File name:

liquidlauncher_0.2.5_x64_en-US.msi

Full analysis: https://app.any.run/tasks/b29ee547-ca1d-40cb-a353-8c9f65873059
Verdict: Malicious activity
Analysis date: March 27, 2024, 07:02:06
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: liquidlauncher, Author: CCBlueX, Keywords: Installer, Comments: This installer database contains the logic and data required to install liquidlauncher., Template: x64;0, Revision Number: {94882E26-71B7-4273-BCE8-15B0F9EECC4C}, Create Time/Date: Sat Mar 23 00:33:12 2024, Last Saved Time/Date: Sat Mar 23 00:33:12 2024, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
MD5:

DC33C92A4FF59C3E7EAD5155F372D017

SHA1:

B53B631837E6142FC70D5130EA8CAC66ABC84588

SHA256:

2803951E49E45D8EB4113E963C2DFEB9F3727C765C39C0F50779FF5D93556DC9

SSDEEP:

98304:Z0i18didvBIhslfdNos8DiI6zteNPfKOGlWUQxY4KEPQ3m0LmagWhYoo69OluGF+:BczIi+r4HAOg7yTZkO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 6648)
      • msiexec.exe (PID: 2828)
      • msedgewebview2.exe (PID: 3848)
      • msedgewebview2.exe (PID: 4728)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 4888)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 3536)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 2204)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 2828)

    • Non-standard symbols in registry

      • msiexec.exe (PID: 2828)

    • Reads the date of Windows installation

      • msiexec.exe (PID: 1532)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 1532)
      • msedgewebview2.exe (PID: 4888)

    • Application launched itself

      • msedgewebview2.exe (PID: 4888)

    • Process requests binary or script from the Internet

      • msedgewebview2.exe (PID: 4468)

    • Searches for installed software

      • msedgewebview2.exe (PID: 4888)

    • Process drops legitimate windows executable

      • msedgewebview2.exe (PID: 3848)

  • INFO

    • Reads the computer name

      • msiexec.exe (PID: 2828)
      • msiexec.exe (PID: 1532)
      • liquidlauncher.exe (PID: 6236)
      • msedgewebview2.exe (PID: 3536)
      • msedgewebview2.exe (PID: 4468)
      • msedgewebview2.exe (PID: 4888)
      • msedgewebview2.exe (PID: 3668)

    • Checks supported languages

      • msiexec.exe (PID: 2828)
      • msiexec.exe (PID: 1532)
      • liquidlauncher.exe (PID: 6236)
      • msedgewebview2.exe (PID: 4888)
      • msedgewebview2.exe (PID: 3536)
      • msedgewebview2.exe (PID: 5228)
      • msedgewebview2.exe (PID: 4468)
      • msedgewebview2.exe (PID: 2388)
      • msedgewebview2.exe (PID: 3404)
      • msedgewebview2.exe (PID: 3756)
      • msedgewebview2.exe (PID: 3848)
      • msedgewebview2.exe (PID: 1108)
      • msedgewebview2.exe (PID: 6284)
      • msedgewebview2.exe (PID: 3668)
      • msedgewebview2.exe (PID: 4728)
      • msedgewebview2.exe (PID: 4404)
      • msedgewebview2.exe (PID: 6352)
      • msedgewebview2.exe (PID: 6276)
      • msedgewebview2.exe (PID: 5308)
      • msedgewebview2.exe (PID: 700)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2828)

    • Process checks computer location settings

      • msiexec.exe (PID: 1532)
      • msedgewebview2.exe (PID: 4888)
      • msedgewebview2.exe (PID: 2388)
      • msedgewebview2.exe (PID: 3756)

    • Creates files or folders in the user directory

      • liquidlauncher.exe (PID: 6236)
      • msedgewebview2.exe (PID: 4888)
      • msedgewebview2.exe (PID: 4468)
      • msedgewebview2.exe (PID: 3404)
      • msedgewebview2.exe (PID: 3668)

    • Reads product name

      • liquidlauncher.exe (PID: 6236)

    • Reads Environment values

      • liquidlauncher.exe (PID: 6236)
      • msedgewebview2.exe (PID: 4888)

    • Checks proxy server information

      • msedgewebview2.exe (PID: 4888)
      • liquidlauncher.exe (PID: 6236)
      • slui.exe (PID: 5116)

    • Create files in a temporary directory

      • msedgewebview2.exe (PID: 4888)

    • Reads the machine GUID from the registry

      • msedgewebview2.exe (PID: 4888)
      • liquidlauncher.exe (PID: 6236)
      • msedgewebview2.exe (PID: 3668)

    • Dropped object may contain TOR URL's

      • msedgewebview2.exe (PID: 4728)

