File name:

DashboardSetup.exe

Full analysis: https://app.any.run/tasks/ef1a59c5-5e71-45b6-a71c-c56fd8da5874
Verdict: Malicious activity
Analysis date: November 02, 2024, 11:25:30
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

5A9C3FDD5109E8CA90D47316B7140865

SHA1:

78CC3934D4054C684B1424C022F78B3DA7CFA0C1

SHA256:

958DF4E8F09FBB0890D9CA1F77A8480515D523BFF7481DB9AEB2CC3508AFAFF0

SSDEEP:

49152:52IcwkU3DVOZxcwkU3OgcggdBbuSasJ7S/HU661IU30EHaU37:1c63DVixc63ASSq6L30Er37

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • cmd.exe (PID: 1552)
      • cmd.exe (PID: 5476)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)
      • VC_redist.x86.exe (PID: 7120)
      • VC_redist.x86.exe (PID: 1952)
      • loki_hal_setup.exe (PID: 1428)
      • loki_hal_setup.exe (PID: 6228)
      • AacSetup.exe (PID: 3860)

    • Reads security settings of Internet Explorer

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)
      • loki_hal_setup.exe (PID: 6228)

    • The process drops C-runtime libraries

      • DashboardInstaller.exe (PID: 4088)

    • Drops 7-zip archiver for unpacking

      • DashboardInstaller.exe (PID: 4088)

    • Process drops legitimate windows executable

      • DashboardInstaller.exe (PID: 4088)
      • VC_redist.x86.exe (PID: 7120)

    • Searches for installed software

      • DashboardInstaller.exe (PID: 4088)
      • VC_redist.x86.exe (PID: 1952)
      • loki_hal_setup.exe (PID: 6228)
      • AacSetup.exe (PID: 3860)
      • dllhost.exe (PID: 5508)

    • Creates a software uninstall entry

      • DashboardInstaller.exe (PID: 4088)

    • Starts a Microsoft application from unusual location

      • VC_redist.x86.exe (PID: 1952)

    • Starts CMD.EXE for commands execution

      • DashboardInstaller.exe (PID: 4088)
      • msiexec.exe (PID: 6684)

    • Starts itself from another location

      • loki_hal_setup.exe (PID: 6228)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2056)

  • INFO

    • Reads the computer name

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)
      • VC_redist.x86.exe (PID: 1952)
      • loki_hal_setup.exe (PID: 6228)
      • AacSetup.exe (PID: 3860)

    • Checks supported languages

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)
      • VC_redist.x86.exe (PID: 7120)
      • VC_redist.x86.exe (PID: 1952)
      • loki_hal_setup.exe (PID: 1428)
      • loki_hal_setup.exe (PID: 6228)
      • AacSetup.exe (PID: 3860)

    • Checks proxy server information

      • DashboardInstaller.exe (PID: 4088)

    • Disables trace logs

      • DashboardInstaller.exe (PID: 4088)

    • Reads the machine GUID from the registry

      • DashboardSetup.exe (PID: 6752)
      • DashboardInstaller.exe (PID: 4088)

    • The process uses the downloaded file

      • DashboardSetup.exe (PID: 6752)
      • loki_hal_setup.exe (PID: 6228)

    • Create files in a temporary directory

      • DashboardSetup.exe (PID: 6752)
      • VC_redist.x86.exe (PID: 1952)
      • loki_hal_setup.exe (PID: 6228)

    • Process checks computer location settings

      • DashboardSetup.exe (PID: 6752)
      • loki_hal_setup.exe (PID: 6228)

    • Reads the software policy settings

      • DashboardInstaller.exe (PID: 4088)

    • Creates files in the program directory

      • DashboardInstaller.exe (PID: 4088)

    • Creates files or folders in the user directory

      • DashboardInstaller.exe (PID: 4088)

    • Manages system restore points

      • SrTasks.exe (PID: 3568)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 2068)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2055:06:28 19:56:51+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 48
CodeSize: 1222656
InitializedDataSize: 144384
UninitializedDataSize: -
EntryPoint: 0x12c61a
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: DashboardBootstrapper
FileVersion: 1.0.0.0
InternalName: DashboardSetup.exe
LegalCopyright: Copyright © 2023
LegalTrademarks: -
OriginalFileName: DashboardSetup.exe
ProductName: DashboardBootstrapper
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
160
Monitored processes
31
Malicious processes
4
Suspicious processes
3

