File name:

mbrcheck.exe

Full analysis: https://app.any.run/tasks/437e8fdc-697f-437f-82e7-5bc931d96b6c
Verdict: Malicious activity
Analysis date: July 22, 2024, 07:09:57
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (console) Intel 80386, for MS Windows
MD5:

36CFE1D793273923CD2CEC731A3B594E

SHA1:

68F8F45B68AE6068F2DF09AAD4881B73E8CD6876

SHA256:

E26832D5FAD6578AA87D05124680C7575046E4817B55AAB6A59DF9AA3DF7171C

SSDEEP:

384:OpN6JdpG6bpBosusWJG2q9827glWO7ExJ:OEdpG6bpBoscJ3/37KJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • mbrcheck.exe (PID: 2648)

    • Changes the autorun value in the registry

      • reg.exe (PID: 4752)

  • SUSPICIOUS

    • Application launched itself

      • Skype.exe (PID: 7036)

    • Uses REG/REGEDIT.EXE to modify registry

      • Skype.exe (PID: 7036)

    • Reads security settings of Internet Explorer

      • Skype.exe (PID: 7036)

    • Detected use of alternative data streams (AltDS)

      • Skype.exe (PID: 7036)

  • INFO

    • Checks supported languages

      • mbrcheck.exe (PID: 2648)
      • mbrcheck.exe (PID: 7700)
      • Skype.exe (PID: 5364)
      • Skype.exe (PID: 7036)
      • Skype.exe (PID: 7744)
      • Skype.exe (PID: 3152)
      • Skype.exe (PID: 2860)
      • Skype.exe (PID: 3444)

    • Reads the computer name

      • mbrcheck.exe (PID: 7700)
      • mbrcheck.exe (PID: 2648)
      • Skype.exe (PID: 7036)
      • Skype.exe (PID: 7744)
      • Skype.exe (PID: 3152)
      • Skype.exe (PID: 2860)

    • Checks proxy server information

      • slui.exe (PID: 7284)
      • Skype.exe (PID: 7036)

    • Manual execution by a user

      • cmd.exe (PID: 7152)
      • mbrcheck.exe (PID: 7700)
      • Skype.exe (PID: 7036)

    • Reads the software policy settings

      • slui.exe (PID: 7284)
      • Skype.exe (PID: 7036)

    • Reads CPU info

      • Skype.exe (PID: 7036)

    • Creates files or folders in the user directory

      • Skype.exe (PID: 7036)
      • Skype.exe (PID: 2860)
      • Skype.exe (PID: 3152)

    • Reads Environment values

      • Skype.exe (PID: 7036)
      • Skype.exe (PID: 2860)

    • Create files in a temporary directory

      • Skype.exe (PID: 7036)

    • Process checks computer location settings

      • Skype.exe (PID: 7036)
      • Skype.exe (PID: 2860)
      • Skype.exe (PID: 3444)

    • Reads the machine GUID from the registry

      • Skype.exe (PID: 7036)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:07:22 07:03:23+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.4
CodeSize: 11264
InitializedDataSize: 8704
UninitializedDataSize: -
EntryPoint: 0x2c3d
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows command line
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
165
Monitored processes
28
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start mbrcheck.exe no specs conhost.exe no specs slui.exe no specs slui.exe cmd.exe conhost.exe no specs mbrcheck.exe no specs conhost.exe no specs skype.exe skype.exe no specs skype.exe no specs skype.exe reg.exe conhost.exe no specs skype.exe no specs reg.exe no specs conhost.exe no specs skype.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1032\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exembrcheck.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1328C:\WINDOWS\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice /v ProgIdC:\Windows\SysWOW64\reg.exeSkype.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2116\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2360\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2648"C:\Users\admin\Desktop\mbrcheck.exe" C:\Users\admin\Desktop\mbrcheck.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\mbrcheck.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2860"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2808 --field-trial-handle=2172,i,9684529185201972620,2032936423004902593,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --skype-process-type=Main --skype-window-id=__MAIN_ROOT_VIEW_ID__ /prefetch:1C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Version:
8.104.0.207
Modules
Images
c:\program files (x86)\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
2996\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3152"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --mojo-platform-channel-handle=2468 --field-trial-handle=2172,i,9684529185201972620,2032936423004902593,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Skype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Version:
8.104.0.207
Modules
Images
c:\program files (x86)\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
3444"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --enable-blink-features --disable-blink-features --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4144 --field-trial-handle=2172,i,9684529185201972620,2032936423004902593,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Version:
8.104.0.207
Modules
Images
c:\program files (x86)\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
4752C:\WINDOWS\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype for Desktop" /t REG_SZ /d "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" /fC:\Windows\SysWOW64\reg.exe
Skype.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
14 328
Read events
14 309
Write events
1
Delete events
18