    • Reads the software policy settings

      • liquidlauncher.exe (PID: 6236)
      • slui.exe (PID: 5116)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: liquidlauncher
Author: CCBlueX
Keywords: Installer
Comments: This installer database contains the logic and data required to install liquidlauncher.
Template: x64;0
RevisionNumber: {94882E26-71B7-4273-BCE8-15B0F9EECC4C}
CreateDate: 2024:03:23 00:33:12
ModifyDate: 2024:03:23 00:33:12
Pages: 450
Words: 2
Software: Windows Installer XML Toolset (3.11.2.4516)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
169
Monitored processes
27
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs slui.exe no specs liquidlauncher.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs slui.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs filecoauth.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
700"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView" --webview-exe-name=liquidlauncher.exe --webview-exe-version=0.2.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=760 --field-trial-handle=1780,i,10585127135652555000,791687728604984434,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
122.0.2365.66
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\122.0.2365.66\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.66\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1080\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1108C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
1108"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView" --webview-exe-name=liquidlauncher.exe --webview-exe-version=0.2.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=2184 --field-trial-handle=1780,i,10585127135652555000,791687728604984434,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
122.0.2365.66
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\122.0.2365.66\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.66\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1256C:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe -EmbeddingC:\Users\admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft OneDriveFile Co-Authoring Executable
Exit code:
0
Version:
19.043.0304.0013
Modules
Images
c:\users\admin\appdata\local\microsoft\onedrive\19.043.0304.0013\filecoauth.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
1532C:\Windows\syswow64\MsiExec.exe -Embedding D5B594820EA6934C32717CB0A0BC6389 CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2204C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2388"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView" --webview-exe-name=liquidlauncher.exe --webview-exe-version=0.2.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_GB" --mojo-platform-channel-handle=3524 --field-trial-handle=1780,i,10585127135652555000,791687728604984434,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
122.0.2365.66
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\122.0.2365.66\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.66\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2828C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3404"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.95 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.66 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffa6aa25fd8,0x7ffa6aa25fe4,0x7ffa6aa25ff0C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
122.0.2365.66
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\122.0.2365.66\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.66\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
19 071
Read events
18 727
Write events
324
Delete events
20

Modification events

(PID) Process:(2828) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4800000000000000235E48C11480DA010C0B000058090000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2828) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000235E48C11480DA010C0B000058090000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2828) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000F0F470C11480DA010C0B000058090000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2828) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000F0F470C11480DA010C0B000058090000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2828) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000F0F470C11480DA010C0B000058090000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2828) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
480000000000000078A975C11480DA010C0B000058090000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2828) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
6
(PID) Process:(2828) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
480000000000000057AFB3C11480DA010C0B000058090000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2828) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000009613B6C11480DA010C0B0000C4160000E8030000010000000000000000000000DE49BD60183A984A81C06F3AF7B2B34700000000000000000000000000000000
(PID) Process:(2204) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000005144BDC11480DA019C080000A8130000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
14
Suspicious files
46
Text files
41
Unknown types
173

Dropped files

PID
Process
Filename
Type
6648msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI530D.tmpexecutable
MD5:
SHA256:
2828msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:
SHA256:
2828msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{60bd49de-3a18-4a98-81c0-6f3af7b2b347}_OnDiskSnapshotProp
MD5:
SHA256:
2828msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
2828msiexec.exeC:\WINDOWS\Installer\e8c6d.msi
MD5:
SHA256:
2828msiexec.exeC:\WINDOWS\Installer\MSI8F99.tmpbinary
MD5:
SHA256:
2828msiexec.exeC:\WINDOWS\Installer\inprogressinstallinfo.ipi
MD5:
SHA256:
2828msiexec.exeC:\WINDOWS\TEMP\~DFC0223C9D93C3C50B.TMPbinary
MD5:
SHA256:
2828msiexec.exeC:\WINDOWS\TEMP\~DFF74D76449A2B05D1.TMPbinary
MD5:
SHA256:
2828msiexec.exeC:\Program Files\liquidlauncher\liquidlauncher.exeexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
159
TCP/UDP connections
145
DNS requests
72
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
304
52.165.165.26:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19044.1288/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.1288&MK=DELL&MD=DELL
unknown
3912
SIHClient.exe
GET
200
52.165.165.26:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19044.1288/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.1288&MK=DELL&MD=DELL
unknown
3996
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
3124
svchost.exe
POST
184.28.89.167:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
unknown
3912
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
unknown
3912
SIHClient.exe
GET
200
2.16.164.24:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
unknown
3912
SIHClient.exe
GET
200
2.16.164.24:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
unknown
3912
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
3912
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
unknown
3912
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3912
SIHClient.exe
13.85.23.86:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3912
SIHClient.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
3996
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
unknown
3912
SIHClient.exe
2.16.164.24:80
crl.microsoft.com
Akamai International B.V.
NL
unknown
3124
svchost.exe
184.28.89.167:80
go.microsoft.com
AKAMAI-AS
US
unknown
6616
backgroundTaskHost.exe
20.74.47.205:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
unknown
3996
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
5272
SearchApp.exe
104.126.37.139:443
www.bing.com
Akamai International B.V.
DE
unknown
5456
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3912
SIHClient.exe
52.165.164.15:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
slscr.update.microsoft.com
  • 13.85.23.86
  • 40.68.123.157
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.microsoft.com
  • 2.16.164.24
  • 2.16.164.97
  • 2.16.164.106
  • 2.16.164.72
  • 2.16.164.99
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
arc.msn.com
  • 20.74.47.205
whitelisted
www.bing.com
  • 104.126.37.139
  • 104.126.37.137
  • 104.126.37.131
  • 104.126.37.147
  • 104.126.37.146
  • 104.126.37.136
  • 104.126.37.144
  • 104.126.37.130
  • 104.126.37.152
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
login.live.com
  • 20.190.160.17
  • 20.190.160.22
  • 40.126.32.68
  • 20.190.160.14
  • 40.126.32.74
  • 40.126.32.134
  • 40.126.32.140
  • 40.126.32.72
  • 40.126.32.133
  • 20.190.160.20
  • 40.126.32.136
  • 40.126.32.76
whitelisted

Threats

No threats detected
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
liquidlauncher_0.2.5_x64_en-US.msi