File name:

SupportAssistLauncher.exe

Full analysis: https://app.any.run/tasks/c0b83495-e36d-4695-9d3e-8951f9fd9d53
Verdict: Malicious activity
Analysis date: August 14, 2024, 10:44:27
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

84B087E870E3D3C6A2527DF7CB09E17C

SHA1:

CD960DA3740CDA1799CB072E1B90079415E46799

SHA256:

ACDE4F1C50F0FF2D01C333DDA68D894CC95D3E7526633B0F49456F587D0B1D17

SSDEEP:

49152:j5XUDFzatFkEvRHVj6hwybFxoAVw4h248Ys5qwwIZ2VBXJvEk7ks5RxUh1LPZZMr:j5XIF2tVHVjYFxoEw4h2CYqw14ZEk7ks

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-6.0.28-win-x64.exe (PID: 6284)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • SupportAssistLauncher.exe (PID: 6380)
      • SupportAssistInstaller.exe (PID: 6488)
      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 2852)
      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 3916)
      • windowsdesktop-runtime-6.0.28-win-x64.exe (PID: 6284)
      • msiexec.exe (PID: 6360)

    • Process drops legitimate windows executable

      • SupportAssistLauncher.exe (PID: 6380)
      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 2852)
      • windowsdesktop-runtime-6.0.28-win-x64.exe (PID: 6284)
      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 3916)
      • msiexec.exe (PID: 6360)

    • Executable content was dropped or overwritten

      • SupportAssistLauncher.exe (PID: 6380)
      • SupportAssistInstaller.exe (PID: 6488)
      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 2852)
      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 3916)
      • windowsdesktop-runtime-6.0.28-win-x64.exe (PID: 6284)

    • Reads security settings of Internet Explorer

      • SupportAssistInstaller.exe (PID: 6488)
      • SupportAssistPreReqInstaller.exe (PID: 6908)
      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 3916)

    • Checks Windows Trust Settings

      • SupportAssistInstaller.exe (PID: 6488)
      • SupportAssistPreReqInstaller.exe (PID: 6908)
      • msiexec.exe (PID: 6360)

    • Adds/modifies Windows certificates

      • SupportAssistInstaller.exe (PID: 6488)

    • Starts a Microsoft application from unusual location

      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 2852)
      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 3916)
      • windowsdesktop-runtime-6.0.28-win-x64.exe (PID: 6284)

    • Searches for installed software

      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 3916)
      • windowsdesktop-runtime-6.0.28-win-x64.exe (PID: 6284)

    • Starts itself from another location

      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 3916)

    • Reads the date of Windows installation

      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 3916)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-6.0.28-win-x64.exe (PID: 6284)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6360)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 6360)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6360)

  • INFO

    • Create files in a temporary directory

      • SupportAssistLauncher.exe (PID: 6380)
      • SupportAssistInstaller.exe (PID: 6488)
      • SupportAssistPreReqInstaller.exe (PID: 6908)
      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 3916)
      • windowsdesktop-runtime-6.0.28-win-x64.exe (PID: 6284)

    • Reads the computer name

      • SupportAssistLauncher.exe (PID: 6380)
      • SupportAssistInstaller.exe (PID: 6488)
      • SupportAssistPreReqInstaller.exe (PID: 6908)
      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 3916)
      • windowsdesktop-runtime-6.0.28-win-x64.exe (PID: 6284)
      • msiexec.exe (PID: 6360)
      • msiexec.exe (PID: 2572)
      • msiexec.exe (PID: 6444)
      • msiexec.exe (PID: 2248)
      • msiexec.exe (PID: 7140)

    • Checks supported languages

      • SupportAssistLauncher.exe (PID: 6380)
      • SupportAssistInstaller.exe (PID: 6488)
      • SupportAssistPreReqInstaller.exe (PID: 6908)
      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 2852)
      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 3916)
      • windowsdesktop-runtime-6.0.28-win-x64.exe (PID: 6284)
      • msiexec.exe (PID: 6360)
      • msiexec.exe (PID: 2572)
      • msiexec.exe (PID: 7140)
      • msiexec.exe (PID: 2248)
      • msiexec.exe (PID: 6444)

    • Reads the machine GUID from the registry

      • SupportAssistInstaller.exe (PID: 6488)
      • SupportAssistLauncher.exe (PID: 6380)
      • SupportAssistPreReqInstaller.exe (PID: 6908)
      • msiexec.exe (PID: 6360)
      • windowsdesktop-runtime-6.0.28-win-x64.exe (PID: 6284)

    • Reads the software policy settings

      • SupportAssistInstaller.exe (PID: 6488)
      • SupportAssistPreReqInstaller.exe (PID: 6908)
      • msiexec.exe (PID: 6360)

    • Checks proxy server information

      • SupportAssistInstaller.exe (PID: 6488)
      • SupportAssistPreReqInstaller.exe (PID: 6908)

