File name:

mbrcheck.exe

Full analysis: https://app.any.run/tasks/437e8fdc-697f-437f-82e7-5bc931d96b6c
Verdict: Malicious activity
Analysis date: July 22, 2024, 07:09:57
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (console) Intel 80386, for MS Windows
MD5:

36CFE1D793273923CD2CEC731A3B594E

SHA1:

68F8F45B68AE6068F2DF09AAD4881B73E8CD6876

SHA256:

E26832D5FAD6578AA87D05124680C7575046E4817B55AAB6A59DF9AA3DF7171C

SSDEEP:

384:OpN6JdpG6bpBosusWJG2q9827glWO7ExJ:OEdpG6bpBoscJ3/37KJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • mbrcheck.exe (PID: 2648)

    • Changes the autorun value in the registry

      • reg.exe (PID: 4752)

  • SUSPICIOUS

    • Application launched itself

      • Skype.exe (PID: 7036)

    • Uses REG/REGEDIT.EXE to modify registry

      • Skype.exe (PID: 7036)

    • Reads security settings of Internet Explorer

      • Skype.exe (PID: 7036)

    • Detected use of alternative data streams (AltDS)

      • Skype.exe (PID: 7036)

  • INFO

    • Checks supported languages

      • mbrcheck.exe (PID: 2648)
      • mbrcheck.exe (PID: 7700)
      • Skype.exe (PID: 7036)
      • Skype.exe (PID: 7744)
      • Skype.exe (PID: 5364)
      • Skype.exe (PID: 3152)
      • Skype.exe (PID: 2860)
      • Skype.exe (PID: 3444)

    • Manual execution by a user

      • cmd.exe (PID: 7152)
      • mbrcheck.exe (PID: 7700)
      • Skype.exe (PID: 7036)

    • Reads the software policy settings

      • slui.exe (PID: 7284)
      • Skype.exe (PID: 7036)

    • Checks proxy server information

      • slui.exe (PID: 7284)
      • Skype.exe (PID: 7036)

    • Reads the computer name

      • mbrcheck.exe (PID: 7700)
      • mbrcheck.exe (PID: 2648)
      • Skype.exe (PID: 7744)
      • Skype.exe (PID: 7036)
      • Skype.exe (PID: 3152)
      • Skype.exe (PID: 2860)

    • Creates files or folders in the user directory

      • Skype.exe (PID: 7036)
      • Skype.exe (PID: 2860)
      • Skype.exe (PID: 3152)

    • Reads CPU info

      • Skype.exe (PID: 7036)

    • Reads Environment values

      • Skype.exe (PID: 7036)
      • Skype.exe (PID: 2860)

    • Create files in a temporary directory

      • Skype.exe (PID: 7036)

    • Process checks computer location settings

      • Skype.exe (PID: 3444)
      • Skype.exe (PID: 7036)
      • Skype.exe (PID: 2860)

    • Reads the machine GUID from the registry

      • Skype.exe (PID: 7036)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:07:22 07:03:23+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.4
CodeSize: 11264
InitializedDataSize: 8704
UninitializedDataSize: -
EntryPoint: 0x2c3d
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows command line
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
165
Monitored processes
28
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start mbrcheck.exe no specs conhost.exe no specs slui.exe no specs slui.exe cmd.exe conhost.exe no specs mbrcheck.exe no specs conhost.exe no specs skype.exe skype.exe no specs skype.exe no specs skype.exe reg.exe conhost.exe no specs skype.exe no specs reg.exe no specs conhost.exe no specs skype.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1032\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exembrcheck.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1328C:\WINDOWS\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice /v ProgIdC:\Windows\SysWOW64\reg.exeSkype.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2116\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2360\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2648"C:\Users\admin\Desktop\mbrcheck.exe" C:\Users\admin\Desktop\mbrcheck.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\mbrcheck.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2860"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2808 --field-trial-handle=2172,i,9684529185201972620,2032936423004902593,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --skype-process-type=Main --skype-window-id=__MAIN_ROOT_VIEW_ID__ /prefetch:1C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Version:
8.104.0.207
Modules
Images
c:\program files (x86)\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
2996\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3152"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --mojo-platform-channel-handle=2468 --field-trial-handle=2172,i,9684529185201972620,2032936423004902593,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Skype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Version:
8.104.0.207
Modules
Images
c:\program files (x86)\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
3444"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --enable-blink-features --disable-blink-features --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4144 --field-trial-handle=2172,i,9684529185201972620,2032936423004902593,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Version:
8.104.0.207
Modules
Images
c:\program files (x86)\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
4752C:\WINDOWS\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype for Desktop" /t REG_SZ /d "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" /fC:\Windows\SysWOW64\reg.exe
Skype.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
14 328
Read events
14 309
Write events
1
Delete events
18