Behavior graph

Click at the process to see the details
start dashboardsetup.exe dashboardinstaller.exe cmd.exe no specs conhost.exe no specs vc_redist.x86.exe vc_redist.x86.exe cmd.exe no specs conhost.exe no specs loki_hal_setup.exe loki_hal_setup.exe aacsetup.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe msiexec.exe no specs asusinstallverifier.exe no specs conhost.exe no specs asusinstallverifier.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs regsvr32.exe no specs cmd.exe no specs conhost.exe no specs regsvr32.exe no specs regsvr32.exe no specs dashboard.exe no specs qtwebengineprocess.exe no specs qtwebengineprocess.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1428"C:\Program Files (x86)\Western Digital\SSD Dashboard\loki_hal_setup.exe" /install /quiet /norestartC:\Program Files (x86)\Western Digital\SSD Dashboard\loki_hal_setup.exe
cmd.exe
User:
admin
Company:
ENE TECHNOLOGY INC.
Integrity Level:
HIGH
Description:
ENE_QSI_Loki_HAL
Exit code:
0
Version:
1.0.3.0
Modules
Images
c:\program files (x86)\western digital\ssd dashboard\loki_hal_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1552"C:\WINDOWS\SysWOW64\cmd.exe" /C start /MIN /B regsvr32 /s "C:\Program Files\ENE\Aac_ENE_QSI_Loki_HAL\AacHal_x64.dll"C:\Windows\SysWOW64\cmd.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
1952"C:\WINDOWS\Temp\{9FCF0A72-EA14-488C-8EFC-EF3DEA9FFEF5}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Program Files (x86)\Western Digital\SSD Dashboard\VC_redist.x86.exe" -burn.filehandle.attached=572 -burn.filehandle.self=568 /quiet /norestartC:\Windows\Temp\{9FCF0A72-EA14-488C-8EFC-EF3DEA9FFEF5}\.cr\VC_redist.x86.exe
VC_redist.x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325
Exit code:
1638
Version:
14.28.29325.2
Modules
Images
c:\windows\temp\{9fcf0a72-ea14-488c-8efc-ef3dea9ffef5}\.cr\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2056C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2068C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
3568C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Version:
10.0.19041.1 (WinBuild.160101.0800)
3764"C:\Program Files (x86)\Western Digital\SSD Dashboard\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=disabled --application-name=Dashboard --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=2640 /prefetch:8C:\Program Files (x86)\Western Digital\SSD Dashboard\QtWebEngineProcess.exeDashboard.exe
User:
admin
Company:
The Qt Company Ltd.
Integrity Level:
HIGH
Description:
C++ Application Development Framework
Version:
5.15.2.0
3860"C:\WINDOWS\Temp\{D36CFE51-1F2E-49F0-9774-8C2D1EE9EA3C}\.be\AacSetup.exe" -q -burn.elevated BurnPipe.{4B175CEF-0A82-4F0C-BD23-A3ACA38C5BC8} {86C70B79-AAB3-4D98-9B02-6F2CCC5B6525} 6228C:\Windows\Temp\{D36CFE51-1F2E-49F0-9774-8C2D1EE9EA3C}\.be\AacSetup.exe
loki_hal_setup.exe
User:
admin
Company:
ENE TECHNOLOGY INC.
Integrity Level:
HIGH
Description:
ENE_QSI_Loki_HAL
Exit code:
0
Version:
1.0.3.0
Modules
Images
c:\windows\temp\{d36cfe51-1f2e-49f0-9774-8c2d1ee9ea3c}\.be\aacsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3912\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4040"cmd.exe" /C "C:\Program Files (x86)\Western Digital\SSD Dashboard\VC_redist.x86.exe" /quiet /norestartC:\Windows\SysWOW64\cmd.exeDashboardInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1638
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
4 350
Read events
4 291
Write events
50
Delete events
9

Modification events

(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Western Digital\SSD Dashboard
Operation:writeName:CurrentCulture
Value:
en-US
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(4088) DashboardInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DashboardInstaller_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
Executable files
79
Suspicious files
110
Text files
68
Unknown types
0

