File name:

DashboardSetup.exe

Full analysis: https://app.any.run/tasks/ef1a59c5-5e71-45b6-a71c-c56fd8da5874
Verdict: Malicious activity
Analysis date: November 02, 2024, 11:25:30
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

5A9C3FDD5109E8CA90D47316B7140865

SHA1:

78CC3934D4054C684B1424C022F78B3DA7CFA0C1

SHA256:

958DF4E8F09FBB0890D9CA1F77A8480515D523BFF7481DB9AEB2CC3508AFAFF0

SSDEEP:

49152:52IcwkU3DVOZxcwkU3OgcggdBbuSasJ7S/HU661IU30EHaU37:1c63DVixc63ASSq6L30Er37

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • cmd.exe (PID: 5476)
      • cmd.exe (PID: 1552)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)
      • loki_hal_setup.exe (PID: 6228)

    • Executable content was dropped or overwritten

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)
      • VC_redist.x86.exe (PID: 7120)
      • VC_redist.x86.exe (PID: 1952)
      • loki_hal_setup.exe (PID: 6228)
      • loki_hal_setup.exe (PID: 1428)
      • AacSetup.exe (PID: 3860)

    • Searches for installed software

      • DashboardInstaller.exe (PID: 4088)
      • loki_hal_setup.exe (PID: 6228)
      • VC_redist.x86.exe (PID: 1952)
      • dllhost.exe (PID: 5508)
      • AacSetup.exe (PID: 3860)

    • Creates a software uninstall entry

      • DashboardInstaller.exe (PID: 4088)

    • Process drops legitimate windows executable

      • VC_redist.x86.exe (PID: 7120)
      • DashboardInstaller.exe (PID: 4088)

    • Starts a Microsoft application from unusual location

      • VC_redist.x86.exe (PID: 1952)

    • Starts itself from another location

      • loki_hal_setup.exe (PID: 6228)

    • Starts CMD.EXE for commands execution

      • DashboardInstaller.exe (PID: 4088)
      • msiexec.exe (PID: 6684)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2056)

    • Drops 7-zip archiver for unpacking

      • DashboardInstaller.exe (PID: 4088)

    • The process drops C-runtime libraries

      • DashboardInstaller.exe (PID: 4088)

  • INFO

    • Reads the machine GUID from the registry

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)

    • Reads the computer name

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)
      • VC_redist.x86.exe (PID: 1952)
      • loki_hal_setup.exe (PID: 6228)
      • AacSetup.exe (PID: 3860)

    • Checks supported languages

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)
      • VC_redist.x86.exe (PID: 7120)
      • VC_redist.x86.exe (PID: 1952)
      • loki_hal_setup.exe (PID: 6228)
      • AacSetup.exe (PID: 3860)
      • loki_hal_setup.exe (PID: 1428)

    • Create files in a temporary directory

      • DashboardSetup.exe (PID: 6752)
      • VC_redist.x86.exe (PID: 1952)
      • loki_hal_setup.exe (PID: 6228)

    • The process uses the downloaded file

      • DashboardSetup.exe (PID: 6752)
      • loki_hal_setup.exe (PID: 6228)

    • Process checks computer location settings

      • DashboardSetup.exe (PID: 6752)
      • loki_hal_setup.exe (PID: 6228)

    • Checks proxy server information

      • DashboardInstaller.exe (PID: 4088)

    • Creates files or folders in the user directory

      • DashboardInstaller.exe (PID: 4088)

    • Manages system restore points

      • SrTasks.exe (PID: 3568)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 2068)

    • Disables trace logs

      • DashboardInstaller.exe (PID: 4088)

    • Reads the software policy settings

      • DashboardInstaller.exe (PID: 4088)

    • Creates files in the program directory

      • DashboardInstaller.exe (PID: 4088)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2055:06:28 19:56:51+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 48
CodeSize: 1222656
InitializedDataSize: 144384
UninitializedDataSize: -
EntryPoint: 0x12c61a
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: DashboardBootstrapper
FileVersion: 1.0.0.0
InternalName: DashboardSetup.exe
LegalCopyright: Copyright © 2023
LegalTrademarks: -
OriginalFileName: DashboardSetup.exe
ProductName: DashboardBootstrapper
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
160
Monitored processes
31
Malicious processes
4
Suspicious processes
3

