File name:

WindowsPCHealthCheckSetup.msi

Full analysis: https://app.any.run/tasks/1870c1f8-609d-450a-b7cf-f7f52ee68763
Verdict: Malicious activity
Analysis date: August 06, 2024, 19:16:22
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Windows , Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Windows ., Create Time/Date: Fri Oct 22 17:49:32 2021, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 4, Template: x64;1033, Last Saved By: x64;1028, Revision Number: {014B7442-C784-45D3-A152-F7D2C651F28A}3.3.2110.22002;{3FDC6AFD-009E-42D5-A47F-171982742A5A}3.3.2110.22002;{B5D9E156-6D3D-4925-B789-6B7DD1C6B059}, Number of Pages: 400, Number of Characters: 131135
MD5:

2ED25FBC20855498BB8FCFC581FDD1BD

SHA1:

C5AC13685297298D437381548D77EB8CE04EF2B3

SHA256:

CEDC6234B6D49C9F6446860119AEF068333E60D60E9092281CBC869A74EB0630

SSDEEP:

98304:aB29Ds2Wvowr0CyqadO+bDVAFGk5M8oduk7LEcl8FqCUpqmaVQQJD9pRQ3tmNNEp:3ccVtx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 6512)
      • msiexec.exe (PID: 6804)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 6512)
      • msiexec.exe (PID: 6804)

    • Executes as Windows Service

      • VSSVC.exe (PID: 6304)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6804)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 6804)
      • PCHealthCheck.exe (PID: 6300)

    • Reads Microsoft Outlook installation path

      • PCHealthCheck.exe (PID: 6300)

    • Reads security settings of Internet Explorer

      • PCHealthCheck.exe (PID: 6300)
      • msiexec.exe (PID: 5540)

    • Reads Internet Explorer settings

      • PCHealthCheck.exe (PID: 6300)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6804)

    • Reads the date of Windows installation

      • msiexec.exe (PID: 5540)
      • PCHealthCheck.exe (PID: 6300)

  • INFO

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 6512)

    • Reads the software policy settings

      • msiexec.exe (PID: 6512)
      • msiexec.exe (PID: 6804)
      • PCHealthCheck.exe (PID: 6300)

    • Checks proxy server information

      • msiexec.exe (PID: 6512)
      • PCHealthCheck.exe (PID: 6300)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 6512)
      • msiexec.exe (PID: 6804)

    • Reads the computer name

      • msiexec.exe (PID: 6804)
      • msiexec.exe (PID: 6844)
      • msiexec.exe (PID: 7044)
      • PCHealthCheck.exe (PID: 6300)
      • msiexec.exe (PID: 5540)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6512)
      • msiexec.exe (PID: 6804)

    • Application launched itself

      • msiexec.exe (PID: 6804)
      • firefox.exe (PID: 3044)
      • firefox.exe (PID: 2388)

    • Checks supported languages

      • msiexec.exe (PID: 6804)
      • msiexec.exe (PID: 6844)
      • msiexec.exe (PID: 7044)
      • PCHealthCheck.exe (PID: 6300)
      • msiexec.exe (PID: 5540)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 6804)
      • PCHealthCheck.exe (PID: 6300)

    • Write to the desktop.ini file (may be used to cloak folders)

      • msiexec.exe (PID: 6804)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6804)

    • Process checks Internet Explorer phishing filters

      • PCHealthCheck.exe (PID: 6300)

    • Process checks computer location settings

      • msiexec.exe (PID: 5540)
      • PCHealthCheck.exe (PID: 6300)

    • Create files in a temporary directory

      • PCHealthCheck.exe (PID: 6300)

    • Manual execution by a user

      • firefox.exe (PID: 2388)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (95.3)
.doc | Microsoft Word document (old ver.) (3.2)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: Windows PC Health Check
Author: Microsoft Corporation
Keywords: Installer
Comments: This installer database contains the logic and data required to install Windows PC Health Check.
RevisionNumber: {D9738104-D858-4177-8DEA-F8853189F234}
CreateDate: 2021:10:22 17:41:42
ModifyDate: 2021:10:22 17:41:42
Pages: 400
Words: 10
Software: Windows Installer XML Toolset (3.11.2.4516)
Security: Read-only recommended
Template: x64;1033,1025,1026,1027,1029,1030,1031,1032,3082,1061,1035,1036,1037,1050,1038,1040,1041,1042,1063,1062,1044,1043,1045,1046,2070,1048,1049,1051,1060,2074,1053,1054,1055,1058,2052,3076,1028
LastModifiedBy: x64;1025
Characters: 131135
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
162
Monitored processes
26
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs msiexec.exe no specs pchealthcheck.exe msiexec.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs textinputhost.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs pchealthcheck.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2388"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
3044"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
3908\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3980"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20240213221259 -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 30537 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a5d9774-6fb3-4128-b3c0-f8f4bdf3331b} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 13d2cd82710 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
5084C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
2147942487
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5540C:\Windows\syswow64\MsiExec.exe -Embedding 2D8D85A96391713183005A78A4161CF9 CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6168"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2880 -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 30953 -prefMapSize 244343 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {582fbe9b-6900-4cb8-9a07-a36c40564330} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 13d3f232150 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
6300"C:\Users\admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe" C:\Users\admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe
msiexec.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\pchealthcheck\pchealthcheck.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
6304C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6452"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1836 -parentBuildID 20240213221259 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 30537 -prefMapSize 244343 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23f01408-e983-4efd-b274-d9b01ce92007} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 13d397bca10 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Total events
27 095
Read events
26 291
Write events
773
Delete events
31

