File name:

TheGame.zip

Full analysis: https://app.any.run/tasks/b81a7fc1-075a-4f98-91d6-227afc8c49bb
Verdict: Malicious activity
Analysis date: March 10, 2024, 14:32:31
OS: Windows 11 Professional (build: 22000, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

864A8268CFD8DBE7AA80FA53AE085C2D

SHA1:

AE63282CAD73AB94B79BEE286811A69C178CC361

SHA256:

C1EF4339551702543E9413D92F4FDAB9D57F77E6ED9A8A951E2375BCDF3D9FE4

SSDEEP:

1536:qBxk1LZkl4AU0u/V0zgXUSUBQrKls3gL8RD4EQ11PbjLVoL/czutJcc:qBxklZkl4EuNqg0QrKls3gQ6PvLUciUc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1168)

  • SUSPICIOUS

    • Executes application which crashes

      • TheGame.exe (PID: 4660)
      • TheGame.exe (PID: 6736)
      • TheGame.exe (PID: 6672)
      • TheGame.exe (PID: 6812)

    • Reads security settings of Internet Explorer

      • GameBar.exe (PID: 1724)
      • ShellExperienceHost.exe (PID: 2856)
      • GameBarFTServer.exe (PID: 4936)
      • SecHealthUI.exe (PID: 6988)
      • MiniSearchHost.exe (PID: 2352)

    • Reads the Internet Settings

      • GameBar.exe (PID: 1724)
      • WerFault.exe (PID: 5856)
      • ShellExperienceHost.exe (PID: 2856)
      • GameBarFTServer.exe (PID: 4936)
      • WerFault.exe (PID: 6068)
      • WerFault.exe (PID: 6968)
      • WerFault.exe (PID: 6828)
      • MiniSearchHost.exe (PID: 2352)
      • SecHealthUI.exe (PID: 6988)

    • Checks Windows Trust Settings

      • GameBar.exe (PID: 1724)

    • Reads the date of Windows installation

      • ShellExperienceHost.exe (PID: 2856)
      • MiniSearchHost.exe (PID: 2352)

  • INFO

    • Checks supported languages

      • GameBar.exe (PID: 1724)
      • TheGame.exe (PID: 4660)
      • GameBarFTServer.exe (PID: 4936)
      • TheGame.exe (PID: 6736)
      • ShellExperienceHost.exe (PID: 2856)
      • TheGame.exe (PID: 6672)
      • TheGame.exe (PID: 6812)
      • MiniSearchHost.exe (PID: 2352)
      • SecHealthUI.exe (PID: 6988)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1168)

    • Manual execution by a user

      • TheGame.exe (PID: 4660)
      • TheGame.exe (PID: 6736)
      • TheGame.exe (PID: 6672)
      • TheGame.exe (PID: 6812)

    • Reads the computer name

      • GameBar.exe (PID: 1724)
      • GameBarFTServer.exe (PID: 4936)
      • ShellExperienceHost.exe (PID: 2856)
      • MiniSearchHost.exe (PID: 2352)
      • SecHealthUI.exe (PID: 6988)

    • Reads CPU info

      • GameBar.exe (PID: 1724)

    • Creates files or folders in the user directory

      • GameBar.exe (PID: 1724)
      • GameBarFTServer.exe (PID: 4936)
      • WerFault.exe (PID: 5856)
      • WerFault.exe (PID: 6828)
      • WerFault.exe (PID: 6068)
      • WerFault.exe (PID: 6968)

    • Reads the time zone

      • GameBar.exe (PID: 1724)

    • Reads product name

      • GameBar.exe (PID: 1724)
      • ShellExperienceHost.exe (PID: 2856)
      • SecHealthUI.exe (PID: 6988)

    • Reads Environment values

      • GameBar.exe (PID: 1724)
      • GameBarFTServer.exe (PID: 4936)
      • ShellExperienceHost.exe (PID: 2856)
      • SecHealthUI.exe (PID: 6988)

