File name:

nasnavi-311.exe

Full analysis: https://app.any.run/tasks/a0b6923a-d3db-4980-aff7-b1606b0c00c4
Verdict: Malicious activity
Analysis date: March 09, 2025, 02:44:24
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

985A7CC124013DF1C091FFB9CECD91C8

SHA1:

FD7A53C18E60B16C70BAEF878CEFD978A65E30D4

SHA256:

D0EB01F1BCE5155A2BB62CE0EDE3133E80E07463555B655038CFC26E07BC7731

SSDEEP:

98304:qyMtoKQ1kWnLl0xkxZ+xl6zq5X974u+D/1F2s/eHZxKot/Mm2xjQ3MAgH7joWXMf:mkGNemIIMuoUntpF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Create files in the Startup directory

      • CreateSC.exe (PID: 7716)
      • CreateSC.exe (PID: 7804)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • nasnavi-311.exe (PID: 5972)
      • NASNaviInst.exe (PID: 6108)
      • PowerISO9-x64.exe (PID: 8076)

    • Reads security settings of Internet Explorer

      • nasnavi-311.exe (PID: 5972)
      • NASNaviInst.exe (PID: 4428)
      • ShellExperienceHost.exe (PID: 7532)

    • Application launched itself

      • NASNaviInst.exe (PID: 4428)

    • Creates a software uninstall entry

      • NASNaviInst.exe (PID: 6108)

    • There is functionality for taking screenshot (YARA)

      • NASNaviInst.exe (PID: 4428)
      • NASNaviInst.exe (PID: 6108)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • NASNaviInst.exe (PID: 6108)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • NASNaviInst.exe (PID: 6108)

    • Uses NETSH.EXE to change the status of the firewall

      • NASNaviInst.exe (PID: 6108)

    • Executes as Windows Service

      • nassvc.exe (PID: 7916)

    • The process creates files with name similar to system file names

      • PowerISO9-x64.exe (PID: 8076)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • PowerISO9-x64.exe (PID: 8076)

  • INFO

    • Checks supported languages

      • nasnavi-311.exe (PID: 5972)
      • CreateSC.exe (PID: 5504)
      • NASNaviInst.exe (PID: 6108)
      • NASNaviInst.exe (PID: 4428)
      • CreateSC.exe (PID: 7192)
      • CreateSC.exe (PID: 7216)
      • CreateSC.exe (PID: 7148)
      • CreateSC.exe (PID: 7664)
      • CreateSC.exe (PID: 7716)
      • CreateSC.exe (PID: 7688)
      • CreateSC.exe (PID: 7804)
      • CreateSC.exe (PID: 7752)
      • nassvc.exe (PID: 7852)
      • nassvc.exe (PID: 7916)
      • nassche.exe (PID: 7960)
      • PowerISO9-x64.exe (PID: 8076)
      • ShellExperienceHost.exe (PID: 7532)

    • Reads the computer name

      • nasnavi-311.exe (PID: 5972)
      • NASNaviInst.exe (PID: 4428)
      • NASNaviInst.exe (PID: 6108)
      • CreateSC.exe (PID: 7192)
      • CreateSC.exe (PID: 7216)
      • CreateSC.exe (PID: 7688)
      • CreateSC.exe (PID: 7752)
      • CreateSC.exe (PID: 7716)
      • CreateSC.exe (PID: 7804)
      • nassvc.exe (PID: 7852)
      • nassvc.exe (PID: 7916)
      • PowerISO9-x64.exe (PID: 8076)
      • ShellExperienceHost.exe (PID: 7532)

    • Process checks computer location settings

      • NASNaviInst.exe (PID: 4428)
      • nasnavi-311.exe (PID: 5972)

    • The sample compiled with japanese language support

      • nasnavi-311.exe (PID: 5972)
      • NASNaviInst.exe (PID: 6108)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 7568)
      • BackgroundTransferHost.exe (PID: 8076)
      • BackgroundTransferHost.exe (PID: 4228)
      • BackgroundTransferHost.exe (PID: 5436)
      • BackgroundTransferHost.exe (PID: 7684)
      • netsh.exe (PID: 7884)

    • Creates files in the program directory

      • NASNaviInst.exe (PID: 6108)
      • CreateSC.exe (PID: 7716)
      • CreateSC.exe (PID: 7804)

    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 8076)
      • PowerISO9-x64.exe (PID: 8076)

    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 8076)
      • PowerISO9-x64.exe (PID: 8076)

