File name:

FirefoxSetup141.0.2.msi

Full analysis: https://app.any.run/tasks/cfd704f0-046f-4a7c-b155-a575e254949f
Verdict: Malicious activity
Analysis date: August 05, 2025, 20:57:09
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Mozilla Firefox 141.0.2 x64 en-US, Author: Mozilla, Keywords: Installer, Comments: This installer database contains the logic and data required to install Mozilla Firefox 141.0.2 x64 en-US., Template: x64;0, Revision Number: {9EAC2356-F00C-434E-912B-A2128465D476}, Create Time/Date: Mon Aug 4 11:15:48 2025, Last Saved Time/Date: Mon Aug 4 11:15:48 2025, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.8606), Security: 2
MD5:

397FBC4B09CD9E7E2E9F5EEE72BEFF2F

SHA1:

44F84AD3BDAC2423FD789D4CC5B9DCF4148DED34

SHA256:

D0092CA1A9F58F734B0CFCBC8A3EB64FF50DD32D36AFEC0C5AF4BA18DBEE33C8

SSDEEP:

786432:pKTVVIVr3vH5D7Doe2Qx4gzHDrdyJBGgBF/TfSC:pwVyVrfZce2QKgzHDZUBpTP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • setup.exe (PID: 5284)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 6356)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6128)

    • The process drops Mozilla's DLL files

      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)

    • Executable content was dropped or overwritten

      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)
      • maintenanceservice_tmp.exe (PID: 4892)
      • maintenanceservice_installer.exe (PID: 5808)

    • The process drops C-runtime libraries

      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)

    • Process drops legitimate windows executable

      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)

    • The process creates files with name similar to system file names

      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 6412)

    • Creates a software uninstall entry

      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)

    • Searches for installed software

      • setup.exe (PID: 5284)

    • Loads DLL from Mozilla Firefox

      • regsvr32.exe (PID: 6412)
      • default-browser-agent.exe (PID: 5188)
      • crashhelper.exe (PID: 4308)
      • crashhelper.exe (PID: 6808)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 5284)

  • INFO

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 2980)

    • The sample compiled with english language support

      • msiexec.exe (PID: 2980)
      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 2980)

    • Reads the software policy settings

      • msiexec.exe (PID: 2980)
      • msiexec.exe (PID: 6128)
      • slui.exe (PID: 6812)

    • Checks proxy server information

      • msiexec.exe (PID: 2980)
      • slui.exe (PID: 6812)

    • Reads the computer name

      • msiexec.exe (PID: 6128)
      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)
      • maintenanceservice_tmp.exe (PID: 4892)

    • Checks supported languages

      • msiexec.exe (PID: 6128)
      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)
      • maintenanceservice_tmp.exe (PID: 4892)
      • default-browser-agent.exe (PID: 5188)
      • crashhelper.exe (PID: 4308)
      • crashhelper.exe (PID: 6808)

    • Manages system restore points

      • SrTasks.exe (PID: 6408)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 6128)
      • setup.exe (PID: 5284)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 6128)

    • Create files in a temporary directory

      • MSI37EF.tmp (PID: 3760)
      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)

    • Creates files in the program directory

      • setup.exe (PID: 5284)
      • maintenanceservice_installer.exe (PID: 5808)

    • Application launched itself

      • firefox.exe (PID: 4676)
      • firefox.exe (PID: 5424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: Mozilla Firefox 141.0.2 x64 en-US
Author: Mozilla
Keywords: Installer
Comments: This installer database contains the logic and data required to install Mozilla Firefox 141.0.2 x64 en-US.
Template: x64;0
RevisionNumber: {9EAC2356-F00C-434E-912B-A2128465D476}
CreateDate: 2025:08:04 11:15:48
ModifyDate: 2025:08:04 11:15:48
Pages: 200
Words: 2
Software: Windows Installer XML Toolset (3.14.0.8606)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
18
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msi37ef.tmp setup.exe regsvr32.exe no specs maintenanceservice_installer.exe maintenanceservice_tmp.exe default-browser-agent.exe no specs firefox.exe no specs firefox.exe no specs crashhelper.exe no specs firefox.exe no specs firefox.exe no specs crashhelper.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
2032"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask installC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
141.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2980"C:\Windows\System32\msiexec.exe" /i C:\Users\admin\Desktop\FirefoxSetup141.0.2.msiC:\Windows\System32\msiexec.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3760"C:\WINDOWS\Installer\MSI37EF.tmp" /S /TaskbarShortcut=true /DesktopShortcut=true /StartMenuShortcut=true /PrivateBrowsingShortcut=true /MaintenanceService=true /RemoveDistributionDir=true /PreventRebootRequired=false /OptionalExtensions=true /RegisterDefaultAgent=true /LaunchedFromMSIC:\Windows\Installer\MSI37EF.tmp
msiexec.exe
User:
admin
Company:
Mozilla
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
18.05
Modules
Images
c:\windows\installer\msi37ef.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
4308"C:\Program Files\Mozilla Firefox\crashhelper.exe" "5576" "\\.\pipe\gecko-crash-server-pipe.5576" "C:\Users\admin\AppData\Local\Temp\\" "812" "804"C:\Program Files\Mozilla Firefox\crashhelper.exefirefox.exe
User:
SYSTEM
Company:
Mozilla Foundation
Integrity Level:
MEDIUM
Exit code:
0
Version:
141.0.2
Modules
Images
c:\program files\mozilla firefox\crashhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
4676"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\firefox.exedefault-browser-agent.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
SYSTEM
Description:
Firefox
Exit code:
3
Version:
141.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\bcrypt.dll
4892"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe" installC:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
maintenanceservice_installer.exe
User:
SYSTEM
Company:
Mozilla Foundation
Integrity Level:
SYSTEM
Exit code:
0
Version:
141.0.2
Modules
Images
c:\program files (x86)\mozilla maintenance service\maintenanceservice_tmp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shlwapi.dll
5188"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\default-browser-agent.exesetup.exe
User:
SYSTEM
Company:
Mozilla Foundation
Integrity Level:
SYSTEM
Exit code:
2147500037
Version:
141.0.2
Modules
Images
c:\program files\mozilla firefox\default-browser-agent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ole32.dll
5284.\setup.exe /S /TaskbarShortcut=true /DesktopShortcut=true /StartMenuShortcut=true /PrivateBrowsingShortcut=true /MaintenanceService=true /RemoveDistributionDir=true /PreventRebootRequired=false /OptionalExtensions=true /RegisterDefaultAgent=true /LaunchedFromMSIC:\Users\admin\AppData\Local\Temp\7zS0BE5EE69\setup.exe
MSI37EF.tmp
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
SYSTEM
Description:
Firefox Installer
Exit code:
0
Version:
141.0.2
Modules
Images
c:\users\admin\appdata\local\temp\7zs0be5ee69\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
5424"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask installC:\Program Files\Mozilla Firefox\firefox.exesetup.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
SYSTEM
Description:
Firefox
Exit code:
0
Version:
141.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
c:\windows\system32\bcrypt.dll
5576"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
SYSTEM
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
3
Version:
141.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
Total events
15 557
Read events
15 248
Write events
264
Delete events
45