Behavior graph

Click at the process to see the details
start dashboardsetup.exe dashboardinstaller.exe cmd.exe no specs conhost.exe no specs vc_redist.x86.exe vc_redist.x86.exe cmd.exe no specs conhost.exe no specs loki_hal_setup.exe loki_hal_setup.exe aacsetup.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe msiexec.exe no specs asusinstallverifier.exe no specs conhost.exe no specs asusinstallverifier.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs regsvr32.exe no specs cmd.exe no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs dashboard.exe no specs qtwebengineprocess.exe no specs qtwebengineprocess.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1428"C:\Program Files (x86)\Western Digital\SSD Dashboard\loki_hal_setup.exe" /install /quiet /norestartC:\Program Files (x86)\Western Digital\SSD Dashboard\loki_hal_setup.exe
cmd.exe
User:
admin
Company:
ENE TECHNOLOGY INC.
Integrity Level:
HIGH
Description:
ENE_QSI_Loki_HAL
Exit code:
0
Version:
1.0.3.0
Modules
Images
c:\program files (x86)\western digital\ssd dashboard\loki_hal_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1552"C:\WINDOWS\SysWOW64\cmd.exe" /C start /MIN /B regsvr32 /s "C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x64.dll"C:\Windows\SysWOW64\cmd.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
1952"C:\WINDOWS\Temp\{9FCF0A72-EA14-488C-8EFC-EF3DEA9FFEF5}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Program Files (x86)\Western Digital\SSD Dashboard\VC_redist.x86.exe" -burn.filehandle.attached=572 -burn.filehandle.self=568 /quiet /norestartC:\Windows\Temp\{9FCF0A72-EA14-488C-8EFC-EF3DEA9FFEF5}\.cr\VC_redist.x86.exe
VC_redist.x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325
Exit code:
1638
Version:
14.28.29325.2
Modules
Images
c:\windows\temp\{9fcf0a72-ea14-488c-8efc-ef3dea9ffef5}\.cr\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2056C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2068C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
3568C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Version:
10.0.19041.1 (WinBuild.160101.0800)
3764"C:\Program Files (x86)\Western Digital\SSD Dashboard\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=disabled --application-name=Dashboard --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=2640 /prefetch:8C:\Program Files (x86)\Western Digital\SSD Dashboard\QtWebEngineProcess.exeDashboard.exe
User:
admin
Company:
The Qt Company Ltd.
Integrity Level:
HIGH
Description:
C++ Application Development Framework
Version:
5.15.2.0
3860"C:\WINDOWS\Temp\{D36CFE51-1F2E-49F0-9774-8C2D1EE9EA3C}\.be\AacSetup.exe" -q -burn.elevated BurnPipe.{4B175CEF-0A82-4F0C-BD23-A3ACA38C5BC8} {86C70B79-AAB3-4D98-9B02-6F2CCC5B6525} 6228C:\Windows\Temp\{D36CFE51-1F2E-49F0-9774-8C2D1EE9EA3C}\.be\AacSetup.exe
loki_hal_setup.exe
User:
admin
Company:
ENE TECHNOLOGY INC.
Integrity Level:
HIGH
Description:
ENE_QSI_Loki_HAL
Exit code:
0
Version:
1.0.3.0
Modules
Images
c:\windows\temp\{d36cfe51-1f2e-49f0-9774-8c2d1ee9ea3c}\.be\aacsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3912\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4040"cmd.exe" /C "C:\Program Files (x86)\Western Digital\SSD Dashboard\VC_redist.x86.exe" /quiet /norestartC:\Windows\SysWOW64\cmd.exeDashboardInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1638
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
4 350
Read events
4 291
Write events
50
Delete events
9

Modification events

(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Western Digital\SSD Dashboard
Operation:writeName:CurrentCulture
Value:
en-US
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
Executable files
79
Suspicious files
110
Text files
68
Unknown types
0

