File name:

image001.wmz

Full analysis: https://app.any.run/tasks/5bfde8c7-7d40-4869-8c16-58185b5ce14d
Verdict: Malicious activity
Analysis date: September 13, 2024, 09:40:18
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/gzip
File info: gzip compressed data, max speed, from NTFS filesystem (NT), original size modulo 2^32 8207384
MD5:

D727AC19A2F38E5188AAC62BEEB79F7F

SHA1:

4EEF07BF8428E7A69FF730EEE463343150CC61CA

SHA256:

626E43D94BBFE1F454680148F7D92EE003DA2832C33A03798EAEF0E5B6275F67

SSDEEP:

24576:K/0ipqDpdwG58mK7mAKBH+qkPdOmVfNPVMS9zV9:K/0ipqDpdwG58T7mAKBH+LPdOmVfNP2C

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Antivirus name has been found in the command line (generic signature)

      • MpCmdRun.exe (PID: 4008)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 4804)
      • wmplayer.exe (PID: 1656)
      • wmplayer.exe (PID: 6916)
      • setup_wm.exe (PID: 6564)
      • wmplayer.exe (PID: 3964)
      • wmplayer.exe (PID: 3256)
      • wmplayer.exe (PID: 2520)

    • Reads Internet Explorer settings

      • wmplayer.exe (PID: 6916)
      • wmplayer.exe (PID: 3964)
      • wmplayer.exe (PID: 3256)
      • wmplayer.exe (PID: 2520)

    • Reads Microsoft Outlook installation path

      • wmplayer.exe (PID: 6916)
      • wmplayer.exe (PID: 3964)
      • wmplayer.exe (PID: 3256)
      • wmplayer.exe (PID: 2520)

    • Starts CMD.EXE for commands execution

      • WinRAR.exe (PID: 4804)

    • Executing commands from a ".bat" file

      • WinRAR.exe (PID: 4804)

  • INFO

    • Reads Microsoft Office registry keys

      • WinRAR.exe (PID: 4804)

    • Checks supported languages

      • wmplayer.exe (PID: 1656)
      • setup_wm.exe (PID: 6564)
      • wmplayer.exe (PID: 3964)
      • wmplayer.exe (PID: 3256)
      • MpCmdRun.exe (PID: 4008)
      • wmplayer.exe (PID: 2520)
      • wmplayer.exe (PID: 6916)

    • Reads the computer name

      • wmplayer.exe (PID: 1656)
      • setup_wm.exe (PID: 6564)
      • wmplayer.exe (PID: 6916)
      • wmplayer.exe (PID: 3964)
      • MpCmdRun.exe (PID: 4008)
      • wmplayer.exe (PID: 3256)
      • wmplayer.exe (PID: 2520)

    • The process uses the downloaded file

      • wmplayer.exe (PID: 1656)
      • unregmp2.exe (PID: 2340)
      • WinRAR.exe (PID: 4804)
      • wmplayer.exe (PID: 6916)
      • wmplayer.exe (PID: 3964)
      • wmplayer.exe (PID: 3256)
      • setup_wm.exe (PID: 6564)
      • unregmp2.exe (PID: 2128)

    • Process checks computer location settings

      • wmplayer.exe (PID: 1656)
      • wmplayer.exe (PID: 6916)
      • wmplayer.exe (PID: 3964)
      • wmplayer.exe (PID: 3256)
      • wmplayer.exe (PID: 2520)
      • setup_wm.exe (PID: 6564)

    • Create files in a temporary directory

      • unregmp2.exe (PID: 2340)
      • MpCmdRun.exe (PID: 4008)

    • Reads security settings of Internet Explorer

      • unregmp2.exe (PID: 2340)
      • unregmp2.exe (PID: 2128)

    • Reads the machine GUID from the registry

      • wmplayer.exe (PID: 6916)
      • wmplayer.exe (PID: 3964)
      • wmplayer.exe (PID: 3256)
      • wmplayer.exe (PID: 2520)

    • Creates files or folders in the user directory

      • wmplayer.exe (PID: 6916)
      • wmplayer.exe (PID: 3964)
      • wmplayer.exe (PID: 3256)
      • wmplayer.exe (PID: 2520)
      • unregmp2.exe (PID: 1224)

    • Checks proxy server information

      • wmplayer.exe (PID: 6916)
      • wmplayer.exe (PID: 3964)
      • wmplayer.exe (PID: 3256)
      • wmplayer.exe (PID: 2520)
      • slui.exe (PID: 1048)

    • Reads the software policy settings

      • wmplayer.exe (PID: 6916)
      • slui.exe (PID: 2768)
      • slui.exe (PID: 1048)

    • Manual execution by a user

      • wmplayer.exe (PID: 3256)
      • wmplayer.exe (PID: 2520)

    • Sends debugging messages

      • wmplayer.exe (PID: 2520)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.z/gz/gzip | GZipped data (100)

EXIF

ZIP

Compression: Deflated
Flags: (none)
ModifyDate: 0000:00:00 00:00:00
ExtraFlags: Fastest Algorithm
OperatingSystem: NTFS filesystem (NT)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
150
Monitored processes
17
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe no specs wmplayer.exe no specs setup_wm.exe no specs unregmp2.exe no specs unregmp2.exe no specs unregmp2.exe no specs unregmp2.exe no specs wmplayer.exe wmplayer.exe no specs cmd.exe no specs conhost.exe no specs mpcmdrun.exe no specs sppextcomobj.exe no specs slui.exe wmplayer.exe no specs slui.exe wmplayer.exe