    • Checks proxy server information

      • GameBar.exe (PID: 1724)
      • WerFault.exe (PID: 5856)
      • WerFault.exe (PID: 6828)
      • WerFault.exe (PID: 6068)
      • WerFault.exe (PID: 6968)

    • Reads the machine GUID from the registry

      • GameBar.exe (PID: 1724)

    • Reads the software policy settings

      • GameBar.exe (PID: 1724)
      • WerFault.exe (PID: 5856)
      • WerFault.exe (PID: 6068)
      • WerFault.exe (PID: 6968)
      • WerFault.exe (PID: 6828)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0008
ZipCompression: Deflated
ZipModifyDate: 2024:03:10 12:34:02
ZipCRC: 0x846eaa26
ZipCompressedSize: 7528
ZipUncompressedSize: 40960
ZipFileName: TheGame.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
23
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe thegame.exe conhost.exe no specs werfault.exe gamebar.exe gamebarftserver.exe shellexperiencehost.exe no specs systemsettingsbroker.exe no specs thegame.exe conhost.exe no specs werfault.exe thegame.exe conhost.exe no specs werfault.exe thegame.exe conhost.exe no specs werfault.exe minisearchhost.exe no specs applicationframehost.exe no specs sechealthui.exe no specs securityhealthhost.exe no specs securityhealthhost.exe no specs securityhealthhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1168"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\TheGame.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1696\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeTheGame.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
1724"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mcaC:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBar.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Xbox Game Bar
Exit code:
1
Version:
5.822.06271.0
Modules
Images
c:\program files\windowsapps\microsoft.xboxgamingoverlay_5.822.6271.0_x64__8wekyb3d8bbwe\gamebar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2128C:\Windows\system32\ApplicationFrameHost.exe -EmbeddingC:\Windows\System32\ApplicationFrameHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Application Frame Host
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\applicationframehost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
2352"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mcaC:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
421.22500.3595.0
Modules
Images
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\minisearchhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\program files\windowsapps\microsoft.vclibs.140.00_14.0.30704.0_x64__8wekyb3d8bbwe\vcruntime140_app.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
2828\\?\C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -EmbeddingC:\Windows\System32\SecurityHealthHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Security Health Host
Exit code:
0
Version:
10.0.22000.708 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\securityhealthhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
2856"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mcaC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Shell Experience Host
Exit code:
0
Version:
10.0.22000.708 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\wincorlib.dll
3816\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeTheGame.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
4260\\?\C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -EmbeddingC:\Windows\System32\SecurityHealthHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Security Health Host
Exit code:
0
Version:
10.0.22000.708 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\securityhealthhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
4660"C:\Users\admin\Desktop\TheGame.exe" C:\Users\admin\Desktop\TheGame.exe
explorer.exe
User:
admin
Company:
TheGame
Integrity Level:
MEDIUM
Description:
TheGame
Exit code:
3221226505
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\thegame.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
47 261
Read events
47 117
Write events
135
Delete events
9

Modification events

(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:VerInfo
Value:
005B0500DB498ACEF772DA01
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\TheGame.zip
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF82000000820000004204000065020000
Executable files
2
Suspicious files
12
Text files
12
Unknown types
2

