File name:

DashboardSetup.exe

Full analysis: https://app.any.run/tasks/ef1a59c5-5e71-45b6-a71c-c56fd8da5874
Verdict: Malicious activity
Analysis date: November 02, 2024, 11:25:30
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

5A9C3FDD5109E8CA90D47316B7140865

SHA1:

78CC3934D4054C684B1424C022F78B3DA7CFA0C1

SHA256:

958DF4E8F09FBB0890D9CA1F77A8480515D523BFF7481DB9AEB2CC3508AFAFF0

SSDEEP:

49152:52IcwkU3DVOZxcwkU3OgcggdBbuSasJ7S/HU661IU30EHaU37:1c63DVixc63ASSq6L30Er37

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • cmd.exe (PID: 5476)
      • cmd.exe (PID: 1552)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)
      • loki_hal_setup.exe (PID: 6228)

    • Executable content was dropped or overwritten

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)
      • VC_redist.x86.exe (PID: 7120)
      • VC_redist.x86.exe (PID: 1952)
      • loki_hal_setup.exe (PID: 1428)
      • loki_hal_setup.exe (PID: 6228)
      • AacSetup.exe (PID: 3860)

    • Drops 7-zip archiver for unpacking

      • DashboardInstaller.exe (PID: 4088)

    • The process drops C-runtime libraries

      • DashboardInstaller.exe (PID: 4088)

    • Process drops legitimate windows executable

      • DashboardInstaller.exe (PID: 4088)
      • VC_redist.x86.exe (PID: 7120)

    • Creates a software uninstall entry

      • DashboardInstaller.exe (PID: 4088)

    • Starts a Microsoft application from unusual location

      • VC_redist.x86.exe (PID: 1952)

    • Starts CMD.EXE for commands execution

      • DashboardInstaller.exe (PID: 4088)
      • msiexec.exe (PID: 6684)

    • Searches for installed software

      • VC_redist.x86.exe (PID: 1952)
      • DashboardInstaller.exe (PID: 4088)
      • AacSetup.exe (PID: 3860)
      • dllhost.exe (PID: 5508)
      • loki_hal_setup.exe (PID: 6228)

    • Starts itself from another location

      • loki_hal_setup.exe (PID: 6228)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2056)

  • INFO

    • Checks supported languages

      • DashboardInstaller.exe (PID: 4088)
      • DashboardSetup.exe (PID: 6752)
      • VC_redist.x86.exe (PID: 7120)
      • VC_redist.x86.exe (PID: 1952)
      • loki_hal_setup.exe (PID: 1428)
      • loki_hal_setup.exe (PID: 6228)
      • AacSetup.exe (PID: 3860)

    • Reads the computer name

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)
      • VC_redist.x86.exe (PID: 1952)
      • AacSetup.exe (PID: 3860)
      • loki_hal_setup.exe (PID: 6228)

    • Reads the machine GUID from the registry

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)

    • The process uses the downloaded file

      • DashboardSetup.exe (PID: 6752)
      • loki_hal_setup.exe (PID: 6228)

    • Create files in a temporary directory

      • DashboardSetup.exe (PID: 6752)
      • VC_redist.x86.exe (PID: 1952)
      • loki_hal_setup.exe (PID: 6228)

    • Process checks computer location settings

      • DashboardSetup.exe (PID: 6752)
      • loki_hal_setup.exe (PID: 6228)

    • Disables trace logs

      • DashboardInstaller.exe (PID: 4088)

    • Checks proxy server information

      • DashboardInstaller.exe (PID: 4088)

    • Creates files in the program directory

      • DashboardInstaller.exe (PID: 4088)

    • Reads the software policy settings

      • DashboardInstaller.exe (PID: 4088)

    • Creates files or folders in the user directory

      • DashboardInstaller.exe (PID: 4088)