Process information

PID
CMD
Path
Indicators
Parent process
208C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\Rar$VR4804.27208\Rar$Scan38588.bat" "C:\Windows\System32\cmd.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
1048C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1224"C:\WINDOWS\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANTC:\Windows\System32\unregmp2.exeunregmp2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Media Player Setup Utility
Exit code:
0
Version:
12.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\unregmp2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1608\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1656"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /layout:"C:\Users\admin\AppData\Local\Temp\Rar$DIa4804.23720\image001.wmz"C:\Program Files (x86)\Windows Media Player\wmplayer.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player
Exit code:
0
Version:
12.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\program files (x86)\windows media player\wmplayer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2128C:\WINDOWS\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibraryC:\Windows\SysWOW64\unregmp2.exesetup_wm.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Media Player Setup Utility
Exit code:
0
Version:
12.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\unregmp2.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2340"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogonC:\Windows\SysWOW64\unregmp2.exewmplayer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Media Player Setup Utility
Exit code:
0
Version:
12.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\unregmp2.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2520"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1C:\Program Files (x86)\Windows Media Player\wmplayer.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player
Exit code:
0
Version:
12.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\program files (x86)\windows media player\wmplayer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2768"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3256"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /layout:"C:\Users\admin\Desktop\image001.wmz"C:\Program Files (x86)\Windows Media Player\wmplayer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player
Exit code:
0
Version:
12.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\program files (x86)\windows media player\wmplayer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
Total events
18 078
Read events
17 570
Write events
465
Delete events
43

Modification events

(PID) Process:(4804) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(4804) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\image001.wmz.gz
(PID) Process:(4804) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4804) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4804) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(4804) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(4804) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\OpenWithProgids
Operation:writeName:WMP11.AssocFile.WMZ
Value:
(PID) Process:(6564) setup_wm.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Preferences
Operation:delete valueName:UsageTracking
Value:
(PID) Process:(6564) setup_wm.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Preferences
Operation:delete valueName:ForceUsageTracking
Value:
(PID) Process:(6564) setup_wm.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Preferences
Operation:delete valueName:SQMLaunchIndex
Value:
Executable files
0
Suspicious files
8
Text files
8
Unknown types
1

Dropped files

PID
Process
Filename
Type
4804WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa4804.23720\image001.wmz
MD5:
SHA256:
4804WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa4804.25980\image001.wmz
MD5:
SHA256:
4804WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$VR4804.27208\image001.wmz.gz\image001.wmz
MD5:
SHA256:
4804WinRAR.exeC:\Users\admin\Desktop\image001.wmz
MD5:
SHA256:
1224unregmp2.exeC:\Users\admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdbbinary
MD5:36C13F5A06458890A580FB8DA6427EDF
SHA256:9C8249C18959AF4165B9D22094F9D60FA8757A275612B0C5AAFD1E9921D388B7
6916wmplayer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\21253908F3CB05D51B1C2DA8B681A785binary
MD5:0C5D78245C50CE4A117025CC4D945BCC
SHA256:DE5A7E221E9AAA6A1CF835691A6504C21CCFD4BB16DC181D1A71AC355F616C8E
1224unregmp2.exeC:\Users\admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdbbinary
MD5:79AEACC048DB9CA31E1BAF148FFC66C6
SHA256:9974FC100ABF3300E5EBCAB88D7BA8F66158429E8EBB155F7118AECCC062FFF7
1224unregmp2.exeC:\Users\admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XMLtext
MD5:A9B5DA9AEC61657B32393D96217165F0
SHA256:9F4611369CF65B33D886489B2486FCA7B1E83E0DC998D35B15B3AA4C8478A28D
6916wmplayer.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21253908F3CB05D51B1C2DA8B681A785der
MD5:1B7FD5177461034E4086724C5845E927
SHA256:065AF18C229898A1C2A8D989911ADCD9B1E2AB14B1953EBF8EAF34AE37EA1627
2520wmplayer.exeC:\Users\admin\AppData\Local\Microsoft\Media Player\wmpfolders.wmdbtext
MD5:89B5318D435F83601C3C533770157377
SHA256:D559AF4EF376C1A97238187AF2B63623246E77E5CFAB40B0C03220B86534DEC5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
58
DNS requests
24
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6252
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6916
wmplayer.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6108
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6844
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6844
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6252
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6268
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
6252
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6252
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6916
wmplayer.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6916
wmplayer.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3260
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
  • 20.73.194.208
  • 52.167.249.196
whitelisted
google.com
  • 142.250.184.206
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
login.live.com
  • 20.190.159.71
  • 20.190.159.4
  • 20.190.159.0
  • 40.126.31.73
  • 40.126.31.71
  • 40.126.31.67
  • 20.190.159.68
  • 40.126.31.69
  • 40.126.32.68
  • 40.126.32.136
  • 40.126.32.72
  • 20.190.160.14
  • 40.126.32.76
  • 40.126.32.74
  • 20.190.160.20
  • 40.126.32.133
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
slscr.update.microsoft.com
  • 52.165.165.26
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
www.bing.com
  • 184.86.251.27
  • 184.86.251.17
  • 184.86.251.7
  • 184.86.251.21
  • 184.86.251.22
  • 184.86.251.9
whitelisted

Threats

No threats detected
Process
Message
wmplayer.exe
Thumbnail Cache: Attempting to replace an entry that is in use
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
image001.wmz