Dropped files

PID
Process
Filename
Type
5856WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_TheGame.exe_f45f99c2a22e77a667a9b3bf878add1e3a7382_7325af80_40a42293-28bd-4192-b214-298416554bac\Report.wer
MD5:
SHA256:
6828WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_TheGame.exe_f45f99c2a22e77a667a9b3bf878add1e3a7382_7325af80_89dbc11a-c430-43a4-8c48-4ec7af4e06c0\Report.wer
MD5:
SHA256:
1168WinRAR.exeC:\Users\admin\Desktop\TheGame.dllexecutable
MD5:1FCB541C51BF7E3E00658E6735F791E3
SHA256:F45832A5299E8FB3474282A3DD8064E92414E064CC3DDDF8B7A0A036BE37574A
6068WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_TheGame.exe_f45f99c2a22e77a667a9b3bf878add1e3a7382_7325af80_a426fee4-202f-4f3c-9ca6-cfff95663dc3\Report.wer
MD5:
SHA256:
1168WinRAR.exeC:\USERS\ADMIN\APPDATA\ROAMING\WINRAR\VERSION.DATbinary
MD5:2EFF00536B48678814B22885D948BD51
SHA256:4A36835ECBEF2C56B795815B0B251D2CC8E644B912CE923E04565777A53706FB
1168WinRAR.exeC:\Users\admin\Desktop\TheGame.exeexecutable
MD5:82F4F9F10C54A63435FAACC2FC6D0AF7
SHA256:8FF670314B3467ACA22321A163C13D63E641737499941045BD55C33AE620EE7B
5856WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\TheGame.exe.4660.dmpbinary
MD5:FF8EECB39C099D2CE7F73A7F68EB2F0A
SHA256:6A7B8F0588A2A1CBD4F7E1D562F47AC90DF2DE3522125E1DE74A0FB20A435068
5856WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER.38f0900b-7f68-46a1-b9bf-e50aebfbbe5a.tmp.xmlxml
MD5:997CD1EDB75EF749CCF956E9AE0186D5
SHA256:8A7F293AECD6F96F7E599AF05A3E397DB39E368C680B904958E151F390E510FA
6968WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_TheGame.exe_f45f99c2a22e77a667a9b3bf878add1e3a7382_7325af80_f9b2759a-e02f-4b74-ba9e-8f4f3ea176b6\Report.wer
MD5:
SHA256:
1724GameBar.exeC:\Users\admin\AppData\Local\Packages\microsoft.xboxgamingoverlay_8wekyb3d8bbwe\AC\INetCache\3I6S3GGB\ab[1].jsonbinary
MD5:DEC7059F05D9FEE5837A1FB819BB4550
SHA256:8CECC31493554FC067AC5306015C374E81070E4E19889AC2C079DCB3D56ACD46
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
56
DNS requests
27
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1412
svchost.exe
GET
200
2.16.164.42:80
http://www.msftconnecttest.com/connecttest.txt
unknown
text
22 b
unknown
3752
svchost.exe
GET
200
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?69418a771e6f34c6
unknown
compressed
4.66 Kb
unknown
3752
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
1724
GameBar.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
binary
471 b
unknown
4908
SearchHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
312 b
unknown
4908
SearchHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4588
svchost.exe
239.255.255.250:1900
unknown
5180
msedge.exe
224.0.0.251:5353
unknown
4
System
192.168.100.255:137
whitelisted
1412
svchost.exe
2.16.164.35:80
Akamai International B.V.
NL
unknown
5944
svchost.exe
23.32.185.164:443
AKAMAI-AS
BR
unknown
1412
svchost.exe
2.16.164.42:80
Akamai International B.V.
NL
unknown
3752
svchost.exe
40.126.32.76:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3752
svchost.exe
2.19.126.137:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3752
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1724
GameBar.exe
49.13.77.253:443
lfghub-anonymous.xboxlive.com
Hetzner Online GmbH
DE
unknown

DNS requests

Domain
IP
Reputation
login.live.com
  • 40.126.32.76
  • 40.126.32.74
  • 40.126.32.138
  • 40.126.32.133
  • 20.190.160.17
  • 40.126.32.68
  • 20.190.160.20
  • 40.126.32.72
whitelisted
ctldl.windowsupdate.com
  • 2.19.126.137
  • 2.19.126.163
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.xboxab.com
  • 13.107.5.91
whitelisted
lfghub-anonymous.xboxlive.com
  • 49.13.77.253
unknown
umwatson.events.data.microsoft.com
  • 52.168.117.172
  • 20.42.65.92
whitelisted
cs.dds.microsoft.com
  • 20.82.217.86
whitelisted
v20.events.data.microsoft.com
  • 20.42.65.90
whitelisted
v10.events.data.microsoft.com
  • 20.42.65.90
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted

Threats

PID
Process
Class
Message
1412
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
Process
Message
GameBarFTServer.exe
[TRACE] The DiagOutputDir folder is accessible
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
TheGame.zip