    • Manages system restore points

      • SrTasks.exe (PID: 3568)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 2068)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2055:06:28 19:56:51+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 48
CodeSize: 1222656
InitializedDataSize: 144384
UninitializedDataSize: -
EntryPoint: 0x12c61a
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: DashboardBootstrapper
FileVersion: 1.0.0.0
InternalName: DashboardSetup.exe
LegalCopyright: Copyright © 2023
LegalTrademarks: -
OriginalFileName: DashboardSetup.exe
ProductName: DashboardBootstrapper
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
160
Monitored processes
31
Malicious processes
4
Suspicious processes
3

Behavior graph

Click at the process to see the details
start dashboardsetup.exe dashboardinstaller.exe cmd.exe no specs conhost.exe no specs vc_redist.x86.exe vc_redist.x86.exe cmd.exe no specs conhost.exe no specs loki_hal_setup.exe loki_hal_setup.exe aacsetup.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe msiexec.exe no specs asusinstallverifier.exe no specs conhost.exe no specs asusinstallverifier.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs regsvr32.exe no specs cmd.exe no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs dashboard.exe no specs qtwebengineprocess.exe no specs qtwebengineprocess.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1428"C:\Program Files (x86)\Western Digital\SSD Dashboard\loki_hal_setup.exe" /install /quiet /norestartC:\Program Files (x86)\Western Digital\SSD Dashboard\loki_hal_setup.exe
cmd.exe
User:
admin
Company:
ENE TECHNOLOGY INC.
Integrity Level:
HIGH
Description:
ENE_QSI_Loki_HAL
Exit code:
0
Version:
1.0.3.0
Modules
Images
c:\program files (x86)\western digital\ssd dashboard\loki_hal_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1552"C:\WINDOWS\SysWOW64\cmd.exe" /C start /MIN /B regsvr32 /s "C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x64.dll"C:\Windows\SysWOW64\cmd.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
1952"C:\WINDOWS\Temp\{9FCF0A72-EA14-488C-8EFC-EF3DEA9FFEF5}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Program Files (x86)\Western Digital\SSD Dashboard\VC_redist.x86.exe" -burn.filehandle.attached=572 -burn.filehandle.self=568 /quiet /norestartC:\Windows\Temp\{9FCF0A72-EA14-488C-8EFC-EF3DEA9FFEF5}\.cr\VC_redist.x86.exe
VC_redist.x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325
Exit code:
1638
Version:
14.28.29325.2
Modules
Images
c:\windows\temp\{9fcf0a72-ea14-488c-8efc-ef3dea9ffef5}\.cr\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2056C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2068C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
3568C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Version:
10.0.19041.1 (WinBuild.160101.0800)
3764"C:\Program Files (x86)\Western Digital\SSD Dashboard\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=disabled --application-name=Dashboard --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=2640 /prefetch:8C:\Program Files (x86)\Western Digital\SSD Dashboard\QtWebEngineProcess.exeDashboard.exe
User:
admin
Company:
The Qt Company Ltd.
Integrity Level:
HIGH
Description:
C++ Application Development Framework
Version:
5.15.2.0
3860"C:\WINDOWS\Temp\{D36CFE51-1F2E-49F0-9774-8C2D1EE9EA3C}\.be\AacSetup.exe" -q -burn.elevated BurnPipe.{4B175CEF-0A82-4F0C-BD23-A3ACA38C5BC8} {86C70B79-AAB3-4D98-9B02-6F2CCC5B6525} 6228C:\Windows\Temp\{D36CFE51-1F2E-49F0-9774-8C2D1EE9EA3C}\.be\AacSetup.exe
loki_hal_setup.exe
User:
admin
Company:
ENE TECHNOLOGY INC.
Integrity Level:
HIGH
Description:
ENE_QSI_Loki_HAL
Exit code:
0
Version:
1.0.3.0
Modules
Images
c:\windows\temp\{d36cfe51-1f2e-49f0-9774-8c2d1ee9ea3c}\.be\aacsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3912\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4040"cmd.exe" /C "C:\Program Files (x86)\Western Digital\SSD Dashboard\VC_redist.x86.exe" /quiet /norestartC:\Windows\SysWOW64\cmd.exeDashboardInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1638
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
4 350
Read events
4 291
Write events
50
Delete events
9

Modification events

(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Western Digital\SSD Dashboard
Operation:writeName:CurrentCulture
Value:
en-US
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
Executable files
79
Suspicious files
110
Text files
68
Unknown types
0