    • Creates files or folders in the user directory

      • BackgroundTransferHost.exe (PID: 8076)

    • Manual execution by a user

      • PowerISO9-x64.exe (PID: 8084)
      • PowerISO9-x64.exe (PID: 8076)

    • Reads the machine GUID from the registry

      • PowerISO9-x64.exe (PID: 8076)

    • Create files in a temporary directory

      • PowerISO9-x64.exe (PID: 8076)

    • Disables trace logs

      • PowerISO9-x64.exe (PID: 8076)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:08:01 09:26:15+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.33
CodeSize: 163328
InitializedDataSize: 332288
UninitializedDataSize: -
EntryPoint: 0x15de0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
172
Monitored processes
35
Malicious processes
3
Suspicious processes
3

Behavior graph

Click at the process to see the details
start nasnavi-311.exe nasnaviinst.exe no specs nasnaviinst.exe sppextcomobj.exe no specs slui.exe no specs createsc.exe no specs createsc.exe no specs createsc.exe no specs createsc.exe no specs backgroundtransferhost.exe no specs createsc.exe no specs createsc.exe no specs createsc.exe createsc.exe no specs createsc.exe nassvc.exe no specs nassvc.exe nassche.exe no specs netsh.exe no specs conhost.exe no specs backgroundtransferhost.exe netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs backgroundtransferhost.exe no specs netsh.exe no specs conhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs netsh.exe no specs conhost.exe no specs poweriso9-x64.exe no specs poweriso9-x64.exe shellexperiencehost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1184C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
1244C:\WINDOWS\SYSTEM32\netsh.exe firewall set allowedprogram "C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe" "BUFFALO NAS Navigator2" ENABLEC:\Windows\SysWOW64\netsh.exeNASNaviInst.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
4228"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
4428"C:\BUFFALO\nasnavi-311\NASNaviInst.exe" C:\BUFFALO\nasnavi-311\NASNaviInst.exenasnavi-311.exe
User:
admin
Company:
Buffalo Inc.
Integrity Level:
MEDIUM
Description:
BUFFALO tool
Exit code:
0
Version:
1, 3, 5, 0
Modules
Images
c:\buffalo\nasnavi-311\nasnaviinst.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5436"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
5504"C:\Program Files (x86)\BUFFALO\NASNAVI\install\CreateSC.exe" 0x0000 "BUFFALO NAS Navigator.lnk"C:\Program Files (x86)\BUFFALO\NASNAVI\install\CreateSC.exeNASNaviInst.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files (x86)\buffalo\nasnavi\install\createsc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
5728"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5972"C:\Users\admin\AppData\Local\Temp\nasnavi-311.exe" C:\Users\admin\AppData\Local\Temp\nasnavi-311.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nasnavi-311.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
6108"C:\BUFFALO\nasnavi-311\NASNaviInst.exe" "C:\BUFFALO\nasnavi-311\NASNaviInst.exe" /RUN_AS_ADMINC:\BUFFALO\nasnavi-311\NASNaviInst.exe
NASNaviInst.exe
User:
admin
Company:
Buffalo Inc.
Integrity Level:
HIGH
Description:
BUFFALO tool
Exit code:
0
Version:
1, 3, 5, 0
Modules
Images
c:\buffalo\nasnavi-311\nasnaviinst.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7148"C:\Program Files (x86)\BUFFALO\NASNAVI\install\CreateSC.exe" 0x0000 "BUFFALO NAS Navigator2.lnk"C:\Program Files (x86)\BUFFALO\NASNAVI\install\CreateSC.exeNASNaviInst.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files (x86)\buffalo\nasnavi\install\createsc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
Total events
8 734
Read events
8 119
Write events
615
Delete events
0