    • Creates files or folders in the user directory

      • SupportAssistInstaller.exe (PID: 6488)
      • SupportAssistPreReqInstaller.exe (PID: 6908)

    • Creates files in the program directory

      • SupportAssistInstaller.exe (PID: 6488)
      • windowsdesktop-runtime-6.0.28-win-x64.exe (PID: 6284)

    • Reads Environment values

      • SupportAssistInstaller.exe (PID: 6488)
      • SupportAssistPreReqInstaller.exe (PID: 6908)

    • Disables trace logs

      • SupportAssistInstaller.exe (PID: 6488)
      • SupportAssistPreReqInstaller.exe (PID: 6908)

    • Process checks computer location settings

      • DNCR605-KB4054530-x64-AllOS-ENU.exe (PID: 3916)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6360)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6360)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (43.5)
.exe | Win32 Executable (generic) (29.8)
.exe | Generic Win/DOS Executable (13.2)
.exe | DOS Executable Generic (13.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2052:08:12 09:00:01+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 48
CodeSize: 1220608
InitializedDataSize: 5120
UninitializedDataSize: -
EntryPoint: 0x12be06
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows command line
FileVersionNumber: 4.3.0.52594
ProductVersionNumber: 4.3.0.52594
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Dell Inc.
FileDescription: SupportAssist
FileVersion: 4.3.0.52594
InternalName: SupportAssistInstallerWrapper.exe
LegalCopyright: Copyright © 2024 Dell Inc. or its subsidiaries. All Rights Reserved.
OriginalFileName: SupportAssistInstallerWrapper.exe
ProductVersion: 4.3.0.52594
AssemblyVersion: 4.3.0.52594
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
146
Monitored processes
13
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start supportassistlauncher.exe conhost.exe no specs supportassistinstaller.exe supportassistprereqinstaller.exe dncr605-kb4054530-x64-allos-enu.exe dncr605-kb4054530-x64-allos-enu.exe windowsdesktop-runtime-6.0.28-win-x64.exe msiexec.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs supportassistlauncher.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2248C:\Windows\syswow64\MsiExec.exe -Embedding 549BE499E65C61BA5E94F3F4C186DD0EC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2572C:\Windows\syswow64\MsiExec.exe -Embedding 325EBFF91220B2DF267E24ECB6F6DF86C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2852"C:\Users\admin\AppData\Local\Temp\SupportAssistAgent\AutoUpdate\DNCR605-KB4054530-x64-AllOS-ENU.exe" /q /norestartC:\Users\admin\AppData\Local\Temp\SupportAssistAgent\AutoUpdate\DNCR605-KB4054530-x64-AllOS-ENU.exe
SupportAssistPreReqInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Windows Desktop Runtime - 6.0.28 (x64)
Version:
6.0.28.33420
Modules
Images
c:\users\admin\appdata\local\temp\supportassistagent\autoupdate\dncr605-kb4054530-x64-allos-enu.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3916"C:\WINDOWS\Temp\{63672591-6EDB-4472-AC69-406A64FF7E43}\.cr\DNCR605-KB4054530-x64-AllOS-ENU.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\SupportAssistAgent\AutoUpdate\DNCR605-KB4054530-x64-AllOS-ENU.exe" -burn.filehandle.attached=576 -burn.filehandle.self=572 /q /norestartC:\Windows\Temp\{63672591-6EDB-4472-AC69-406A64FF7E43}\.cr\DNCR605-KB4054530-x64-AllOS-ENU.exe
DNCR605-KB4054530-x64-AllOS-ENU.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Windows Desktop Runtime - 6.0.28 (x64)
Version:
6.0.28.33420
Modules
Images
c:\windows\temp\{63672591-6edb-4472-ac69-406a64ff7e43}\.cr\dncr605-kb4054530-x64-allos-enu.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6284"C:\WINDOWS\Temp\{10402A96-069E-409A-B877-C3C787891E9B}\.be\windowsdesktop-runtime-6.0.28-win-x64.exe" -q -burn.elevated BurnPipe.{A742C98A-32BB-470E-A09B-CA6F9DA049CE} {D8D5224E-ACCD-41F2-B635-8FBD110A2F66} 3916C:\Windows\Temp\{10402A96-069E-409A-B877-C3C787891E9B}\.be\windowsdesktop-runtime-6.0.28-win-x64.exe
DNCR605-KB4054530-x64-AllOS-ENU.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Windows Desktop Runtime - 6.0.28 (x64)
Version:
6.0.28.33420
Modules
Images
c:\windows\temp\{10402a96-069e-409a-b877-c3c787891e9b}\.be\windowsdesktop-runtime-6.0.28-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6328"C:\Users\admin\AppData\Local\Temp\SupportAssistLauncher.exe" C:\Users\admin\AppData\Local\Temp\SupportAssistLauncher.exeexplorer.exe
User:
admin
Company:
Dell Inc.
Integrity Level:
MEDIUM
Description:
SupportAssist
Exit code:
3221226540
Version:
4.3.0.52594
Modules
Images
c:\users\admin\appdata\local\temp\supportassistlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6360C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
6380"C:\Users\admin\AppData\Local\Temp\SupportAssistLauncher.exe" C:\Users\admin\AppData\Local\Temp\SupportAssistLauncher.exe
explorer.exe
User:
admin
Company:
Dell Inc.
Integrity Level:
HIGH
Description:
SupportAssist
Version:
4.3.0.52594
Modules
Images
c:\users\admin\appdata\local\temp\supportassistlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
6392\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSupportAssistLauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6444C:\Windows\syswow64\MsiExec.exe -Embedding C81D5109031D570C9080B571E1F48B33C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
26 787
Read events
25 865
Write events
883
Delete events
39