Dropped files

PID
Process
Filename
Type
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\Dashboard.zip
MD5:
SHA256:
6752DashboardSetup.exeC:\Users\admin\AppData\Local\Temp\ubyote4z.5hs\DashboardInstaller.exeexecutable
MD5:3DEB91C124ADBE0B5E51A5F163B4FABE
SHA256:ED0899C0BA06559AAFBA91876585CC235AC4C6D242031F67C8B53D8FDE675EC3
6752DashboardSetup.exeC:\Users\admin\AppData\Local\Temp\ubyote4z.5hs\DashboardInstallerChecksumtext
MD5:80AF2CDE1D20717081135D1B5F6BFD5F
SHA256:84A2F7E346BE91422C4378C18BCAC9B8238B965C5F21732D5D9483191E1EEDB5
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\enable\asmedia.bkpini
MD5:70C343C1B3831C4CB23D35247A455E9E
SHA256:CD97D7CBBE7A5A8941EFCFC94161140D8C56DF5D5A58BBC199219FF5993AC05A
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\enable\device_type.bkptext
MD5:7B17A9AA2708F153B6B8A05BAF054C52
SHA256:D588B308368305B2A948B049A0AD393429C2316845E6B292E8304D7C751C5C27
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\DashboardChecksumtext
MD5:BB1F173B9D689BC8DD4336B18EED3E91
SHA256:B1CF534FD2578FDB5A431D675E7AE44DB6711A6CE7CECF01DFDC4B8CA19B5537
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\enable\interface.bkpini
MD5:99C5C192A1B3969516F6F5FA2F338AA8
SHA256:35D2C38BC6DE80598A1749A5AB137D8DBE42A95E18CE2A3C05A90974DA4EF0A6
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\3rdParty\ThirdPartyAttributions.txttext
MD5:F245EBB31A76F234AD2836AC06AD46F3
SHA256:2BCAD447D3AE299EEFD8AD8CDC378608B5971CEF2D473EFBED9A58282BABC70B
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\eula\cs-CZ-eula.htmlhtml
MD5:8CABDAB2B0A11AE474BA622E435485EE
SHA256:9178AE182C81D38DE21C78E6088535FA9377523D3FC764169A698257114761DB
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\enable\model.bkptext
MD5:A4235A60EC088EBEE96822B23A82363B
SHA256:CB5D61B20EE8D7D97DFBE772C2753D01C62F04D66767C3C5202E7E811C93A5B9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
46
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4004
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4232
SIHClient.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4232
SIHClient.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5892
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAhgz3NyaMjagOyqH4RaPSE%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4360
SearchApp.exe
2.16.204.149:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.37.237.227:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4088
DashboardInstaller.exe
3.161.82.45:443
wddashboarddownloads.wdc.com
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.16.204.149
  • 2.16.204.155
  • 2.16.204.157
  • 2.16.204.139
  • 2.16.204.135
  • 2.16.204.145
  • 2.16.204.146
  • 2.16.204.153
  • 2.16.204.156
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 23.37.237.227
whitelisted
google.com
  • 142.250.184.238
whitelisted
wddashboarddownloads.wdc.com
  • 3.161.82.45
  • 3.161.82.120
  • 3.161.82.26
  • 3.161.82.64
  • 13.227.219.104
  • 13.227.219.119
  • 13.227.219.69
  • 13.227.219.18
whitelisted
login.live.com
  • 40.126.32.136
  • 40.126.32.134
  • 20.190.160.14
  • 40.126.32.68
  • 40.126.32.133
  • 20.190.160.17
  • 20.190.160.20
  • 20.190.160.22
whitelisted
th.bing.com
  • 2.16.204.142
  • 2.16.204.153
  • 2.16.204.134
  • 2.16.204.155
  • 2.16.204.158
  • 2.16.204.141
  • 2.16.204.135
  • 2.16.204.139
  • 2.16.204.157
whitelisted
go.microsoft.com
  • 23.218.210.69
  • 184.28.89.167
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
DashboardSetup.exe