File name:

FirefoxSetup141.0.2.msi

Full analysis: https://app.any.run/tasks/cfd704f0-046f-4a7c-b155-a575e254949f
Verdict: Malicious activity
Analysis date: August 05, 2025, 20:57:09
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Mozilla Firefox 141.0.2 x64 en-US, Author: Mozilla, Keywords: Installer, Comments: This installer database contains the logic and data required to install Mozilla Firefox 141.0.2 x64 en-US., Template: x64;0, Revision Number: {9EAC2356-F00C-434E-912B-A2128465D476}, Create Time/Date: Mon Aug 4 11:15:48 2025, Last Saved Time/Date: Mon Aug 4 11:15:48 2025, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.8606), Security: 2
MD5:

397FBC4B09CD9E7E2E9F5EEE72BEFF2F

SHA1:

44F84AD3BDAC2423FD789D4CC5B9DCF4148DED34

SHA256:

D0092CA1A9F58F734B0CFCBC8A3EB64FF50DD32D36AFEC0C5AF4BA18DBEE33C8

SSDEEP:

786432:pKTVVIVr3vH5D7Doe2Qx4gzHDrdyJBGgBF/TfSC:pwVyVrfZce2QKgzHDZUBpTP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • setup.exe (PID: 5284)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 6356)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6128)

    • The process drops Mozilla's DLL files

      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)

    • Process drops legitimate windows executable

      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)

    • The process drops C-runtime libraries

      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)

    • Executable content was dropped or overwritten

      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)
      • maintenanceservice_tmp.exe (PID: 4892)
      • maintenanceservice_installer.exe (PID: 5808)

    • Searches for installed software

      • setup.exe (PID: 5284)

    • The process creates files with name similar to system file names

      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 6412)

    • Loads DLL from Mozilla Firefox

      • regsvr32.exe (PID: 6412)
      • default-browser-agent.exe (PID: 5188)
      • crashhelper.exe (PID: 4308)
      • crashhelper.exe (PID: 6808)

    • Creates a software uninstall entry

      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 5284)

  • INFO

    • Checks proxy server information

      • msiexec.exe (PID: 2980)
      • slui.exe (PID: 6812)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 2980)

    • Reads the computer name

      • msiexec.exe (PID: 6128)
      • setup.exe (PID: 5284)
      • maintenanceservice_tmp.exe (PID: 4892)
      • maintenanceservice_installer.exe (PID: 5808)

    • Reads the software policy settings

      • msiexec.exe (PID: 2980)
      • msiexec.exe (PID: 6128)
      • slui.exe (PID: 6812)

    • Checks supported languages

      • msiexec.exe (PID: 6128)
      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)
      • maintenanceservice_tmp.exe (PID: 4892)
      • default-browser-agent.exe (PID: 5188)
      • crashhelper.exe (PID: 4308)
      • crashhelper.exe (PID: 6808)
      • maintenanceservice_installer.exe (PID: 5808)

    • The sample compiled with english language support

      • msiexec.exe (PID: 2980)
      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 2980)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 6128)
      • setup.exe (PID: 5284)

    • Manages system restore points

      • SrTasks.exe (PID: 6408)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 6128)

    • Create files in a temporary directory

      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)

    • Creates files in the program directory

      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)

    • Application launched itself

      • firefox.exe (PID: 4676)
      • firefox.exe (PID: 5424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: Mozilla Firefox 141.0.2 x64 en-US
Author: Mozilla
Keywords: Installer
Comments: This installer database contains the logic and data required to install Mozilla Firefox 141.0.2 x64 en-US.
Template: x64;0
RevisionNumber: {9EAC2356-F00C-434E-912B-A2128465D476}
CreateDate: 2025:08:04 11:15:48
ModifyDate: 2025:08:04 11:15:48
Pages: 200
Words: 2
Software: Windows Installer XML Toolset (3.14.0.8606)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
18
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msi37ef.tmp setup.exe regsvr32.exe no specs maintenanceservice_installer.exe maintenanceservice_tmp.exe default-browser-agent.exe no specs firefox.exe no specs firefox.exe no specs crashhelper.exe no specs firefox.exe no specs firefox.exe no specs crashhelper.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
2032"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask installC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
141.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2980"C:\Windows\System32\msiexec.exe" /i C:\Users\admin\Desktop\FirefoxSetup141.0.2.msiC:\Windows\System32\msiexec.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3760"C:\WINDOWS\Installer\MSI37EF.tmp" /S /TaskbarShortcut=true /DesktopShortcut=true /StartMenuShortcut=true /PrivateBrowsingShortcut=true /MaintenanceService=true /RemoveDistributionDir=true /PreventRebootRequired=false /OptionalExtensions=true /RegisterDefaultAgent=true /LaunchedFromMSIC:\Windows\Installer\MSI37EF.tmp
msiexec.exe
User:
admin
Company:
Mozilla
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
18.05
Modules
Images
c:\windows\installer\msi37ef.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
4308"C:\Program Files\Mozilla Firefox\crashhelper.exe" "5576" "\\.\pipe\gecko-crash-server-pipe.5576" "C:\Users\admin\AppData\Local\Temp\\" "812" "804"C:\Program Files\Mozilla Firefox\crashhelper.exefirefox.exe
User:
SYSTEM
Company:
Mozilla Foundation
Integrity Level:
MEDIUM
Exit code:
0
Version:
141.0.2
Modules
Images
c:\program files\mozilla firefox\crashhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
4676"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\firefox.exedefault-browser-agent.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
SYSTEM
Description:
Firefox
Exit code:
3
Version:
141.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\bcrypt.dll
4892"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe" installC:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
maintenanceservice_installer.exe
User:
SYSTEM
Company:
Mozilla Foundation
Integrity Level:
SYSTEM
Exit code:
0
Version:
141.0.2
Modules
Images
c:\program files (x86)\mozilla maintenance service\maintenanceservice_tmp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shlwapi.dll
5188"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\default-browser-agent.exesetup.exe
User:
SYSTEM
Company:
Mozilla Foundation
Integrity Level:
SYSTEM
Exit code:
2147500037
Version:
141.0.2
Modules
Images
c:\program files\mozilla firefox\default-browser-agent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ole32.dll
5284.\setup.exe /S /TaskbarShortcut=true /DesktopShortcut=true /StartMenuShortcut=true /PrivateBrowsingShortcut=true /MaintenanceService=true /RemoveDistributionDir=true /PreventRebootRequired=false /OptionalExtensions=true /RegisterDefaultAgent=true /LaunchedFromMSIC:\Users\admin\AppData\Local\Temp\7zS0BE5EE69\setup.exe
MSI37EF.tmp
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
SYSTEM
Description:
Firefox Installer
Exit code:
0
Version:
141.0.2
Modules
Images
c:\users\admin\appdata\local\temp\7zs0be5ee69\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
5424"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask installC:\Program Files\Mozilla Firefox\firefox.exesetup.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
SYSTEM
Description:
Firefox
Exit code:
0
Version:
141.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
c:\windows\system32\bcrypt.dll
5576"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
3
Version:
141.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
Total events
15 557
Read events
15 248
Write events
264
Delete events
45