Modification events

(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
480000000000000084210A3035E8DA01941A00008C1B0000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
480000000000000084210A3035E8DA01941A00008C1B0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000B7B8453035E8DA01941A00008C1B0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000801E483035E8DA01941A00008C1B0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000E3814A3035E8DA01941A00008C1B0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000394A4F3035E8DA01941A00008C1B0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
4800000000000000FE2AB83035E8DA01941A00008C1B0000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000002B8EBA3035E8DA01941A0000C0110000E803000001000000000000000000000087577999AB544540A32A1E4B9526115D00000000000000000000000000000000
(PID) Process:(6304) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000A30AC43035E8DA01A0180000A40F0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
127
Suspicious files
201
Text files
117
Unknown types
25

Dropped files

PID
Process
Filename
Type
6804msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
6804msiexec.exeC:\Windows\Installer\ec9a5.msi
MD5:
SHA256:
6804msiexec.exeC:\Users\admin\AppData\Local\PCHealthCheck\ux\static\js\2.7442f0f9.chunk.jstext
MD5:B6C65AD6379006FE23F53129D6A25E75
SHA256:ABE00AF82243F9987E55D3B8C764A1EAD1AB1930ABD7DF754E46FDC178B0E4D4
6804msiexec.exeC:\Users\admin\AppData\Local\PCHealthCheck\ux\resources\ka-GE\license.HTMLhtml
MD5:BEEB8BCC87FC2C77C6D03D239E32B8B8
SHA256:2DE39BF72CF75459305ECBE88115BE493FBF873F70E33402C39C0AF870F849E0
6804msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{99795787-54ab-4045-a32a-1e4b9526115d}_OnDiskSnapshotPropbinary
MD5:8B835C50A6F61C9130D521F2DC7B948E
SHA256:5E937BC8525B255D66D2856FDB1C647002ABB6CECBE52BEE75940212B42A236E
6512msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C0018BB1B5834735BFA60CD063B31956binary
MD5:AD93F2941B3210A2354419B3152B8B48
SHA256:D87ABEB3204DB7C90C17EB8C6D396612555151516815FA6A407B9A1EBAD3CF33
6804msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:8B835C50A6F61C9130D521F2DC7B948E
SHA256:5E937BC8525B255D66D2856FDB1C647002ABB6CECBE52BEE75940212B42A236E
6804msiexec.exeC:\Users\admin\AppData\Local\PCHealthCheck\fr-CA\PCHealthCheck.exe.muiexecutable
MD5:AD20364F63E0E44D3EF2EE6B3E1B116B
SHA256:799EEE6EEBAA0B047DE41BEB0729A61A69E7ACA71A5B262B76289E0E02BA0B59
6804msiexec.exeC:\Windows\Installer\MSICD6D.tmpbinary
MD5:CFC38BE6BDA54B88F7A6B023DA569F05
SHA256:2DE3D34BEF51374C4F4517A6DF13E9FDCE5524A465EAA80F94D71BC69C60EA62
6804msiexec.exeC:\Users\admin\AppData\Local\PCHealthCheck\et\PCHealthCheck.exe.muiexecutable
MD5:355283316AF96A6378A067A3224F91B1
SHA256:D6371CCE5C89196740A4A2D3ABE808B12FC2580663567D74C7FC256BC35209C6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
101
DNS requests
125
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6512
msiexec.exe
GET
200
23.218.209.163:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
7100
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1948
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1948
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7108
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7140
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
POST
200
172.217.23.99:80
http://o.pki.goog/wr2
unknown
unknown
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
POST
200
2.16.241.12:80
http://r11.o.lencr.org/
unknown
unknown
POST
200
2.16.241.12:80
http://r10.o.lencr.org/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
5588
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1248
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6512
msiexec.exe
23.218.209.163:80
www.microsoft.com
AKAMAI-AS
DE
unknown
4
System
192.168.100.255:137
whitelisted
5588
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1948
svchost.exe
20.190.160.14:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
1948
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.46
whitelisted
www.microsoft.com
  • 23.218.209.163
whitelisted
login.live.com
  • 20.190.160.14
  • 20.190.160.17
  • 40.126.32.68
  • 40.126.32.76
  • 40.126.32.134
  • 40.126.32.140
  • 40.126.32.133
  • 20.190.160.20
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
www.bing.com
  • 2.23.209.137
  • 2.23.209.156
  • 2.23.209.154
  • 2.23.209.150
  • 2.23.209.151
  • 2.23.209.153
  • 2.23.209.144
  • 2.23.209.140
  • 2.23.209.149
  • 95.100.146.8
  • 95.100.146.10
  • 95.100.146.33
  • 95.100.146.32
  • 95.100.146.26
  • 95.100.146.19
  • 95.100.146.16
  • 95.100.146.17
  • 95.100.146.25
whitelisted
fd.api.iris.microsoft.com
  • 20.199.58.43
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
slscr.update.microsoft.com
  • 52.165.165.26
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WindowsPCHealthCheckSetup.msi