File name:

FirefoxSetup127.0.msi

Full analysis: https://app.any.run/tasks/abf06d31-a2a2-4940-bb20-f87570d03ca6
Verdict: Malicious activity
Analysis date: June 11, 2024, 19:33:06
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Mozilla Firefox 127.0 x64 en-CA, Author: Mozilla, Keywords: Installer, Comments: This installer database contains the logic and data required to install Mozilla Firefox 127.0 x64 en-CA., Template: x64;0, Revision Number: {A7A9CA24-4262-442B-88A8-7F9DA34D40CA}, Create Time/Date: Fri Jun 7 00:02:28 2024, Last Saved Time/Date: Fri Jun 7 00:02:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.8606), Security: 2
MD5:

2FF9E304F976F874E383170DC264CC18

SHA1:

8B39213F2428E243A568727C6CE2D4C0E6BD2F6A

SHA256:

0B9971AAD887D1BC7CC7528BDDACFC5FF7DB9C5DD21C6A7A2983EE51F68277D3

SSDEEP:

786432:fkEyiOAOl+se0wSNqi5L8wiSJjt8TpeYCcaNTy:fLjwl0uN5IwlGTpeYCcUTy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 6428)
      • MSIC6B9.tmp (PID: 1636)
      • setup.exe (PID: 2512)
      • maintenanceservice_installer.exe (PID: 5776)
      • maintenanceservice_tmp.exe (PID: 4916)

    • Registers / Runs the DLL via REGSVR32.EXE

      • setup.exe (PID: 2512)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 6700)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 6640)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6640)

    • Executable content was dropped or overwritten

      • MSIC6B9.tmp (PID: 1636)
      • setup.exe (PID: 2512)
      • maintenanceservice_installer.exe (PID: 5776)
      • maintenanceservice_tmp.exe (PID: 4916)

    • The process drops Mozilla's DLL files

      • MSIC6B9.tmp (PID: 1636)
      • setup.exe (PID: 2512)

    • The process drops C-runtime libraries

      • MSIC6B9.tmp (PID: 1636)
      • setup.exe (PID: 2512)

    • Process drops legitimate windows executable

      • MSIC6B9.tmp (PID: 1636)
      • setup.exe (PID: 2512)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • setup.exe (PID: 2512)
      • maintenanceservice_installer.exe (PID: 5776)

    • The process creates files with name similar to system file names

      • setup.exe (PID: 2512)
      • maintenanceservice_installer.exe (PID: 5776)

    • Loads DLL from Mozilla Firefox

      • regsvr32.exe (PID: 5428)
      • default-browser-agent.exe (PID: 4940)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 5428)

    • Searches for installed software

      • setup.exe (PID: 2512)

    • Creates a software uninstall entry

      • setup.exe (PID: 2512)
      • maintenanceservice_installer.exe (PID: 5776)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 2512)

  • INFO

    • Checks proxy server information

      • msiexec.exe (PID: 6428)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 6428)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 6428)

    • Reads the software policy settings

      • msiexec.exe (PID: 6428)
      • msiexec.exe (PID: 6640)

    • Reads the computer name

      • msiexec.exe (PID: 6640)
      • setup.exe (PID: 2512)
      • maintenanceservice_installer.exe (PID: 5776)
      • maintenanceservice_tmp.exe (PID: 4916)

    • Checks supported languages

      • msiexec.exe (PID: 6640)
      • MSIC6B9.tmp (PID: 1636)
      • setup.exe (PID: 2512)
      • maintenanceservice_installer.exe (PID: 5776)
      • maintenanceservice_tmp.exe (PID: 4916)
      • default-browser-agent.exe (PID: 4940)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 6640)
      • setup.exe (PID: 2512)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 6640)

    • Create files in a temporary directory

      • MSIC6B9.tmp (PID: 1636)
      • setup.exe (PID: 2512)
      • maintenanceservice_installer.exe (PID: 5776)

    • Creates files in the program directory

      • setup.exe (PID: 2512)
      • maintenanceservice_installer.exe (PID: 5776)

    • Reads Microsoft Office registry keys

      • setup.exe (PID: 2512)