Modification events

(PID) Process:(6488) SupportAssistInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6488) SupportAssistInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6488) SupportAssistInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6488) SupportAssistInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6488) SupportAssistInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Operation:delete valueName:503006091D97D4F5AE39F7CBE7927D7D652D3431
Value:
(PID) Process:(6488) SupportAssistInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431
Operation:writeName:Blob
Value:
040000000100000010000000EE2931BC327E9AE6E8B5F751B43471901D0000000100000010000000E871723E266F38AF5D49CDA2A502669C0B000000010000001E00000045006E0074007200750073007400200028003200300034003800290000007F000000010000002C000000302A060A2B0601040182370A030406082B0601050507030506082B0601050507030606082B06010505070307090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F0000000100000014000000327FC447408DE9BF596F83D4B2FA4B8E3E7097D8030000000100000014000000503006091D97D4F5AE39F7CBE7927D7D652D343119000000010000001000000091FAD483F14848A8A69B18B805CDBB3A530000000100000041000000303F3020060A6086480186FA6C0A010230123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C06200000001000000200000006DC47172E01CBCB0BF62580D895FE2B8AC9AD4F873801E0C10B9C837D21EB17714000000010000001400000055E481D11180BED889B908A331F9A1240916B9707E000000010000000800000000C001B39667D60120000000010000002E0400003082042A30820312A00302010202043863DEF8300D06092A864886F70D01010505003081B431143012060355040A130B456E74727573742E6E65743140303E060355040B14377777772E656E74727573742E6E65742F4350535F3230343820696E636F72702E206279207265662E20286C696D697473206C6961622E2931253023060355040B131C286329203139393920456E74727573742E6E6574204C696D69746564313330310603550403132A456E74727573742E6E65742043657274696669636174696F6E20417574686F7269747920283230343829301E170D3939313232343137353035315A170D3239303732343134313531325A3081B431143012060355040A130B456E74727573742E6E65743140303E060355040B14377777772E656E74727573742E6E65742F4350535F3230343820696E636F72702E206279207265662E20286C696D697473206C6961622E2931253023060355040B131C286329203139393920456E74727573742E6E6574204C696D69746564313330310603550403132A456E74727573742E6E65742043657274696669636174696F6E20417574686F726974792028323034382930820122300D06092A864886F70D01010105000382010F003082010A0282010100AD4D4BA91286B2EAA320071516642A2B4BD1BF0B4A4D8EED8076A567B77840C07342C868C0DB532BDD5EB8769835938B1A9D7C133A0E1F5BB71ECFE524141EB181A98D7DB8CC6B4B03F1020CDCABA54024007F7494A19D0829B3880BF587779D55CDE4C37ED76A64AB851486955B9732506F3DC8BA660CE3FCBDB849C176894919FDC0A8BD89A3672FC69FBC711960B82DE92CC99076667B94E2AF78D665535D3CD69CB2CF2903F92FA450B2D448CE0532558AFDB2644C0EE4980775DB7FDFB9085560853029F97B48A46986E3353F1E865D7A7A15BDEF008E1522541700902693BC0E496891BFF847D39D9542C10E4DDF6F26CFC3182162664370D6D5C007E10203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E0416041455E481D11180BED889B908A331F9A1240916B970300D06092A864886F70D010105050003820101003B9B8F569B30E753997C7A79A74D97D7199590FB061FCA337C46638F966624FA401B2127CAE67273F24FFE3199FDC80C4C6853C680821398FAB6ADDA5D3DF1CE6EF6151194820CEE3F95AF11AB0FD72FDE1F038F572C1EC9BB9A1A4495EB184FA61FCD7D57102F9B04095A84B56ED81D3AE1D69ED16C795E791C14C5E3D04C933B653CEDDF3DBEA6E5951AC3B519C3BD5E5BBBFF23EF6819CB1293275C032D6F30D01EB61AACDE5AF7D1AAA827A6FE7981C479993357BA12B0A9E0426C93CA56DEFE6D840B088B7E8DEAD79821C6F3E73C792F5E9CD14C158DE1EC2237CC9A430B97DC80908DB3679B6F48081556CFBFF12B7C5E9A76E95990C57C8335116551
(PID) Process:(6488) SupportAssistInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431
Operation:writeName:Blob
Value:
5C0000000100000004000000000800007E000000010000000800000000C001B39667D60114000000010000001400000055E481D11180BED889B908A331F9A1240916B9706200000001000000200000006DC47172E01CBCB0BF62580D895FE2B8AC9AD4F873801E0C10B9C837D21EB177530000000100000041000000303F3020060A6086480186FA6C0A010230123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C019000000010000001000000091FAD483F14848A8A69B18B805CDBB3A030000000100000014000000503006091D97D4F5AE39F7CBE7927D7D652D34310F0000000100000014000000327FC447408DE9BF596F83D4B2FA4B8E3E7097D8090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703087F000000010000002C000000302A060A2B0601040182370A030406082B0601050507030506082B0601050507030606082B060105050703070B000000010000001E00000045006E0074007200750073007400200028003200300034003800290000001D0000000100000010000000E871723E266F38AF5D49CDA2A502669C040000000100000010000000EE2931BC327E9AE6E8B5F751B434719020000000010000002E0400003082042A30820312A00302010202043863DEF8300D06092A864886F70D01010505003081B431143012060355040A130B456E74727573742E6E65743140303E060355040B14377777772E656E74727573742E6E65742F4350535F3230343820696E636F72702E206279207265662E20286C696D697473206C6961622E2931253023060355040B131C286329203139393920456E74727573742E6E6574204C696D69746564313330310603550403132A456E74727573742E6E65742043657274696669636174696F6E20417574686F7269747920283230343829301E170D3939313232343137353035315A170D3239303732343134313531325A3081B431143012060355040A130B456E74727573742E6E65743140303E060355040B14377777772E656E74727573742E6E65742F4350535F3230343820696E636F72702E206279207265662E20286C696D697473206C6961622E2931253023060355040B131C286329203139393920456E74727573742E6E6574204C696D69746564313330310603550403132A456E74727573742E6E65742043657274696669636174696F6E20417574686F726974792028323034382930820122300D06092A864886F70D01010105000382010F003082010A0282010100AD4D4BA91286B2EAA320071516642A2B4BD1BF0B4A4D8EED8076A567B77840C07342C868C0DB532BDD5EB8769835938B1A9D7C133A0E1F5BB71ECFE524141EB181A98D7DB8CC6B4B03F1020CDCABA54024007F7494A19D0829B3880BF587779D55CDE4C37ED76A64AB851486955B9732506F3DC8BA660CE3FCBDB849C176894919FDC0A8BD89A3672FC69FBC711960B82DE92CC99076667B94E2AF78D665535D3CD69CB2CF2903F92FA450B2D448CE0532558AFDB2644C0EE4980775DB7FDFB9085560853029F97B48A46986E3353F1E865D7A7A15BDEF008E1522541700902693BC0E496891BFF847D39D9542C10E4DDF6F26CFC3182162664370D6D5C007E10203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E0416041455E481D11180BED889B908A331F9A1240916B970300D06092A864886F70D010105050003820101003B9B8F569B30E753997C7A79A74D97D7199590FB061FCA337C46638F966624FA401B2127CAE67273F24FFE3199FDC80C4C6853C680821398FAB6ADDA5D3DF1CE6EF6151194820CEE3F95AF11AB0FD72FDE1F038F572C1EC9BB9A1A4495EB184FA61FCD7D57102F9B04095A84B56ED81D3AE1D69ED16C795E791C14C5E3D04C933B653CEDDF3DBEA6E5951AC3B519C3BD5E5BBBFF23EF6819CB1293275C032D6F30D01EB61AACDE5AF7D1AAA827A6FE7981C479993357BA12B0A9E0426C93CA56DEFE6D840B088B7E8DEAD79821C6F3E73C792F5E9CD14C158DE1EC2237CC9A430B97DC80908DB3679B6F48081556CFBFF12B7C5E9A76E95990C57C8335116551
(PID) Process:(6488) SupportAssistInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:delete valueName:897424053A4A887AC098380291034D885C8714B9
Value:
(PID) Process:(6488) SupportAssistInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\897424053A4A887AC098380291034D885C8714B9
Operation:writeName:Blob
Value:
0400000001000000100000003A07E20B54916395FD01E57B71AA46BE0F0000000100000040000000F9E4BD19674BF9924D2D527BE02A77CA045B818F0FB627C6AA3344F3BB09CBD346D02C7530389E58A22355CA95280F134B83E7FA08D59B961B0F9A05347855A0030000000100000014000000897424053A4A887AC098380291034D885C8714B91D000000010000001000000023787A60050FFA2D3210923F0F56237114000000010000001400000082BAD63D97CE9FCF71E89237AFFDB3B5693557CF090000000100000016000000301406082B0601050507030306082B06010505070308620000000100000020000000B80847FDA453BF6ED876CA7BC046A2481909E15B6ED376E665E7AD09F3864E710B000000010000007400000045006E0074007200750073007400200043006F006400650020005300690067006E0069006E006700200052006F006F0074002000430065007200740069006600690063006100740069006F006E00200041007500740068006F00720069007400790020002D002000430053004200520031000000190000000100000010000000188A164A11CAA2378C0BCDEC471F26732000000001000000A6050000308205A23082038AA00302010202147FF1A8F9F43AE8876E2DC6FF5E433DB2EE30A643300D06092A864886F70D01010D05003069310B300906035504061302555331163014060355040A0C0D456E74727573742C20496E632E3142304006035504030C39456E747275737420436F6465205369676E696E6720526F6F742043657274696669636174696F6E20417574686F72697479202D204353425231301E170D3231303530373133323633365A170D3430313233303133323633365A3069310B300906035504061302555331163014060355040A0C0D456E74727573742C20496E632E3142304006035504030C39456E747275737420436F6465205369676E696E6720526F6F742043657274696669636174696F6E20417574686F72697479202D20435342523130820222300D06092A864886F70D01010105000382020F003082020A0282020100A7818FF71445B66243F2D8AED3255E484F51BFC57D9F501C35D1D67E612A94196D2746A4A61A5DF754516A8022C6A866754D5483C95E681BABF65B64B0ADAD20BD54EF466B6D02E745AE75F68E8AB9322E8BB8771C524D79885FA53A18C9502C97272DBFDA007D637FEF32EC468763DB9A9FC35A21367BF99BD5CAA06E722CFCE1F19E704D0856156F90ABFB48BAB9D7C1827885652E7FB5C9C0E214B737114106E28AE0A8F6E57EB6780501C360ED4F07412E0A1349E3909B7FDDBDFAACBF6451D15C9BB4F55CE75CFF3B9BA5A01AD77D09B2C2B7FF6E1CBCC87DE6E92BFC72B314E94A5512849C4425751DF62AF04FA5203D6825EB61977C0FE5B63DF3AEC3C111BC1B8ECCE047305E42008671E358AC06CA651F7B94A64B57670C7E5EAD78675B55E35EEBC7D8EC4C6E86CBF3DCF89F87AA7258120F7DA6F8F842393B3C2CE4324D498CE0E100C238A09CFA843E41DC6E56AEC61A5BF467680501CD1BBFAE87BC9D53F62EE8B66BE499DEC54F8758A8D2651EC81FD5726EEE591C573B09729DD7CAB790C6CD7B45929142034C7D3FCAF2AAB8C20E86F3109F462EA46686685A68187029381180606B8A43A3736CE3B36B37FFE69D67019286DF2F48D1FB5060D55CFE21D3014263FEEF70B417C08FA8EED3C14B5F12EAFDFD2E0E874460E3A9F4C218A3E3FDCE0C84220DF3A778DA93F3DB38CFB92F33C6FF073C5EBE45D30203010001A3423040301D0603551D0E0416041482BAD63D97CE9FCF71E89237AFFDB3B5693557CF300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186300D06092A864886F70D01010D0500038202010012EF38A188E1A1A3D665DC479CF3BCDCCFAC4B8C3C1ABE2BF4F7D0671768864D70A8F2CDD03102577DA90C8A3B57399EF06EF724220567D1C196C1BED1F0F856670BDEBAD7889B8DD76B0876F55891D9B5C340531AA4F185CD3F004E3F4E933B78B9D20752640C86696DE854655617E80053848AF3DBFBB3CE0B55628FCD4C4906387F52C3F31CD73DF733CA32ADC1A9AF6FEB11CBEEAC51BFB0269A7A4E23B44AF669B44269D6A08DB68C474A3B2037B74107EF2F20D8661C6997A86C307C77435E6BBE2698830F3AD6C7702A16462D25548663655742F72341E9506A0743CE4EB5E91F68D8D8D6094AA8E8B2FC906792E49026F347FAD620FB8980E2447339F78A86330BF8AAA9E74DECDC6FD5CF314DAB8E1F9040D67C5C820FAE175271E9ACE74D38ED2AD8767987AD17A34CABB74257BF06ACE5D04D30E9554FE345CAF3E06A21348DC79F1CA3634892D29607BEA5473EC22A9938A78EDA217C516DDCCB3D07E9A9BD49D45D355F5B8C0451EA9A5890BA1BAF6878B1160F94293B8F9B2A8FC920F071424C5C4DAB318CABE97F266869A0A5160D81C4D1050CC38766E50763AA1B4EFFB207414FA5224650AC660087526C3CB23B9C97A146B45BDECFC26A5955078CA3A4D177356746042FD938B946AFBA8E1B7226022F7654EF83C22F2C7770CC771092AA03ADCACCE04FE98346E5B33C196F7A7987B6389ABD42CEA462
(PID) Process:(6488) SupportAssistInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\897424053A4A887AC098380291034D885C8714B9
Operation:writeName:Blob
Value:
5C000000010000000400000000100000190000000100000010000000188A164A11CAA2378C0BCDEC471F26730B000000010000007400000045006E0074007200750073007400200043006F006400650020005300690067006E0069006E006700200052006F006F0074002000430065007200740069006600690063006100740069006F006E00200041007500740068006F00720069007400790020002D002000430053004200520031000000620000000100000020000000B80847FDA453BF6ED876CA7BC046A2481909E15B6ED376E665E7AD09F3864E71090000000100000016000000301406082B0601050507030306082B0601050507030814000000010000001400000082BAD63D97CE9FCF71E89237AFFDB3B5693557CF1D000000010000001000000023787A60050FFA2D3210923F0F562371030000000100000014000000897424053A4A887AC098380291034D885C8714B90F0000000100000040000000F9E4BD19674BF9924D2D527BE02A77CA045B818F0FB627C6AA3344F3BB09CBD346D02C7530389E58A22355CA95280F134B83E7FA08D59B961B0F9A05347855A00400000001000000100000003A07E20B54916395FD01E57B71AA46BE2000000001000000A6050000308205A23082038AA00302010202147FF1A8F9F43AE8876E2DC6FF5E433DB2EE30A643300D06092A864886F70D01010D05003069310B300906035504061302555331163014060355040A0C0D456E74727573742C20496E632E3142304006035504030C39456E747275737420436F6465205369676E696E6720526F6F742043657274696669636174696F6E20417574686F72697479202D204353425231301E170D3231303530373133323633365A170D3430313233303133323633365A3069310B300906035504061302555331163014060355040A0C0D456E74727573742C20496E632E3142304006035504030C39456E747275737420436F6465205369676E696E6720526F6F742043657274696669636174696F6E20417574686F72697479202D20435342523130820222300D06092A864886F70D01010105000382020F003082020A0282020100A7818FF71445B66243F2D8AED3255E484F51BFC57D9F501C35D1D67E612A94196D2746A4A61A5DF754516A8022C6A866754D5483C95E681BABF65B64B0ADAD20BD54EF466B6D02E745AE75F68E8AB9322E8BB8771C524D79885FA53A18C9502C97272DBFDA007D637FEF32EC468763DB9A9FC35A21367BF99BD5CAA06E722CFCE1F19E704D0856156F90ABFB48BAB9D7C1827885652E7FB5C9C0E214B737114106E28AE0A8F6E57EB6780501C360ED4F07412E0A1349E3909B7FDDBDFAACBF6451D15C9BB4F55CE75CFF3B9BA5A01AD77D09B2C2B7FF6E1CBCC87DE6E92BFC72B314E94A5512849C4425751DF62AF04FA5203D6825EB61977C0FE5B63DF3AEC3C111BC1B8ECCE047305E42008671E358AC06CA651F7B94A64B57670C7E5EAD78675B55E35EEBC7D8EC4C6E86CBF3DCF89F87AA7258120F7DA6F8F842393B3C2CE4324D498CE0E100C238A09CFA843E41DC6E56AEC61A5BF467680501CD1BBFAE87BC9D53F62EE8B66BE499DEC54F8758A8D2651EC81FD5726EEE591C573B09729DD7CAB790C6CD7B45929142034C7D3FCAF2AAB8C20E86F3109F462EA46686685A68187029381180606B8A43A3736CE3B36B37FFE69D67019286DF2F48D1FB5060D55CFE21D3014263FEEF70B417C08FA8EED3C14B5F12EAFDFD2E0E874460E3A9F4C218A3E3FDCE0C84220DF3A778DA93F3DB38CFB92F33C6FF073C5EBE45D30203010001A3423040301D0603551D0E0416041482BAD63D97CE9FCF71E89237AFFDB3B5693557CF300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186300D06092A864886F70D01010D0500038202010012EF38A188E1A1A3D665DC479CF3BCDCCFAC4B8C3C1ABE2BF4F7D0671768864D70A8F2CDD03102577DA90C8A3B57399EF06EF724220567D1C196C1BED1F0F856670BDEBAD7889B8DD76B0876F55891D9B5C340531AA4F185CD3F004E3F4E933B78B9D20752640C86696DE854655617E80053848AF3DBFBB3CE0B55628FCD4C4906387F52C3F31CD73DF733CA32ADC1A9AF6FEB11CBEEAC51BFB0269A7A4E23B44AF669B44269D6A08DB68C474A3B2037B74107EF2F20D8661C6997A86C307C77435E6BBE2698830F3AD6C7702A16462D25548663655742F72341E9506A0743CE4EB5E91F68D8D8D6094AA8E8B2FC906792E49026F347FAD620FB8980E2447339F78A86330BF8AAA9E74DECDC6FD5CF314DAB8E1F9040D67C5C820FAE175271E9ACE74D38ED2AD8767987AD17A34CABB74257BF06ACE5D04D30E9554FE345CAF3E06A21348DC79F1CA3634892D29607BEA5473EC22A9938A78EDA217C516DDCCB3D07E9A9BD49D45D355F5B8C0451EA9A5890BA1BAF6878B1160F94293B8F9B2A8FC920F071424C5C4DAB318CABE97F266869A0A5160D81C4D1050CC38766E50763AA1B4EFFB207414FA5224650AC660087526C3CB23B9C97A146B45BDECFC26A5955078CA3A4D177356746042FD938B946AFBA8E1B7226022F7654EF83C22F2C7770CC771092AA03ADCACCE04FE98346E5B33C196F7A7987B6389ABD42CEA462
Executable files
463
Suspicious files
67
Text files
70
Unknown types
9

