520A9CE74B5BFC29C19D1E4CB1419176C99F48
6840cmd.exeC:\Users\admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N2XT.txttext
MD5:9037EBF0A18A1C17537832BC73739109
SHA256:38C889B5D7BDCB79BBCB55554C520A9CE74B5BFC29C19D1E4CB1419176C99F48
6692000.exeC:\Users\admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XMLtext
MD5:5433EAB10C6B5C6D55B7CBD302426A39
SHA256:23DBF7014E99E93AF5F2760F18EE1370274F06A453145C8D539B66D798DAD131
6840cmd.exeC:\Users\admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N5XT.txttext
MD5:9037EBF0A18A1C17537832BC73739109
SHA256:38C889B5D7BDCB79BBCB55554C520A9CE74B5BFC29C19D1E4CB1419176C99F48
6692000.exeC:\Users\admin\AppData\Local\Temp\windl.battext
MD5:A9401E260D9856D1134692759D636E92
SHA256:B551FBA71DFD526D4916AE277D8686D83FFF36D22FCF6F18457924A070B30EF7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
29
DNS requests
9
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
3976
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
720
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
4
System
192.168.100.255:137
unknown
224.0.0.252:5355
unknown
224.0.0.251:5353
unknown
2940
OfficeClickToRun.exe
52.109.32.97:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
4856
SearchApp.exe
2.19.122.19:443
www.bing.com
Akamai International B.V.
DE
whitelisted
7236
chrome.exe
142.250.185.99:443
clientservices.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.206
unknown
settings-win.data.microsoft.com
  • 51.124.78.146
unknown
self.events.data.microsoft.com
  • 52.182.143.213
  • 20.42.65.89
unknown
officeclient.microsoft.com
  • 52.109.32.97
unknown
ecs.office.com
  • 52.113.194.132
unknown
www.bing.com
  • 2.19.122.19
  • 2.19.122.20
  • 2.19.122.31
  • 2.19.122.26
  • 2.19.122.15
  • 2.19.122.33
  • 2.19.122.16
  • 2.19.122.25
  • 2.19.122.17
unknown
clientservices.googleapis.com
  • 142.250.185.99
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
000.exe