File name:

TheGame.zip

Full analysis: https://app.any.run/tasks/b81a7fc1-075a-4f98-91d6-227afc8c49bb
Verdict: Malicious activity
Analysis date: March 10, 2024, 14:32:31
OS: Windows 11 Professional (build: 22000, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

864A8268CFD8DBE7AA80FA53AE085C2D

SHA1:

AE63282CAD73AB94B79BEE286811A69C178CC361

SHA256:

C1EF4339551702543E9413D92F4FDAB9D57F77E6ED9A8A951E2375BCDF3D9FE4

SSDEEP:

1536:qBxk1LZkl4AU0u/V0zgXUSUBQrKls3gL8RD4EQ11PbjLVoL/czutJcc:qBxklZkl4EuNqg0QrKls3gQ6PvLUciUc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1168)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • GameBar.exe (PID: 1724)
      • ShellExperienceHost.exe (PID: 2856)
      • GameBarFTServer.exe (PID: 4936)
      • MiniSearchHost.exe (PID: 2352)
      • SecHealthUI.exe (PID: 6988)

    • Reads the Internet Settings

      • GameBar.exe (PID: 1724)
      • WerFault.exe (PID: 5856)
      • ShellExperienceHost.exe (PID: 2856)
      • GameBarFTServer.exe (PID: 4936)
      • WerFault.exe (PID: 6068)
      • WerFault.exe (PID: 6968)
      • WerFault.exe (PID: 6828)
      • MiniSearchHost.exe (PID: 2352)
      • SecHealthUI.exe (PID: 6988)

    • Executes application which crashes

      • TheGame.exe (PID: 4660)
      • TheGame.exe (PID: 6672)
      • TheGame.exe (PID: 6812)
      • TheGame.exe (PID: 6736)

    • Checks Windows Trust Settings

      • GameBar.exe (PID: 1724)

    • Reads the date of Windows installation

      • ShellExperienceHost.exe (PID: 2856)
      • MiniSearchHost.exe (PID: 2352)

  • INFO

    • Manual execution by a user

      • TheGame.exe (PID: 4660)
      • TheGame.exe (PID: 6736)
      • TheGame.exe (PID: 6672)
      • TheGame.exe (PID: 6812)

    • Reads the computer name

      • GameBar.exe (PID: 1724)
      • GameBarFTServer.exe (PID: 4936)
      • ShellExperienceHost.exe (PID: 2856)
      • MiniSearchHost.exe (PID: 2352)
      • SecHealthUI.exe (PID: 6988)

    • Checks supported languages

      • TheGame.exe (PID: 4660)
      • GameBar.exe (PID: 1724)
      • GameBarFTServer.exe (PID: 4936)
      • ShellExperienceHost.exe (PID: 2856)
      • TheGame.exe (PID: 6672)
      • TheGame.exe (PID: 6812)
      • TheGame.exe (PID: 6736)
      • MiniSearchHost.exe (PID: 2352)
      • SecHealthUI.exe (PID: 6988)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1168)

    • Creates files or folders in the user directory

      • GameBar.exe (PID: 1724)
      • GameBarFTServer.exe (PID: 4936)
      • WerFault.exe (PID: 5856)
      • WerFault.exe (PID: 6068)
      • WerFault.exe (PID: 6968)
      • WerFault.exe (PID: 6828)

    • Reads CPU info

      • GameBar.exe (PID: 1724)

    • Reads the time zone

      • GameBar.exe (PID: 1724)

    • Reads product name

      • GameBar.exe (PID: 1724)
      • ShellExperienceHost.exe (PID: 2856)
      • SecHealthUI.exe (PID: 6988)

    • Reads Environment values

      • GameBar.exe (PID: 1724)
      • ShellExperienceHost.exe (PID: 2856)
      • GameBarFTServer.exe (PID: 4936)
      • SecHealthUI.exe (PID: 6988)

    • Checks proxy server information

      • GameBar.exe (PID: 1724)
      • WerFault.exe (PID: 5856)
      • WerFault.exe (PID: 6068)
      • WerFault.exe (PID: 6968)
      • WerFault.exe (PID: 6828)