Dropped files

PID
Process
Filename
Type
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\Dashboard.zip
MD5:
SHA256:
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\DashboardChecksumtext
MD5:BB1F173B9D689BC8DD4336B18EED3E91
SHA256:B1CF534FD2578FDB5A431D675E7AE44DB6711A6CE7CECF01DFDC4B8CA19B5537
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\enable\device_type.bkptext
MD5:7B17A9AA2708F153B6B8A05BAF054C52
SHA256:D588B308368305B2A948B049A0AD393429C2316845E6B292E8304D7C751C5C27
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\enable\asmedia.bkpini
MD5:70C343C1B3831C4CB23D35247A455E9E
SHA256:CD97D7CBBE7A5A8941EFCFC94161140D8C56DF5D5A58BBC199219FF5993AC05A
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\enable\os.bkptext
MD5:46CA111E8ACB6638747AFC4B8C0B4AAC
SHA256:3E1A16A1B9AEEF564CE591C9649C76FCEEE556E35A5C6684AE05B2CEA481A408
6752DashboardSetup.exeC:\Users\admin\AppData\Local\Temp\ubyote4z.5hs\DashboardInstallerChecksumtext
MD5:80AF2CDE1D20717081135D1B5F6BFD5F
SHA256:84A2F7E346BE91422C4378C18BCAC9B8238B965C5F21732D5D9483191E1EEDB5
6752DashboardSetup.exeC:\Users\admin\AppData\Local\Temp\ubyote4z.5hs\DashboardInstaller.exeexecutable
MD5:3DEB91C124ADBE0B5E51A5F163B4FABE
SHA256:ED0899C0BA06559AAFBA91876585CC235AC4C6D242031F67C8B53D8FDE675EC3
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\enable\driver.bkptext
MD5:913F2D58B6B504E1A01994ABEE9D7694
SHA256:F02EFE55D87E0DDFE777049C7CDF4FDFDC9A10C34B1C3AFE5F22888B3704437E
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\eula\fr-FR-eula.htmlhtml
MD5:C326A829F1CCEBCAA4B67BA996077691
SHA256:0FBF966EF99F43B3A911C62F234B408FEC9A9E039D43D6567C63BAC289F3E7B6
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\eula\de-DE-eula.htmlhtml
MD5:5DE20FA1AF3561884520BBA1FB5B743E
SHA256:F084FE75D4C05E08DB59C2025CF6C44398759C2AA52B23269A91859E3DE89362
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
46
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4004
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4232
SIHClient.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4232
SIHClient.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5892
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAhgz3NyaMjagOyqH4RaPSE%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4360
SearchApp.exe
2.16.204.149:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.37.237.227:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4088
DashboardInstaller.exe
3.161.82.45:443
wddashboarddownloads.wdc.com
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.16.204.149
  • 2.16.204.155
  • 2.16.204.157
  • 2.16.204.139
  • 2.16.204.135
  • 2.16.204.145
  • 2.16.204.146
  • 2.16.204.153
  • 2.16.204.156
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 23.37.237.227
whitelisted
google.com
  • 142.250.184.238
whitelisted
wddashboarddownloads.wdc.com
  • 3.161.82.45
  • 3.161.82.120
  • 3.161.82.26
  • 3.161.82.64
  • 13.227.219.104
  • 13.227.219.119
  • 13.227.219.69
  • 13.227.219.18
whitelisted
login.live.com
  • 40.126.32.136
  • 40.126.32.134
  • 20.190.160.14
  • 40.126.32.68
  • 40.126.32.133
  • 20.190.160.17
  • 20.190.160.20
  • 20.190.160.22
whitelisted
th.bing.com
  • 2.16.204.142
  • 2.16.204.153
  • 2.16.204.134
  • 2.16.204.155
  • 2.16.204.158
  • 2.16.204.141
  • 2.16.204.135
  • 2.16.204.139
  • 2.16.204.157
whitelisted
go.microsoft.com
  • 23.218.210.69
  • 184.28.89.167
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DashboardSetup.exe