File name:

WindowsPCHealthCheckSetup.msi

Full analysis: https://app.any.run/tasks/1870c1f8-609d-450a-b7cf-f7f52ee68763
Verdict: Malicious activity
Analysis date: August 06, 2024, 19:16:22
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Windows , Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Windows ., Create Time/Date: Fri Oct 22 17:49:32 2021, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 4, Template: x64;1033, Last Saved By: x64;1028, Revision Number: {014B7442-C784-45D3-A152-F7D2C651F28A}3.3.2110.22002;{3FDC6AFD-009E-42D5-A47F-171982742A5A}3.3.2110.22002;{B5D9E156-6D3D-4925-B789-6B7DD1C6B059}, Number of Pages: 400, Number of Characters: 131135
MD5:

2ED25FBC20855498BB8FCFC581FDD1BD

SHA1:

C5AC13685297298D437381548D77EB8CE04EF2B3

SHA256:

CEDC6234B6D49C9F6446860119AEF068333E60D60E9092281CBC869A74EB0630

SSDEEP:

98304:aB29Ds2Wvowr0CyqadO+bDVAFGk5M8oduk7LEcl8FqCUpqmaVQQJD9pRQ3tmNNEp:3ccVtx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 6512)
      • msiexec.exe (PID: 6804)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 6512)
      • msiexec.exe (PID: 6804)

    • Executes as Windows Service

      • VSSVC.exe (PID: 6304)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 6804)
      • PCHealthCheck.exe (PID: 6300)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6804)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6804)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 5540)
      • PCHealthCheck.exe (PID: 6300)

    • Reads Microsoft Outlook installation path

      • PCHealthCheck.exe (PID: 6300)

    • Reads the date of Windows installation

      • msiexec.exe (PID: 5540)
      • PCHealthCheck.exe (PID: 6300)

    • Reads Internet Explorer settings

      • PCHealthCheck.exe (PID: 6300)

  • INFO

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 6512)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 6512)
      • msiexec.exe (PID: 6804)

    • Reads the software policy settings

      • msiexec.exe (PID: 6512)
      • msiexec.exe (PID: 6804)
      • PCHealthCheck.exe (PID: 6300)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6512)
      • msiexec.exe (PID: 6804)

    • Application launched itself

      • msiexec.exe (PID: 6804)
      • firefox.exe (PID: 2388)
      • firefox.exe (PID: 3044)

    • Checks supported languages

      • msiexec.exe (PID: 6844)
      • msiexec.exe (PID: 6804)
      • PCHealthCheck.exe (PID: 6300)
      • msiexec.exe (PID: 5540)
      • msiexec.exe (PID: 7044)

    • Reads the computer name

      • msiexec.exe (PID: 6844)
      • msiexec.exe (PID: 6804)
      • msiexec.exe (PID: 7044)
      • msiexec.exe (PID: 5540)
      • PCHealthCheck.exe (PID: 6300)

    • Checks proxy server information

      • msiexec.exe (PID: 6512)
      • PCHealthCheck.exe (PID: 6300)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 6804)
      • PCHealthCheck.exe (PID: 6300)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6804)

    • Write to the desktop.ini file (may be used to cloak folders)

      • msiexec.exe (PID: 6804)

    • Process checks computer location settings

      • msiexec.exe (PID: 5540)
      • PCHealthCheck.exe (PID: 6300)

    • Process checks Internet Explorer phishing filters

      • PCHealthCheck.exe (PID: 6300)

    • Create files in a temporary directory

      • PCHealthCheck.exe (PID: 6300)

    • Manual execution by a user

      • firefox.exe (PID: 2388)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (95.3)
.doc | Microsoft Word document (old ver.) (3.2)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: Windows PC Health Check
Author: Microsoft Corporation
Keywords: Installer
Comments: This installer database contains the logic and data required to install Windows PC Health Check.
RevisionNumber: {D9738104-D858-4177-8DEA-F8853189F234}
CreateDate: 2021:10:22 17:41:42
ModifyDate: 2021:10:22 17:41:42
Pages: 400
Words: 10
Software: Windows Installer XML Toolset (3.11.2.4516)
Security: Read-only recommended
Template: x64;1033,1025,1026,1027,1029,1030,1031,1032,3082,1061,1035,1036,1037,1050,1038,1040,1041,1042,1063,1062,1044,1043,1045,1046,2070,1048,1049,1051,1060,2074,1053,1054,1055,1058,2052,3076,1028
LastModifiedBy: x64;1025
Characters: 131135
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
162
Monitored processes
26
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs msiexec.exe no specs pchealthcheck.exe msiexec.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs textinputhost.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs pchealthcheck.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2388"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
3044"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
3908\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3980"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20240213221259 -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 30537 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a5d9774-6fb3-4128-b3c0-f8f4bdf3331b} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 13d2cd82710 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
5084C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
2147942487
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5540C:\Windows\syswow64\MsiExec.exe -Embedding 2D8D85A96391713183005A78A4161CF9 CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6168"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2880 -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 30953 -prefMapSize 244343 -jsInitHandle 1536 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {582fbe9b-6900-4cb8-9a07-a36c40564330} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 13d3f232150 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
6300"C:\Users\admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe" C:\Users\admin\AppData\Local\PCHealthCheck\PCHealthCheck.exe
msiexec.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\pchealthcheck\pchealthcheck.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
6304C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6452"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1836 -parentBuildID 20240213221259 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 30537 -prefMapSize 244343 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23f01408-e983-4efd-b274-d9b01ce92007} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 13d397bca10 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Total events
27 095
Read events
26 291
Write events
773
Delete events
31

