File name:

mms_mini.exe

Full analysis: https://app.any.run/tasks/282d0cd5-1d16-4fda-9d83-7d3759885b05
Verdict: Malicious activity
Analysis date: July 29, 2024, 20:28:04
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
installer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

32F1AFA2506550D5469B3F4046F3EA40

SHA1:

0B1AACDEE1AFFF1F992DECE36DA4B49F94B79495

SHA256:

E11DC8D2E7FBA91857DF6A38C6E64AD491A9271B9F0BFDA937680DD0DA453665

SSDEEP:

98304:Yrq3Bdw4MIMtdbgV7bImUmH2SgZgjRLEAs7R9KdjFH+59vN5nBrP0r7CiekwdOwq:Go

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • mms_mini.exe (PID: 1164)
      • mms_mini.tmp (PID: 6836)
      • mms_mini.exe (PID: 5240)
      • mms_mini.tmp (PID: 2188)

    • Antivirus name has been found in the command line (generic signature)

      • cmd.exe (PID: 6044)
      • find.exe (PID: 2708)
      • find.exe (PID: 3868)
      • cmd.exe (PID: 7084)
      • tasklist.exe (PID: 4688)
      • find.exe (PID: 5488)
      • cmd.exe (PID: 6440)
      • tasklist.exe (PID: 4364)
      • cmd.exe (PID: 1996)
      • tasklist.exe (PID: 6432)
      • tasklist.exe (PID: 2292)
      • cmd.exe (PID: 5080)
      • tasklist.exe (PID: 4324)
      • find.exe (PID: 3588)
      • find.exe (PID: 4564)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • mms_mini.tmp (PID: 6836)
      • mms_mini.tmp (PID: 2188)

    • Executable content was dropped or overwritten

      • mms_mini.exe (PID: 1164)
      • mms_mini.tmp (PID: 6836)
      • mms_mini.exe (PID: 5240)
      • mms_mini.tmp (PID: 2188)

    • Reads security settings of Internet Explorer

      • mms_mini.tmp (PID: 6836)
      • mms_mini.tmp (PID: 2188)

    • Reads the date of Windows installation

      • mms_mini.tmp (PID: 6836)
      • mms_mini.tmp (PID: 2188)

    • Runs PING.EXE to delay simulation

      • mms_mini.tmp (PID: 2188)

    • Starts CMD.EXE for commands execution

      • mms_mini.tmp (PID: 2188)
      • cmd.exe (PID: 6564)

    • Get information on the list of running processes

      • mms_mini.tmp (PID: 2188)
      • cmd.exe (PID: 6044)
      • cmd.exe (PID: 5080)
      • cmd.exe (PID: 7084)
      • cmd.exe (PID: 1996)
      • cmd.exe (PID: 6468)
      • cmd.exe (PID: 6440)

    • Executing commands from a ".bat" file

      • mms_mini.tmp (PID: 2188)

    • Starts application with an unusual extension

      • cmd.exe (PID: 6564)

    • Application launched itself

      • cmd.exe (PID: 6564)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 6564)

    • The executable file from the user directory is run by the CMD process

      • AutoIt3.exe (PID: 4336)

  • INFO

    • Process checks computer location settings

      • mms_mini.tmp (PID: 6836)
      • mms_mini.tmp (PID: 2188)

    • Reads Environment values

      • mms_mini.tmp (PID: 6836)
      • mms_mini.exe (PID: 1164)
      • mms_mini.exe (PID: 5240)
      • mms_mini.tmp (PID: 2188)

    • Checks supported languages

      • mms_mini.tmp (PID: 6836)
      • mms_mini.exe (PID: 1164)
      • mms_mini.exe (PID: 5240)
      • mms_mini.tmp (PID: 2188)
      • chcp.com (PID: 4304)
      • AutoIt3.exe (PID: 4336)

    • Create files in a temporary directory

      • mms_mini.exe (PID: 1164)
      • mms_mini.tmp (PID: 6836)
      • mms_mini.exe (PID: 5240)
      • mms_mini.tmp (PID: 2188)

    • Checks proxy server information

      • slui.exe (PID: 3168)
      • slui.exe (PID: 5296)