Dropped files

PID
Process
Filename
Type
6380SupportAssistLauncher.exeC:\Users\admin\AppData\Local\Temp\7ae3a665-c672-4a81-938f-91f8ccfe4e2a\Resource\Alienware-Logo-head-while.pngimage
MD5:BC4CD5C98535966A9853443D32C886D1
SHA256:9B1734C28917520C3CC492602997FDA7AC3320520A8F2E9BCBEA6F8CDEBE0206
6380SupportAssistLauncher.exeC:\Users\admin\AppData\Local\Temp\7ae3a665-c672-4a81-938f-91f8ccfe4e2a\installer.wrapperConfigtext
MD5:8D339F9DC06D0B4D41EF8271AE21FC04
SHA256:E59374E15C316AD6E51A2B8951E4AC4EAC78A0420DC397D58A08FD00EE1A8C8E
6380SupportAssistLauncher.exeC:\Users\admin\AppData\Local\Temp\7ae3a665-c672-4a81-938f-91f8ccfe4e2a\log4net.configtext
MD5:F6F8CD68EABFB8B7131D0D4DE878272F
SHA256:087197E3B5820D8B79CAD05DB5331ECC114E701F273571E2B833E01472897EA5
6380SupportAssistLauncher.exeC:\Users\admin\AppData\Local\Temp\7ae3a665-c672-4a81-938f-91f8ccfe4e2a\Dell.SupportAssist.Client.FrameworkLogger.pdbbinary
MD5:716C0204A1034EFC9FBD7A4E52BCAEAB
SHA256:CA3EC35378CF1E5485220353067158362ADEA82C8ECDB2684166AFF98077F156
6380SupportAssistLauncher.exeC:\Users\admin\AppData\Local\Temp\7ae3a665-c672-4a81-938f-91f8ccfe4e2a\SupportAssistInstaller.pdbbinary
MD5:E4F0C4AE1F5E49920241156CCA6BD760
SHA256:B4BA69FACC96D7AA8375B66BC0BCDAACD977004C98879CFF8C57EAEAD82AF715
6380SupportAssistLauncher.exeC:\Users\admin\AppData\Local\Temp\7ae3a665-c672-4a81-938f-91f8ccfe4e2a\ProjectType.xmlxml
MD5:7221107D45492402680601C348D301C5
SHA256:C0DA0172D75654D19E478EB923A478C323E6604F0CD355CA26690AE38B4C6F12
6380SupportAssistLauncher.exeC:\Users\admin\AppData\Local\Temp\7ae3a665-c672-4a81-938f-91f8ccfe4e2a\log4net.dllexecutable
MD5:8CC649CF5D9C869294F03297A131ED86
SHA256:8E5122FC22AD819E37591D2302FFC1D840483AD9A2BF9E342301F75C3BAAB2C7
6380SupportAssistLauncher.exeC:\Users\admin\AppData\Local\Temp\7ae3a665-c672-4a81-938f-91f8ccfe4e2a\Microsoft.Practices.Unity.dllexecutable
MD5:27F24AED31D72C0A3214E54E4137FCF6
SHA256:8355FD8FF475F1D032BC6667F185E25377E35644B5FFD2FE12C8E83705A03957
6380SupportAssistLauncher.exeC:\Users\admin\AppData\Local\Temp\7ae3a665-c672-4a81-938f-91f8ccfe4e2a\SupportAssistInstaller.exe.configxml
MD5:E97AC84664026547FB344425A89C0EDD
SHA256:E93F8FBAECE629C2D4621E7CA82EC57D1F05A746A06F45F8B41A43413885E518
6380SupportAssistLauncher.exeC:\Users\admin\AppData\Local\Temp\7ae3a665-c672-4a81-938f-91f8ccfe4e2a\SupportAssistInstaller.exeexecutable
MD5:797402BE3E790BB35DEA470EF063B66F
SHA256:68B204DDE251C0331A1F1554D9E7B9C50390DEEB0AFD0AE37EC23E8CD658A2D3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
44
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6488
SupportAssistInstaller.exe
GET
200
104.76.202.152:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCEE5A5DdU7eaMAAAAAFHTlH8%3D
unknown
whitelisted
6488
SupportAssistInstaller.exe
GET
200
104.76.202.152:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3r%2F2ztWk1V88CEHHvVXSvNVTDWixp9m9La80%3D
unknown
whitelisted
6488
SupportAssistInstaller.exe
GET
200
104.76.202.152:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRRKiO2Poi0XFwdRr1PZXruPzTMZAQU75%2B6ebBz8iUeeJwDUpwbU4Teje0CECbYlRk9V3XHMQpjykxwIHE%3D
unknown
whitelisted
6488
SupportAssistInstaller.exe
GET
200
104.76.202.152:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRRKiO2Poi0XFwdRr1PZXruPzTMZAQU75%2B6ebBz8iUeeJwDUpwbU4Teje0CEAVGuuDJ7wGboEAGc8wD0jM%3D
unknown
whitelisted
640
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
640
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4080
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
3992
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6908
SupportAssistPreReqInstaller.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
1076
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4936
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6488
SupportAssistInstaller.exe
104.76.202.152:80
ocsp.entrust.net
AKAMAI-AS
DE
unknown
6488
SupportAssistInstaller.exe
2.16.241.9:443
dl.dell.com
Akamai International B.V.
DE
unknown
4936
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6908
SupportAssistPreReqInstaller.exe
68.232.34.200:443
download.visualstudio.microsoft.com
EDGECAST
US
whitelisted
5336
SearchApp.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.206
whitelisted
ocsp.entrust.net
  • 104.76.202.152
whitelisted
dl.dell.com
  • 2.16.241.9
  • 2.16.241.6
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 51.124.78.146
whitelisted
download.visualstudio.microsoft.com
  • 68.232.34.200
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.160.17
  • 20.190.160.22
  • 20.190.160.20
  • 40.126.32.134
  • 40.126.32.133
  • 40.126.32.136
  • 40.126.32.76
  • 40.126.32.74
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
th.bing.com
  • 184.86.251.17
  • 184.86.251.22
  • 184.86.251.27
  • 184.86.251.24
  • 184.86.251.26
  • 184.86.251.25
  • 184.86.251.20
  • 184.86.251.19
  • 184.86.251.23
whitelisted