Modification events

(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
48000000000000004CED86934B06DC01F0170000240C0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
48000000000000004CED86934B06DC01F0170000240C0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000D3B58B934B06DC01F0170000240C0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
480000000000000058506A934B06DC01F0170000240C0000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
480000000000000058506A934B06DC01F0170000240C0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
48000000000000001F5289934B06DC01F0170000240C0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6128) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(6356) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000001D8EF934B06DC01D4180000B4040000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6356) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000001D8EF934B06DC01D418000088100000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6356) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000001D8EF934B06DC01D418000010180000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
83
Suspicious files
20
Text files
42
Unknown types
89

Dropped files

PID
Process
Filename
Type
6128msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
6128msiexec.exeC:\Windows\Installer\192466.msi
MD5:
SHA256:
6128msiexec.exeC:\Windows\Installer\MSI3629.tmp
MD5:
SHA256:
6128msiexec.exeC:\Windows\Installer\MSI37EF.tmp
MD5:
SHA256:
2980msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FAbinary
MD5:F669150120D2E54C12D85AAC01AE0755
SHA256:7761A87678BA90BD8E6994BA0EEB5C746F73DAB9C2E397DBA4707831FA199877
3760MSI37EF.tmpC:\Users\admin\AppData\Local\Temp\7zS0BE5EE69\core\browser\omni.ja
MD5:
SHA256:
2980msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141binary
MD5:7F28374F5A67FAFF761ADEF3DAA2D782
SHA256:55EFF5196236AA16FF2FEF6918106484CCB7B469A449D791E6B37FE49FDE5695
2980msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FAder
MD5:61458D997E663A37384CD90D31BA3629
SHA256:3051545B925F12F3A647AD58E8BA84C6A0B18BEDF0742919B0D121B5B12225A2
2980msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141der
MD5:8F380E2AFD507983598E3EF557B0F1A9
SHA256:B1E46036E524AB20451E799FFA24ABE8179BBA557DFF66EF8930F5BC43D19706
2980msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBder
MD5:6F3A9565252D50F75DDFDD114F8CC555
SHA256:1F553981B54CB26601CF0488F2EF6B5E2C0FFBF4C70A247F1D70D74E3FC73BBF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
42
TCP/UDP connections
57
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
23.48.23.138:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2980
msiexec.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAEkCvseOAuKFvFLcZ3008A%3D
unknown
whitelisted
POST
200
20.190.160.65:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
2980
msiexec.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
POST
200
20.190.160.132:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
2980
msiexec.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA8O98LYGSc%2BjBPwFtLgmyU%3D
unknown
whitelisted
2980
msiexec.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
POST
200
20.190.160.3:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
POST
200
20.190.160.17:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
POST
200
20.190.160.65:443
https://login.live.com/RST2.srf
unknown
xml
11.0 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
23.48.23.138:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.138:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
20.190.159.4:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1864
svchost.exe
20.190.159.4:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.174
whitelisted
crl.microsoft.com
  • 23.48.23.138
  • 23.48.23.153
  • 23.48.23.146
  • 23.48.23.140
  • 23.48.23.145
  • 23.48.23.137
  • 23.48.23.141
  • 23.48.23.139
  • 23.48.23.143
  • 23.48.23.158
  • 23.48.23.156
  • 23.48.23.150
  • 23.48.23.169
  • 23.48.23.173
  • 23.48.23.162
  • 23.48.23.164
whitelisted
www.microsoft.com
  • 69.192.161.161
whitelisted
login.live.com
  • 20.190.159.4
  • 20.190.159.68
  • 20.190.159.129
  • 20.190.159.75
  • 40.126.31.131
  • 40.126.31.69
  • 20.190.159.73
  • 20.190.159.2
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
go.microsoft.com
  • 23.52.181.141
whitelisted
slscr.update.microsoft.com
  • 20.165.94.63
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FirefoxSetup141.0.2.msi