Modification events

(PID) Process:(4752) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Skype for Desktop
Value:
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(PID) Process:(7036) Skype.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en-US
Value:
(PID) Process:(7036) Skype.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en
Value:
(PID) Process:(7036) Skype.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:_Global_
Value:
Executable files
0
Suspicious files
37
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
7036Skype.exeC:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\SKYPE FOR DESKTOP\CRASHPAD\SETTINGS.DATbinary
MD5:9D0439A794AA96ABD6AFF504C86C7F31
SHA256:5DBC3A5DAF431973E245D83AB51B128E9C4CC2F3ECD61C45C88DB161ACC25B7B
7036Skype.exeC:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\SPELLING\EN-US\DEFAULT.EXCtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
7036Skype.exeC:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\SPELLING\EN-US\DEFAULT.DICtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
2860Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\CS_skylib\CS_shared.tmpbinary
MD5:99914B932BD37A50B983C5E7C90AE93B
SHA256:44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
7036Skype.exeC:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\SPELLING\EN-US\DEFAULT.ACLtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
7036Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b916037c1e115fe0.customDestinations-msbinary
MD5:DA243E0DAF95748C6D253F56E4FEA83C
SHA256:5397FC96A7F9F8D3C6BF2A5CF401CEC2BC04B0A04F6479CA8EA3D36865311FEE
7036Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.oldtext
MD5:D9CF6AAE805A20C96EF6414D030D6CE8
SHA256:6AFE86308EA331969317D933883AAB0D08EF96B7F14F54E45C0145D4D757DCD5
7036Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\bab1a59a-1368-4bb6-ae84-fcbd2f3053ac\Code Cache\wasm\indexbinary
MD5:54CB446F628B2EA4A5BCE5769910512E
SHA256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
7036Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\bab1a59a-1368-4bb6-ae84-fcbd2f3053ac\Code Cache\wasm\index-dir\temp-indexbinary
MD5:4A07E0AC1CAD97D4EFEC3C89452C2879
SHA256:7F8307817EB08F41D5EF1A49A7337D74F12613A4E4F8E83B0E1DF061381A9FA5
7036Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\bab1a59a-1368-4bb6-ae84-fcbd2f3053ac\Local Storage\leveldb\MANIFEST-000001binary
MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
SHA256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
81
DNS requests
31
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
POST
40.126.31.73:443
https://login.live.com/RST2.srf
unknown
unknown
GET
200
13.107.138.254:443
https://spo-ring.msedge.net/apc/trans.gif?636c1132028394fde1091b5e4bd72bba
unknown
image
43 b
unknown
GET
200
13.107.213.254:443
https://t-ring.msedge.net/apc/trans.gif?533061ec1ccecd65a56009fa2b1fea29
unknown
image
43 b
unknown
GET
200
150.171.22.254:443
https://ln-ring.msedge.net/apc/trans.gif?68823ec7f4107cf730bca073d9d21e9f
unknown
image
43 b
unknown
POST
401
4.208.221.206:443
https://licensing.mp.microsoft.com/v7.0/licenses/content
unknown
binary
340 b
unknown
GET
200
4.150.241.254:443
https://arm-ring.msedge.net/apc/trans.gif?2405de1399298b5febdc34e5f4665c87
unknown
image
43 b
unknown
GET
200
95.101.27.80:443
https://www.bing.com/AS/API/WindowsCortanaPane/V2/Suggestions?qry=cm&setlang=en-US&cc=US&nohs=1&qfm=1&cp=2&cvid=e4eec2e5b82443df85d01c9866fceddc&ig=301f4f8c22d44682a2907020d92864a9
unknown
binary
9.19 Kb
unknown
GET
200
13.107.136.254:443
https://spo-ring.msedge.net/apc/trans.gif?dece2f68aa55cd906e05f71ac6fb3a55
unknown
image
43 b
unknown
POST
40.126.32.140:443
https://login.live.com/RST2.srf
unknown
unknown
POST
200
20.199.58.43:443
https://arc.msn.com/v4/api/register?asid=8C907AFB82D34E96BA48F4260CE6A5FF&placement=cdmdevreg&country=US&locale=en-US&poptin=0&fmt=json&arch=AMD64&chassis=1&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19045.4046&dinst=1661339444&dmret=0&flightbranch=&flightring=Retail&icluc=0&localid=w%3AAC7699B0-48EA-FD22-C8DC-06A02098A0F0&oem=DELL&osbranch=vb_release&oslocale=en-US&osret=1&ossku=Professional&osskuid=48&prccn=4&prccs=3094&prcmf=AuthenticAMD&procm=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&ram=4096&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=15.3&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=260281&frdsk=218542&lo=3614349&tsu=1004879
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4716
svchost.exe
20.190.159.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5620
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7856
svchost.exe
4.209.33.156:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4
System
192.168.100.255:138
whitelisted
4032
svchost.exe
239.255.255.250:1900
whitelisted
2720
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2760
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6556
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5252
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.159.64
  • 20.190.159.73
  • 20.190.159.75
  • 20.190.159.2
  • 20.190.159.0
  • 40.126.31.71
  • 20.190.159.71
  • 20.190.159.23
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
google.com
  • 142.250.181.238
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
www.bing.com
  • 2.23.209.186
  • 2.23.209.175
  • 2.23.209.183
  • 2.23.209.192
  • 2.23.209.182
  • 2.23.209.178
  • 2.23.209.191
  • 2.23.209.187
  • 2.23.209.188
  • 95.101.27.78
  • 95.101.27.85
  • 95.101.27.76
  • 95.101.27.83
  • 95.101.27.81
  • 95.101.27.88
  • 95.101.27.80
  • 95.101.27.86
  • 95.101.27.77
whitelisted
fd.api.iris.microsoft.com
  • 20.103.156.88
whitelisted
ln-ring.msedge.net
  • 150.171.22.254
unknown
client.wns.windows.com
  • 40.113.110.67
  • 40.113.103.199
whitelisted
arm-ring.msedge.net
  • 4.150.241.254
unknown

Threats

PID
Process
Class
Message
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Potential Corporate Privacy Violation
ET CHAT Skype User-Agent detected
Potential Corporate Privacy Violation
ET CHAT Skype User-Agent detected
Potential Corporate Privacy Violation
ET CHAT Skype User-Agent detected
Potential Corporate Privacy Violation
ET CHAT Skype User-Agent detected
Potential Corporate Privacy Violation
ET CHAT Skype User-Agent detected
Potential Corporate Privacy Violation
ET CHAT Skype User-Agent detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mbrcheck.exe