Dropped files

PID
Process
Filename
Type
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\Dashboard.zip
MD5:
SHA256:
6752DashboardSetup.exeC:\Users\admin\AppData\Local\Temp\ubyote4z.5hs\DashboardInstallerChecksumtext
MD5:80AF2CDE1D20717081135D1B5F6BFD5F
SHA256:84A2F7E346BE91422C4378C18BCAC9B8238B965C5F21732D5D9483191E1EEDB5
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\DashboardChecksumtext
MD5:BB1F173B9D689BC8DD4336B18EED3E91
SHA256:B1CF534FD2578FDB5A431D675E7AE44DB6711A6CE7CECF01DFDC4B8CA19B5537
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\3rdParty\ThirdPartyAttributions.txttext
MD5:F245EBB31A76F234AD2836AC06AD46F3
SHA256:2BCAD447D3AE299EEFD8AD8CDC378608B5971CEF2D473EFBED9A58282BABC70B
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\eula\ja-JP-eula.htmlhtml
MD5:A461BFC22E7FFECD35EFC4D0332323A8
SHA256:A0388B7640FDACA7B498BE38CFCFE8C881B85C2DE9FCA5A8343E0C073FCE0B5A
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\enable\model.bkptext
MD5:A4235A60EC088EBEE96822B23A82363B
SHA256:CB5D61B20EE8D7D97DFBE772C2753D01C62F04D66767C3C5202E7E811C93A5B9
6752DashboardSetup.exeC:\Users\admin\AppData\Local\Temp\ubyote4z.5hs\DashboardInstaller.exeexecutable
MD5:3DEB91C124ADBE0B5E51A5F163B4FABE
SHA256:ED0899C0BA06559AAFBA91876585CC235AC4C6D242031F67C8B53D8FDE675EC3
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\enable\asmedia.bkpini
MD5:70C343C1B3831C4CB23D35247A455E9E
SHA256:CD97D7CBBE7A5A8941EFCFC94161140D8C56DF5D5A58BBC199219FF5993AC05A
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\enable\raid.bkptext
MD5:619055F12D363E039F62F4563ED3C64E
SHA256:83FF015CDA67BDC173DD32A35EC92FE84D60FA6B92714E24574FB388B5A1C05C
4088DashboardInstaller.exeC:\Program Files (x86)\Western Digital\SSD Dashboard\eula\cs-CZ-eula.htmlhtml
MD5:8CABDAB2B0A11AE474BA622E435485EE
SHA256:9178AE182C81D38DE21C78E6088535FA9377523D3FC764169A698257114761DB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
46
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5892
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4004
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4232
SIHClient.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4232
SIHClient.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAhgz3NyaMjagOyqH4RaPSE%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4360
SearchApp.exe
2.16.204.149:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.37.237.227:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4088
DashboardInstaller.exe
3.161.82.45:443
wddashboarddownloads.wdc.com
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.16.204.149
  • 2.16.204.155
  • 2.16.204.157
  • 2.16.204.139
  • 2.16.204.135
  • 2.16.204.145
  • 2.16.204.146
  • 2.16.204.153
  • 2.16.204.156
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 23.37.237.227
whitelisted
google.com
  • 142.250.184.238
whitelisted
wddashboarddownloads.wdc.com
  • 3.161.82.45
  • 3.161.82.120
  • 3.161.82.26
  • 3.161.82.64
  • 13.227.219.104
  • 13.227.219.119
  • 13.227.219.69
  • 13.227.219.18
whitelisted
login.live.com
  • 40.126.32.136
  • 40.126.32.134
  • 20.190.160.14
  • 40.126.32.68
  • 40.126.32.133
  • 20.190.160.17
  • 20.190.160.20
  • 20.190.160.22
whitelisted
th.bing.com
  • 2.16.204.142
  • 2.16.204.153
  • 2.16.204.134
  • 2.16.204.155
  • 2.16.204.158
  • 2.16.204.141
  • 2.16.204.135
  • 2.16.204.139
  • 2.16.204.157
whitelisted
go.microsoft.com
  • 23.218.210.69
  • 184.28.89.167
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DashboardSetup.exe