Modification events

(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
480000000000000084210A3035E8DA01941A00008C1B0000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
480000000000000084210A3035E8DA01941A00008C1B0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000B7B8453035E8DA01941A00008C1B0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000801E483035E8DA01941A00008C1B0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000E3814A3035E8DA01941A00008C1B0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000394A4F3035E8DA01941A00008C1B0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
4800000000000000FE2AB83035E8DA01941A00008C1B0000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6804) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000002B8EBA3035E8DA01941A0000C0110000E803000001000000000000000000000087577999AB544540A32A1E4B9526115D00000000000000000000000000000000
(PID) Process:(6304) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000A30AC43035E8DA01A0180000A40F0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
127
Suspicious files
201
Text files
117
Unknown types
25

Dropped files

PID
Process
Filename
Type
6804msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
6804msiexec.exeC:\Windows\Installer\ec9a5.msi
MD5:
SHA256:
6804msiexec.exeC:\Windows\Temp\~DF55C0ADF867EB1DB3.TMPgmc
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
6512msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI5E77.tmpexecutable
MD5:FECC1AED7B735F5B797917308B122E82
SHA256:1AF80076A2ECDDDF10C702F4AE12B345BB7A162A6E3ADE84B9F03059CAF6EF7E
6512msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C0018BB1B5834735BFA60CD063B31956binary
MD5:AD93F2941B3210A2354419B3152B8B48
SHA256:D87ABEB3204DB7C90C17EB8C6D396612555151516815FA6A407B9A1EBAD3CF33
6512msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37C951188967C8EB88D99893D9D191FEbinary
MD5:FB64A9EBEDF48D3895381D5B7D80743D
SHA256:EA21D495930AD76F267A33A0F593DBF0C7EA75E457FCAE49A29DAAD8BD920F42
6804msiexec.exeC:\Windows\Installer\MSICE97.tmpexecutable
MD5:FECC1AED7B735F5B797917308B122E82
SHA256:1AF80076A2ECDDDF10C702F4AE12B345BB7A162A6E3ADE84B9F03059CAF6EF7E
6804msiexec.exeC:\Windows\Temp\~DFA273BA2C93BBF355.TMPbinary
MD5:21BDEEC0BDE6693D325DA61C4B95A27D
SHA256:A6320133C965B4212B46FEE1BD6273046035771C7C668811E43009E4DDF16FAE
6804msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{99795787-54ab-4045-a32a-1e4b9526115d}_OnDiskSnapshotPropbinary
MD5:8B835C50A6F61C9130D521F2DC7B948E
SHA256:5E937BC8525B255D66D2856FDB1C647002ABB6CECBE52BEE75940212B42A236E
6804msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipibinary
MD5:21BDEEC0BDE6693D325DA61C4B95A27D
SHA256:A6320133C965B4212B46FEE1BD6273046035771C7C668811E43009E4DDF16FAE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
101
DNS requests
125
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6512
msiexec.exe
GET
200
23.218.209.163:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
1948
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7100
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1948
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7108
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
7140
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
POST
200
172.217.23.99:80
http://o.pki.goog/wr2
unknown
POST
200
2.16.241.12:80
http://r10.o.lencr.org/
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
5588
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1248
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6512
msiexec.exe
23.218.209.163:80
www.microsoft.com
AKAMAI-AS
DE
unknown
4
System
192.168.100.255:137
whitelisted
5588
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1948
svchost.exe
20.190.160.14:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
1948
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.46
whitelisted
www.microsoft.com
  • 23.218.209.163
whitelisted
login.live.com
  • 20.190.160.14
  • 20.190.160.17
  • 40.126.32.68
  • 40.126.32.76
  • 40.126.32.134
  • 40.126.32.140
  • 40.126.32.133
  • 20.190.160.20
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
www.bing.com
  • 2.23.209.137
  • 2.23.209.156
  • 2.23.209.154
  • 2.23.209.150
  • 2.23.209.151
  • 2.23.209.153
  • 2.23.209.144
  • 2.23.209.140
  • 2.23.209.149
  • 95.100.146.8
  • 95.100.146.10
  • 95.100.146.33
  • 95.100.146.32
  • 95.100.146.26
  • 95.100.146.19
  • 95.100.146.16
  • 95.100.146.17
  • 95.100.146.25
whitelisted
fd.api.iris.microsoft.com
  • 20.199.58.43
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
slscr.update.microsoft.com
  • 52.165.165.26
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
WindowsPCHealthCheckSetup.msi