    • Reads the machine GUID from the registry

      • GameBar.exe (PID: 1724)

    • Reads the software policy settings

      • GameBar.exe (PID: 1724)
      • WerFault.exe (PID: 5856)
      • WerFault.exe (PID: 6828)
      • WerFault.exe (PID: 6068)
      • WerFault.exe (PID: 6968)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0008
ZipCompression: Deflated
ZipModifyDate: 2024:03:10 12:34:02
ZipCRC: 0x846eaa26
ZipCompressedSize: 7528
ZipUncompressedSize: 40960
ZipFileName: TheGame.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
23
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe thegame.exe conhost.exe no specs werfault.exe gamebar.exe gamebarftserver.exe shellexperiencehost.exe no specs systemsettingsbroker.exe no specs thegame.exe conhost.exe no specs werfault.exe thegame.exe conhost.exe no specs werfault.exe thegame.exe conhost.exe no specs werfault.exe minisearchhost.exe no specs applicationframehost.exe no specs sechealthui.exe no specs securityhealthhost.exe no specs securityhealthhost.exe no specs securityhealthhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1168"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\TheGame.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1696\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeTheGame.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
1724"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mcaC:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBar.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Xbox Game Bar
Exit code:
1
Version:
5.822.06271.0
Modules
Images
c:\program files\windowsapps\microsoft.xboxgamingoverlay_5.822.6271.0_x64__8wekyb3d8bbwe\gamebar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2128C:\Windows\system32\ApplicationFrameHost.exe -EmbeddingC:\Windows\System32\ApplicationFrameHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Application Frame Host
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\applicationframehost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
2352"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mcaC:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
421.22500.3595.0
Modules
Images
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\minisearchhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\program files\windowsapps\microsoft.vclibs.140.00_14.0.30704.0_x64__8wekyb3d8bbwe\vcruntime140_app.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
2828\\?\C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -EmbeddingC:\Windows\System32\SecurityHealthHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Security Health Host
Exit code:
0
Version:
10.0.22000.708 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\securityhealthhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
2856"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mcaC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Shell Experience Host
Exit code:
0
Version:
10.0.22000.708 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\wincorlib.dll
3816\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeTheGame.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
4260\\?\C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -EmbeddingC:\Windows\System32\SecurityHealthHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Security Health Host
Exit code:
0
Version:
10.0.22000.708 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\securityhealthhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
4660"C:\Users\admin\Desktop\TheGame.exe" C:\Users\admin\Desktop\TheGame.exe
explorer.exe
User:
admin
Company:
TheGame
Integrity Level:
MEDIUM
Description:
TheGame
Exit code:
3221226505
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\thegame.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
47 261
Read events
47 117
Write events
135
Delete events
9

Modification events

(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:VerInfo
Value:
005B0500DB498ACEF772DA01
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\TheGame.zip
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
(PID) Process:(1168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF82000000820000004204000065020000
Executable files
2
Suspicious files
12
Text files
12
Unknown types
2