    • Reads the computer name

      • mms_mini.tmp (PID: 6836)
      • mms_mini.tmp (PID: 2188)

    • Reads the software policy settings

      • slui.exe (PID: 3168)
      • slui.exe (PID: 5296)

    • Creates files or folders in the user directory

      • mms_mini.tmp (PID: 2188)

    • Reads Windows Product ID

      • AutoIt3.exe (PID: 4336)

    • Reads CPU info

      • AutoIt3.exe (PID: 4336)

    • Reads mouse settings

      • AutoIt3.exe (PID: 4336)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:10 14:47:11+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 685056
InitializedDataSize: 90112
UninitializedDataSize: -
EntryPoint: 0xa83bc
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 1.2548.59.8
ProductVersionNumber: 1.2548.59.8
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: olivermen Setup
FileVersion: 1.2548.59.8
LegalCopyright:
OriginalFileName:
ProductName: olivermen
ProductVersion: 1.2548.59.8
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
187
Monitored processes
44
Malicious processes
5
Suspicious processes
5

Behavior graph

Click at the process to see the details
start mms_mini.exe mms_mini.tmp slui.exe mms_mini.exe mms_mini.tmp ping.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs find.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs findstr.exe no specs find.exe no specs cmd.exe no specs autoit3.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
436findstr /L /I set C:\Users\admin\AppData\Local\olivermen\\Linda.batC:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
484\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
488\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
720\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1164"C:\Users\admin\AppData\Roaming\mms_mini.exe" C:\Users\admin\AppData\Roaming\mms_mini.exe
explorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
olivermen Setup
Exit code:
1
Version:
1.2548.59.8
Modules
Images
c:\users\admin\appdata\roaming\mms_mini.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
1996"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"C:\Windows\System32\cmd.exemms_mini.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
2188"C:\Users\admin\AppData\Local\Temp\is-BO9QT.tmp\mms_mini.tmp" /SL5="$A04AC,2314986,776192,C:\Users\admin\AppData\Roaming\mms_mini.exe" /VERYSILENT /NORESTARTC:\Users\admin\AppData\Local\Temp\is-BO9QT.tmp\mms_mini.tmp
mms_mini.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-bo9qt.tmp\mms_mini.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
2292tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH C:\Windows\System32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2708find /I "wrsa.exe"C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
2928find C:\Windows\SysWOW64\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (grep) Utility
Exit code:
2
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\find.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
8 322
Read events
8 288
Write events
24
Delete events
10

Modification events

(PID) Process:(6836) mms_mini.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
B41A0000950706D6F5E1DA01
(PID) Process:(6836) mms_mini.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
7B82D59616C260513E0EAF0171A78745387E14D39EF10C2E4C302A03534A38FF
(PID) Process:(6836) mms_mini.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(6836) mms_mini.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6836) mms_mini.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6836) mms_mini.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6836) mms_mini.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6836) mms_mini.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:delete valueName:Sequence
Value:

(PID) Process:(6836) mms_mini.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:delete valueName:SessionHash
Value:
艻雕숖兠฾Ưꝱ䖇縸팔⸌が̪䩓X
(PID) Process:(6836) mms_mini.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:delete valueName:Owner
Value:
Executable files
8
Suspicious files
2
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
6836mms_mini.tmpC:\Users\admin\AppData\Local\Temp\is-7BEGO.tmp\_isetup\_iscrypt.dllexecutable
MD5:47CFD05FDE4BABE79530C7EA730F6DC0
SHA256:4BB34FE74F86AB389763863EE395A93D73E2D9548C224819EC9055D7C8C4B480
6836mms_mini.tmpC:\Users\admin\AppData\Local\Temp\is-7BEGO.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
2188mms_mini.tmpC:\Users\admin\AppData\Local\olivermen\is-GQ7O0.tmptext
MD5:CD36A02360E7B9F1482EC29403F98BDD
SHA256:C696C636CF51D283CD5EFA2AFD82345AD3CC2CA8C84074138FE57CD71C7055F4
2188mms_mini.tmpC:\Users\admin\AppData\Local\olivermen\Grigori.a3xbinary
MD5:5AEC1506F85655C420800C522821567C
SHA256:24CF8C2860413DE82531F80A2F93920D6C682DC31312D888B2F128FC0190CA03
5240mms_mini.exeC:\Users\admin\AppData\Local\Temp\is-BO9QT.tmp\mms_mini.tmpexecutable
MD5:0CA352095AEC53F335ED1BEFF864FC1B
SHA256:702F15E48ACA0816B019A4B792F8CFCA4F20C0C075A08FD29C5135582115B73D
1164mms_mini.exeC:\Users\admin\AppData\Local\Temp\is-3QEJB.tmp\mms_mini.tmpexecutable
MD5:0CA352095AEC53F335ED1BEFF864FC1B
SHA256:702F15E48ACA0816B019A4B792F8CFCA4F20C0C075A08FD29C5135582115B73D
2188mms_mini.tmpC:\Users\admin\AppData\Local\olivermen\is-2MT8L.tmpbinary
MD5:5AEC1506F85655C420800C522821567C
SHA256:24CF8C2860413DE82531F80A2F93920D6C682DC31312D888B2F128FC0190CA03
2188mms_mini.tmpC:\Users\admin\AppData\Local\Temp\is-99K2D.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
2188mms_mini.tmpC:\Users\admin\AppData\Local\Temp\is-99K2D.tmp\_isetup\_iscrypt.dllexecutable
MD5:47CFD05FDE4BABE79530C7EA730F6DC0
SHA256:4BB34FE74F86AB389763863EE395A93D73E2D9548C224819EC9055D7C8C4B480
2188mms_mini.tmpC:\Users\admin\AppData\Local\olivermen\is-09Q98.tmpexecutable
MD5:3F58A517F1F4796225137E7659AD2ADB
SHA256:1DA298CAB4D537B0B7B5DABF09BFF6A212B9E45731E0CC772F99026005FB9E48
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
55
DNS requests
30
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
US
binary
313 b
whitelisted
4424
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
3676
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
US
binary
471 b
whitelisted
2132
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
US
binary
471 b
whitelisted
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
US
binary
471 b
whitelisted
4132
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
US
binary
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4340
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5368
SearchApp.exe
131.253.33.254:443
a-ring-fallback.msedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
5368
SearchApp.exe
92.123.104.10:443
www.bing.com
Akamai International B.V.
DE
unknown
6012
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5464
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4128
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
2432
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3168
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
t-ring-fdv2.msedge.net
  • 13.107.237.254
unknown
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
a-ring-fallback.msedge.net
  • 131.253.33.254
unknown
www.bing.com
  • 92.123.104.10
  • 92.123.104.19
  • 92.123.104.18
  • 92.123.104.20
  • 92.123.104.12
  • 92.123.104.13
  • 92.123.104.17
  • 92.123.104.24
  • 92.123.104.22
  • 92.123.104.58
  • 92.123.104.65
  • 92.123.104.61
  • 92.123.104.53
  • 92.123.104.57
  • 92.123.104.63
  • 92.123.104.62
  • 92.123.104.4
  • 92.123.104.66
  • 2.23.209.133
  • 2.23.209.182
  • 2.23.209.176
  • 2.23.209.185
  • 2.23.209.149
  • 2.23.209.140
  • 2.23.209.187
  • 2.23.209.179
  • 2.23.209.189
whitelisted
google.com
  • 142.250.184.206
whitelisted
fp-afd-nocache-ccp.azureedge.net
  • 13.107.246.60
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.138
  • 40.126.32.133
  • 40.126.32.68
  • 40.126.32.72
  • 20.190.160.14
  • 40.126.32.74
  • 40.126.32.134
  • 40.126.32.136
whitelisted
th.bing.com
  • 92.123.104.61
  • 92.123.104.52
  • 92.123.104.42
  • 92.123.104.58
  • 92.123.104.57
  • 92.123.104.53
  • 92.123.104.37
  • 92.123.104.47
  • 92.123.104.38
  • 2.23.209.133
  • 2.23.209.182
  • 2.23.209.176
  • 2.23.209.185
  • 2.23.209.149
  • 2.23.209.140
  • 2.23.209.187
  • 2.23.209.179
  • 2.23.209.189
whitelisted
fd.api.iris.microsoft.com
  • 20.31.169.57
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mms_mini.exe