Threats

No threats detected
Process
Message
SupportAssistInstaller.exe
log4net:ERROR Failed to find configuration section 'log4net' in the application's .config file. Check your .config file for the <log4net> and <configSections> elements. The configuration section should look like: <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net" />
SupportAssistInstaller.exe
log4net:ERROR Failed to find configuration section 'log4net' in the application's .config file. Check your .config file for the <log4net> and <configSections> elements. The configuration section should look like: <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net" />
SupportAssistInstaller.exe
log4net:ERROR Failed to find configuration section 'log4net' in the application's .config file. Check your .config file for the <log4net> and <configSections> elements. The configuration section should look like: <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net" />
SupportAssistInstaller.exe
log4net:ERROR Failed to find configuration section 'log4net' in the application's .config file. Check your .config file for the <log4net> and <configSections> elements. The configuration section should look like: <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net" />
SupportAssistInstaller.exe
log4net:ERROR Failed to find configuration section 'log4net' in the application's .config file. Check your .config file for the <log4net> and <configSections> elements. The configuration section should look like: <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net" />
SupportAssistInstaller.exe
log4net:ERROR Failed to find configuration section 'log4net' in the application's .config file. Check your .config file for the <log4net> and <configSections> elements. The configuration section should look like: <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net" />
SupportAssistInstaller.exe
log4net:ERROR Failed to find configuration section 'log4net' in the application's .config file. Check your .config file for the <log4net> and <configSections> elements. The configuration section should look like: <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net" />
SupportAssistInstaller.exe
log4net:ERROR Failed to find configuration section 'log4net' in the application's .config file. Check your .config file for the <log4net> and <configSections> elements. The configuration section should look like: <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net" />
SupportAssistInstaller.exe
log4net:ERROR Failed to find configuration section 'log4net' in the application's .config file. Check your .config file for the <log4net> and <configSections> elements. The configuration section should look like: <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net" />
SupportAssistInstaller.exe
log4net:ERROR Failed to find configuration section 'log4net' in the application's .config file. Check your .config file for the <log4net> and <configSections> elements. The configuration section should look like: <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net" />
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SupportAssistLauncher.exe