Modification events

(PID) Process:(6108) NASNaviInst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UN060501
Operation:writeName:DisplayName
Value:
BUFFALO NAS Navigator2
(PID) Process:(6108) NASNaviInst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UN060501
Operation:writeName:UninstallString
Value:
C:\WINDOWS\UN060501.EXE /UNINST
(PID) Process:(6108) NASNaviInst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UN060501
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
(PID) Process:(6108) NASNaviInst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UN060501
Operation:writeName:DisplayVersion
Value:
3.110
(PID) Process:(6108) NASNaviInst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UN060501
Operation:writeName:Publisher
Value:
Buffalo Inc.
(PID) Process:(6108) NASNaviInst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UN060501
Operation:writeName:URLInfoAbout
Value:
http://buffalo.jp/
(PID) Process:(6108) NASNaviInst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UN060501
Operation:writeName:HelpLink
Value:
http://buffalo.jp/
(PID) Process:(6108) NASNaviInst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UN060501
Operation:writeName:URLUpdateInfo
Value:
http://buffalo.jp/
(PID) Process:(6108) NASNaviInst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UN060501
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\BUFFALO\NASNAVI\
(PID) Process:(7852) nassvc.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\BUFFALO\NASSVC\NoWOLProducts\0000001a
Operation:writeName:Product
Value:
26
Executable files
26
Suspicious files
14
Text files
105
Unknown types
0

Dropped files

PID
Process
Filename
Type
5972nasnavi-311.exeC:\BUFFALO\nasnavi-311\Module\ico\hs-dhgl.icoimage
MD5:78926A12D672416CA098CD7E6BBCBAE3
SHA256:100755F27445590EA16EE9F7D0129C97800D3D9F2D5EA4259761D77E432576FC
5972nasnavi-311.exeC:\BUFFALO\nasnavi-311\Module\ico\hs-dgl.icoimage
MD5:04DB5F2565D9A8FD8CD113EF2CEA230E
SHA256:81C605EBC619936B3ED756AD32A70DBA5F4CFC46A6B1E97273F70AA36AEA57E0
5972nasnavi-311.exeC:\BUFFALO\nasnavi-311\Module\ico\bk441.icoimage
MD5:055711627CC4A927C25171BF71314459
SHA256:2E7EE851CF550391503329718F627F16261335C31D4FAB9030507C8B312AD76B
5972nasnavi-311.exeC:\BUFFALO\nasnavi-311\Module\ico\hd-hlan.icoimage
MD5:4533B38BD24245C84AD577DE993D907D
SHA256:DF75B945EF65A2993DDB79BF3962D8AB5F2BF1712D3908B99E11A889F4BC2435
5972nasnavi-311.exeC:\BUFFALO\nasnavi-311\Module\ico\bpx1st.icoimage
MD5:BE9863E9FECE53B25025EBB511BF545B
SHA256:2AB56049C73413E76DFB37B80E6B8797604AB17CB89923925A1EFEF9C39CB977
5972nasnavi-311.exeC:\BUFFALO\nasnavi-311\Module\ico\ls-chl.icoimage
MD5:70F810BF1432E78F4B741DD4E9742EE8
SHA256:08010BC8E079518A7D99F5539B12118DFB5AEE6AC77257EC54BCC2E3BE45003C
5972nasnavi-311.exeC:\BUFFALO\nasnavi-311\Module\ico\hs-dtgl.icoimage
MD5:3658E23960727FC6A5D3B38C872B9789
SHA256:DE9034D94B5EAE696749C05E6688A2F6F6C62F79ACB71F7E3B09695EB1A0C6FF
5972nasnavi-311.exeC:\BUFFALO\nasnavi-311\Module\ico\hs-dhtgl.icoimage
MD5:41B68AF59756A2694E763500E1696958
SHA256:786570D9C469506951B052666A9A2EC1E6366331BAFDDC3DFB209AFDD64AF2F6
5972nasnavi-311.exeC:\BUFFALO\nasnavi-311\Module\ico\ls-gl.icoimage
MD5:5409EAB2CB7D24CB7164C4B6BDD8CC5A
SHA256:8AE4E4B010C6BB4FD61E9D492FFD7402AB267BE999B714F6E208E6EF5091EDB3
5972nasnavi-311.exeC:\BUFFALO\nasnavi-311\Module\ico\ls-avl.icoimage
MD5:3B04A8929EF1BC14CEEE100C20424E12
SHA256:7181BE22F5E19AAA75C04DECD67917D3C0ED9C05E1E92E873B803CE5FDD5FA6B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
33
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
8076
BackgroundTransferHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6988
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
6620
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6620
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
40.126.31.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
2112
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6988
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6988
backgroundTaskHost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
whitelisted
google.com
  • 216.58.206.78
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
login.live.com
  • 40.126.31.71
  • 20.190.159.71
  • 40.126.31.1
  • 20.190.159.2
  • 20.190.159.64
  • 40.126.31.128
  • 40.126.31.73
  • 40.126.31.67
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
www.bing.com
  • 2.23.227.208
  • 2.23.227.215
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
nasnavi-311.exe