Dropped files

PID
Process
Filename
Type
5856WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_TheGame.exe_f45f99c2a22e77a667a9b3bf878add1e3a7382_7325af80_40a42293-28bd-4192-b214-298416554bac\Report.wer
MD5:
SHA256:
6828WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_TheGame.exe_f45f99c2a22e77a667a9b3bf878add1e3a7382_7325af80_89dbc11a-c430-43a4-8c48-4ec7af4e06c0\Report.wer
MD5:
SHA256:
1168WinRAR.exeC:\USERS\ADMIN\APPDATA\ROAMING\WINRAR\VERSION.DATbinary
MD5:2EFF00536B48678814B22885D948BD51
SHA256:4A36835ECBEF2C56B795815B0B251D2CC8E644B912CE923E04565777A53706FB
6068WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_TheGame.exe_f45f99c2a22e77a667a9b3bf878add1e3a7382_7325af80_a426fee4-202f-4f3c-9ca6-cfff95663dc3\Report.wer
MD5:
SHA256:
1168WinRAR.exeC:\Users\admin\Desktop\TheGame.exeexecutable
MD5:82F4F9F10C54A63435FAACC2FC6D0AF7
SHA256:8FF670314B3467ACA22321A163C13D63E641737499941045BD55C33AE620EE7B
1168WinRAR.exeC:\Users\admin\Desktop\TheGame.dllexecutable
MD5:1FCB541C51BF7E3E00658E6735F791E3
SHA256:F45832A5299E8FB3474282A3DD8064E92414E064CC3DDDF8B7A0A036BE37574A
5856WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER.f94e569f-fd9f-4aa8-83e6-392a0c4a153d.tmp.dmpbinary
MD5:DB681A2B6019AF3DBCF3981CD737FDBB
SHA256:6352E9B3B123D22516FDC60E46B0C1079288D3BB4B8C94CB6C3D1F9B44DAAEB3
6828WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER.d0b6cc70-ce7a-4822-829a-bb976064ef43.tmp.dmpbinary
MD5:157012E5CDE3B306D9CD285C361759AA
SHA256:6A310D6CF4ACEAD23D373CC7EA05FEDAA7D342D4BCD61130E3F849BB0131BBCC
6968WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_TheGame.exe_f45f99c2a22e77a667a9b3bf878add1e3a7382_7325af80_f9b2759a-e02f-4b74-ba9e-8f4f3ea176b6\Report.wer
MD5:
SHA256:
6828WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\TheGame.exe.6736.dmpbinary
MD5:5B82E2DCC2608CF5E5F2A8D42A4EB2CF
SHA256:CFA7D714208AE31B04DCA2C9B75EF5D9C76AD1F25E450ADD941C6A3563644C7E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
56
DNS requests
27
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3752
svchost.exe
GET
200
2.19.126.137:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?69418a771e6f34c6
unknown
compressed
4.66 Kb
unknown
3752
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
1724
GameBar.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
binary
471 b
unknown
1412
svchost.exe
GET
200
2.16.164.42:80
http://www.msftconnecttest.com/connecttest.txt
unknown
text
22 b
unknown
4908
SearchHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
312 b
unknown
4908
SearchHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4588
svchost.exe
239.255.255.250:1900
unknown
5180
msedge.exe
224.0.0.251:5353
unknown
4
System
192.168.100.255:137
whitelisted
1412
svchost.exe
2.16.164.35:80
Akamai International B.V.
NL
unknown
5944
svchost.exe
23.32.185.164:443
AKAMAI-AS
BR
unknown
1412
svchost.exe
2.16.164.42:80
Akamai International B.V.
NL
unknown
3752
svchost.exe
40.126.32.76:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3752
svchost.exe
2.19.126.137:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3752
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1724
GameBar.exe
49.13.77.253:443
lfghub-anonymous.xboxlive.com
Hetzner Online GmbH
DE
unknown

DNS requests

Domain
IP
Reputation
login.live.com
  • 40.126.32.76
  • 40.126.32.74
  • 40.126.32.138
  • 40.126.32.133
  • 20.190.160.17
  • 40.126.32.68
  • 20.190.160.20
  • 40.126.32.72
whitelisted
ctldl.windowsupdate.com
  • 2.19.126.137
  • 2.19.126.163
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.xboxab.com
  • 13.107.5.91
whitelisted
lfghub-anonymous.xboxlive.com
  • 49.13.77.253
unknown
umwatson.events.data.microsoft.com
  • 52.168.117.172
  • 20.42.65.92
whitelisted
cs.dds.microsoft.com
  • 20.82.217.86
whitelisted
v20.events.data.microsoft.com
  • 20.42.65.90
whitelisted
v10.events.data.microsoft.com
  • 20.42.65.90
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted

Threats

PID
Process
Class
Message
1412
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
Process
Message
GameBarFTServer.exe
[TRACE] The DiagOutputDir folder is accessible
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
TheGame.zip