Modification events

(PID) Process:(4752) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Skype for Desktop
Value:
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(PID) Process:(7036) Skype.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en-US
Value:
(PID) Process:(7036) Skype.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en
Value:
(PID) Process:(7036) Skype.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:_Global_
Value:
Executable files
0
Suspicious files
37
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
7036Skype.exeC:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\SPELLING\EN-US\DEFAULT.DICtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
7036Skype.exeC:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\SKYPE FOR DESKTOP\CRASHPAD\SETTINGS.DATbinary
MD5:9D0439A794AA96ABD6AFF504C86C7F31
SHA256:5DBC3A5DAF431973E245D83AB51B128E9C4CC2F3ECD61C45C88DB161ACC25B7B
7036Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.oldtext
MD5:46EED8B7CAAD25F7F453617DA0FB0857
SHA256:5BC1DE0E32F2969386351B2BE088F13B6CC3DF7693EE9E92FEEF59DB6AF1FB92
7036Skype.exeC:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\SPELLING\EN-US\DEFAULT.ACLtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
7036Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\bab1a59a-1368-4bb6-ae84-fcbd2f3053ac\Code Cache\wasm\index-dir\the-real-indexbinary
MD5:4A07E0AC1CAD97D4EFEC3C89452C2879
SHA256:7F8307817EB08F41D5EF1A49A7337D74F12613A4E4F8E83B0E1DF061381A9FA5
7036Skype.exeC:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\SPELLING\EN-US\DEFAULT.EXCtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
7036Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\bab1a59a-1368-4bb6-ae84-fcbd2f3053ac\Code Cache\wasm\indexbinary
MD5:54CB446F628B2EA4A5BCE5769910512E
SHA256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
2860Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\CS_skylib\CS_shared.tmpbinary
MD5:99914B932BD37A50B983C5E7C90AE93B
SHA256:44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
7036Skype.exeC:\USERS\ADMIN\APPDATA\ROAMING\MICROSOFT\SKYPE FOR DESKTOP\SETTINGS.JSONbinary
MD5:95D3A9F5B2C5989A3E6A174FB3E21820
SHA256:5961A7DCBB98937F89DA58A47266F3E90DF340B8D255050312EB98356A006E70
7036Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\bab1a59a-1368-4bb6-ae84-fcbd2f3053ac\Code Cache\js\indexbinary
MD5:54CB446F628B2EA4A5BCE5769910512E
SHA256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
81
DNS requests
31
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
POST
40.126.31.73:443
https://login.live.com/RST2.srf
unknown
POST
40.126.32.140:443
https://login.live.com/RST2.srf
unknown
POST
200
20.199.58.43:443
https://arc.msn.com/v4/api/register?asid=8C907AFB82D34E96BA48F4260CE6A5FF&placement=cdmdevreg&country=US&locale=en-US&poptin=0&fmt=json&arch=AMD64&chassis=1&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19045.4046&dinst=1661339444&dmret=0&flightbranch=&flightring=Retail&icluc=0&localid=w%3AAC7699B0-48EA-FD22-C8DC-06A02098A0F0&oem=DELL&osbranch=vb_release&oslocale=en-US&osret=1&ossku=Professional&osskuid=48&prccn=4&prccs=3094&prcmf=AuthenticAMD&procm=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&ram=4096&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=15.3&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=260281&frdsk=218542&lo=3614349&tsu=1004879
unknown
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
POST
40.126.32.140:443
https://login.live.com/RST2.srf
unknown
GET
200
95.101.27.77:443
https://www.bing.com/client/config?cc=US&setlang=en-US
unknown
binary
2.15 Kb
POST
40.126.32.72:443
https://login.live.com/RST2.srf
unknown
GET
200
150.171.22.254:443
https://ln-ring.msedge.net/apc/trans.gif?6c2b324023e93b347bd13b831ba7650c
unknown
image
43 b
POST
204
95.101.27.77:443
https://www.bing.com/threshold/xls.aspx
unknown
GET
200
95.101.27.88:443
https://www.bing.com/AS/API/WindowsCortanaPane/V2/Suggestions?qry=cmd&setlang=en-US&cc=US&nohs=1&qfm=1&cp=3&cvid=e4eec2e5b82443df85d01c9866fceddc&ig=00e5c2de5f264eaf9d03a24d2fd85cff
unknown
binary
6.47 Kb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4716
svchost.exe
20.190.159.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5620
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7856
svchost.exe
4.209.33.156:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4
System
192.168.100.255:138
whitelisted
4032
svchost.exe
239.255.255.250:1900
whitelisted
2720
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2760
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6556
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5252
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.159.64
  • 20.190.159.73
  • 20.190.159.75
  • 20.190.159.2
  • 20.190.159.0
  • 40.126.31.71
  • 20.190.159.71
  • 20.190.159.23
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
google.com
  • 142.250.181.238
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
www.bing.com
  • 2.23.209.186
  • 2.23.209.175
  • 2.23.209.183
  • 2.23.209.192
  • 2.23.209.182
  • 2.23.209.178
  • 2.23.209.191
  • 2.23.209.187
  • 2.23.209.188
  • 95.101.27.78
  • 95.101.27.85
  • 95.101.27.76
  • 95.101.27.83
  • 95.101.27.81
  • 95.101.27.88
  • 95.101.27.80
  • 95.101.27.86
  • 95.101.27.77
whitelisted
fd.api.iris.microsoft.com
  • 20.103.156.88
whitelisted
ln-ring.msedge.net
  • 150.171.22.254
unknown
client.wns.windows.com
  • 40.113.110.67
  • 40.113.103.199
whitelisted
arm-ring.msedge.net
  • 4.150.241.254
unknown

Threats

PID
Process
Class
Message
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Potential Corporate Privacy Violation
ET CHAT Skype User-Agent detected
Potential Corporate Privacy Violation
ET CHAT Skype User-Agent detected
Potential Corporate Privacy Violation
ET CHAT Skype User-Agent detected
Potential Corporate Privacy Violation
ET CHAT Skype User-Agent detected
Potential Corporate Privacy Violation
ET CHAT Skype User-Agent detected
Potential Corporate Privacy Violation
ET CHAT Skype User-Agent detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mbrcheck.exe