Modification events

(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
48000000000000004CED86934B06DC01F0170000240C0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
48000000000000004CED86934B06DC01F0170000240C0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000D3B58B934B06DC01F0170000240C0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
480000000000000058506A934B06DC01F0170000240C0000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
480000000000000058506A934B06DC01F0170000240C0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
48000000000000001F5289934B06DC01F0170000240C0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(6356) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000001D8EF934B06DC01D4180000B4040000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6356) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000001D8EF934B06DC01D418000088100000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6356) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000001D8EF934B06DC01D418000010180000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
83
Suspicious files
20
Text files
42
Unknown types
89

Dropped files

PID
Process
Filename
Type
6128msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
6128msiexec.exeC:\Windows\Installer\192466.msi
MD5:
SHA256:
6128msiexec.exeC:\Windows\Installer\MSI3629.tmp
MD5:
SHA256:
6128msiexec.exeC:\Windows\Installer\MSI37EF.tmp
MD5:
SHA256:
2980msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FAder
MD5:61458D997E663A37384CD90D31BA3629
SHA256:3051545B925F12F3A647AD58E8BA84C6A0B18BEDF0742919B0D121B5B12225A2
3760MSI37EF.tmpC:\Users\admin\AppData\Local\Temp\7zS0BE5EE69\core\browser\omni.ja
MD5:
SHA256:
2980msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBbinary
MD5:11EAAF89894E51F4492A9A19EFACC375
SHA256:C59848700936B6F46585E41EF1CED1283CC9EB074B043BD7BD8BE5E265D9C339
2980msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_B6AE23E29F7147068BFE703694A1EF14binary
MD5:F0339EAE73E52638EA2536AE2003552C
SHA256:92FBF11BFD0EEBAA662E02C75FFB99C696C28C07525419958A82958D41697562
2980msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_B6AE23E29F7147068BFE703694A1EF14der
MD5:55B368000302A4BFC13EAF8F2A059B2D
SHA256:198F285DB30062F661A46260FA5B412B093222A0FF6AA0DFDF7070AA41BAC553
2980msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBder
MD5:6F3A9565252D50F75DDFDD114F8CC555
SHA256:1F553981B54CB26601CF0488F2EF6B5E2C0FFBF4C70A247F1D70D74E3FC73BBF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
42
TCP/UDP connections
57
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
23.48.23.138:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.48.23.138:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
200
20.190.160.17:443
https://login.live.com/RST2.srf
unknown
whitelisted
POST
400
20.190.160.20:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
40.126.32.72:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2980
msiexec.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAEkCvseOAuKFvFLcZ3008A%3D
unknown
whitelisted
2980
msiexec.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
POST
200
40.126.32.136:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
16.7 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
23.48.23.138:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.138:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
20.190.159.4:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1864
svchost.exe
20.190.159.4:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.174
whitelisted
crl.microsoft.com
  • 23.48.23.138
  • 23.48.23.153
  • 23.48.23.146
  • 23.48.23.140
  • 23.48.23.145
  • 23.48.23.137
  • 23.48.23.141
  • 23.48.23.139
  • 23.48.23.143
  • 23.48.23.158
  • 23.48.23.156
  • 23.48.23.150
  • 23.48.23.169
  • 23.48.23.173
  • 23.48.23.162
  • 23.48.23.164
whitelisted
www.microsoft.com
  • 69.192.161.161
whitelisted
login.live.com
  • 20.190.159.4
  • 20.190.159.68
  • 20.190.159.129
  • 20.190.159.75
  • 40.126.31.131
  • 40.126.31.69
  • 20.190.159.73
  • 20.190.159.2
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
go.microsoft.com
  • 23.52.181.141
whitelisted
slscr.update.microsoft.com
  • 20.165.94.63
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FirefoxSetup141.0.2.msi