    • Application launched itself

      • firefox.exe (PID: 4960)
      • firefox.exe (PID: 3808)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: Mozilla Firefox 127.0 x64 en-CA
Author: Mozilla
Keywords: Installer
Comments: This installer database contains the logic and data required to install Mozilla Firefox 127.0 x64 en-CA.
Template: x64;0
RevisionNumber: {A7A9CA24-4262-442B-88A8-7F9DA34D40CA}
CreateDate: 2024:06:07 00:02:28
ModifyDate: 2024:06:07 00:02:28
Pages: 200
Words: 2
Software: Windows Installer XML Toolset (3.14.0.8606)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
130
Monitored processes
15
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msic6b9.tmp setup.exe regsvr32.exe no specs maintenanceservice_installer.exe maintenanceservice_tmp.exe default-browser-agent.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1636"C:\WINDOWS\Installer\MSIC6B9.tmp" /S /TaskbarShortcut=true /DesktopShortcut=true /StartMenuShortcut=true /PrivateBrowsingShortcut=true /MaintenanceService=true /RemoveDistributionDir=true /PreventRebootRequired=false /OptionalExtensions=true /RegisterDefaultAgent=true /LaunchedFromMSIC:\Windows\Installer\MSIC6B9.tmp
msiexec.exe
User:
admin
Company:
Mozilla
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
18.05
Modules
Images
c:\windows\installer\msic6b9.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
2084"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
3
Version:
127.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2512.\setup.exe /S /TaskbarShortcut=true /DesktopShortcut=true /StartMenuShortcut=true /PrivateBrowsingShortcut=true /MaintenanceService=true /RemoveDistributionDir=true /PreventRebootRequired=false /OptionalExtensions=true /RegisterDefaultAgent=true /LaunchedFromMSIC:\Users\admin\AppData\Local\Temp\7zS46610B81\setup.exe
MSIC6B9.tmp
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
SYSTEM
Description:
Firefox Installer
Exit code:
0
Version:
127.0
Modules
Images
c:\users\admin\appdata\local\temp\7zs46610b81\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
3644"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask installC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
127.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
3808"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask installC:\Program Files\Mozilla Firefox\firefox.exesetup.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
SYSTEM
Description:
Firefox
Exit code:
0
Version:
127.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
c:\windows\system32\crypt32.dll
4916"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe" installC:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
maintenanceservice_installer.exe
User:
SYSTEM
Company:
Mozilla Foundation
Integrity Level:
SYSTEM
Exit code:
0
Version:
127.0
Modules
Images
c:\program files (x86)\mozilla maintenance service\maintenanceservice_tmp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shlwapi.dll
4940"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\default-browser-agent.exesetup.exe
User:
SYSTEM
Company:
Mozilla Foundation
Integrity Level:
SYSTEM
Exit code:
2147500037
Version:
127.0
Modules
Images
c:\program files\mozilla firefox\default-browser-agent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ole32.dll
4960"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\firefox.exedefault-browser-agent.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
SYSTEM
Description:
Firefox
Exit code:
3
Version:
127.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
c:\windows\system32\crypt32.dll
5428"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"C:\Windows\System32\regsvr32.exesetup.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5776"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
setup.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
SYSTEM
Description:
Mozilla Maintenance Service Installer
Exit code:
0
Version:
127.0
Modules
Images
c:\program files\mozilla firefox\maintenanceservice_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
Total events
17 083
Read events
16 734
Write events
301
Delete events
48

Modification events

(PID) Process:(6640) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4800000000000000C1D83B4A36BCDA01F01900001C1A0000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6640) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000C1D83B4A36BCDA01F01900001C1A0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6640) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000C755AE4A36BCDA01F01900001C1A0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6640) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
48000000000000004FBAB04A36BCDA01F01900001C1A0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6640) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000181EB34A36BCDA01F01900001C1A0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6640) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000D8D1B74A36BCDA01F01900001C1A0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6640) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(6640) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
48000000000000008D70314B36BCDA01F01900001C1A0000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6640) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000008D70314B36BCDA01F0190000C41A0000E80300000100000000000000000000003F62990DF24B4B48A5FCBBB3A469D03200000000000000000000000000000000
(PID) Process:(6700) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000038D4334B36BCDA012C1A00004C1A0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
81
Suspicious files
47
Text files
44
Unknown types
13

Dropped files

PID
Process
Filename
Type
6640msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
6640msiexec.exeC:\WINDOWS\Installer\11ae0f.msi
MD5:
SHA256:
6640msiexec.exeC:\WINDOWS\Installer\MSIC4F3.tmp
MD5:
SHA256:
6640msiexec.exeC:\WINDOWS\Installer\MSIC6B9.tmp
MD5:
SHA256:
6428msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_0D0888CE7AC1F2D5AD77780722B1FE14binary
MD5:5CB7E4FB88135514D2DCEF27DE41764C
SHA256:47A0B51271E7154B3C50FACEEB72ACB575DDD024B8438C77C684C51093500F9E
1636MSIC6B9.tmpC:\Users\admin\AppData\Local\Temp\7zS46610B81\core\browser\omni.ja
MD5:
SHA256:
6640msiexec.exeC:\WINDOWS\TEMP\~DF945634CB6E3FD000.TMPbinary
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
6428msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_0D0888CE7AC1F2D5AD77780722B1FE14der
MD5:68FD13C0CE54004CC89F50081C0B32BE
SHA256:F020F5C0E2F037A2890136114A273E7667BB6E41EA3E024999016921390029B9
6640msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{0d99623f-4bf2-484b-a5fc-bbb3a469d032}_OnDiskSnapshotPropbinary
MD5:6BE12123804EACE133ECFB8A39551279
SHA256:B8C8A6BA9500C163564F367AF22CDEEBACA29F477671A275C0F31C7BF4D66A59
1636MSIC6B9.tmpC:\Users\admin\AppData\Local\Temp\7zS46610B81\core\application.initext
MD5:17FB24CDDEA6F570EDAD387333A9FD92
SHA256:4BEFBBCAFDCC0A0AFF0420E84469B824D1BB5C83C04978323A86B03EC16B935C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
25
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.19.126.133:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
5632
svchost.exe
GET
200
2.19.126.133:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
6428
msiexec.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwc0%2B6kft2noDJXOwFNCv0%3D
unknown
unknown
6428
msiexec.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D
unknown
unknown
GET
200
80.239.137.170:443
https://www.bing.com/manifest/threshold.appcache
unknown
text
3.36 Kb
GET
200
80.239.137.170:443
https://www.bing.com/rb/18/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=DyIrb3t-gQF4cnWyAbUBK6UBK7gB&or=w
unknown
s
21.3 Kb
POST
200
20.42.65.90:443
https://self.events.data.microsoft.com/OneCollector/1.0/
unknown
binary
9 b
POST
204
80.239.137.170:443
https://www.bing.com/threshold/xls.aspx
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5140
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
239.255.255.250:1900
unknown
5632
svchost.exe
2.19.126.133:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
2.19.126.133:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
5140
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
unknown
192.168.100.255:137
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.19.126.133
  • 2.19.126.146
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
self.events.data.microsoft.com
  • 20.189.173.12
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FirefoxSetup127.0.msi