File name:

DCSB_4.0.0.9.exe

Full analysis: https://app.any.run/tasks/71572480-646d-426b-8b2b-c5235b48022b
Verdict: Malicious activity
Analysis date: January 11, 2025, 00:06:15
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
obfuscated-js
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

08249B3F3D1623717D28E072094CCAD9

SHA1:

58E0E645E96B2D7D7F2B5F78DFE51DAF035510CC

SHA256:

D39DB773D0D16D73E170E4F7A0C5FE2EBE4C93AB605A36F52FF3FB2D0F4B7104

SSDEEP:

24576:YyuyCQHKa7Qo2OY470pg04SlZz+Uic8/g3WwpqpCdCTGuZhK2OLDdg:1jCWKa7Qo2OY470pg04SlZz+Uic8/g3g

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Changes the autorun value in the registry

      • reg.exe (PID: 7876)
  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • DCSB.exe (PID: 6984)
      • Skype.exe (PID: 7648)
    • Malware-specific behavior (creating "System.dll" in Temp)

      • DCSB_4.0.0.9.exe (PID: 6428)
    • The process creates files with name similar to system file names

      • DCSB_4.0.0.9.exe (PID: 6428)
    • Executable content was dropped or overwritten

      • DCSB_4.0.0.9.exe (PID: 6428)
    • Creates a software uninstall entry

      • DCSB_4.0.0.9.exe (PID: 6428)
    • Process drops legitimate windows executable

      • DCSB_4.0.0.9.exe (PID: 6428)
    • Uses REG/REGEDIT.EXE to modify registry

      • Skype.exe (PID: 7648)
    • Application launched itself

      • Skype.exe (PID: 7648)
    • Detected use of alternative data streams (AltDS)

      • Skype.exe (PID: 7648)
  • INFO

    • Creates files in the program directory

      • DCSB.exe (PID: 6984)
      • DCSB_4.0.0.9.exe (PID: 6428)
    • Disables trace logs

      • DCSB.exe (PID: 6984)
    • Reads the computer name

      • DCSB.exe (PID: 6984)
      • DCSB_4.0.0.9.exe (PID: 6428)
      • Skype.exe (PID: 7648)
    • Checks supported languages

      • DCSB_4.0.0.9.exe (PID: 6428)
      • DCSB.exe (PID: 6984)
      • Skype.exe (PID: 7648)
      • Skype.exe (PID: 7988)
      • Skype.exe (PID: 7548)
    • Checks proxy server information

      • DCSB.exe (PID: 6984)
      • Skype.exe (PID: 7648)
    • Reads the software policy settings

      • DCSB.exe (PID: 6984)
      • Skype.exe (PID: 7648)
    • Create files in a temporary directory

      • DCSB_4.0.0.9.exe (PID: 6428)
    • Application launched itself

      • firefox.exe (PID: 6452)
      • firefox.exe (PID: 1224)
    • Reads the machine GUID from the registry

      • DCSB.exe (PID: 6984)
      • Skype.exe (PID: 7648)
    • Manual execution by a user

      • firefox.exe (PID: 6452)
    • Reads CPU info

      • Skype.exe (PID: 7648)
    • Process checks computer location settings

      • Skype.exe (PID: 7988)
      • Skype.exe (PID: 7648)
      • Skype.exe (PID: 7548)
    • Creates files or folders in the user directory

      • Skype.exe (PID: 7648)
      • Skype.exe (PID: 7988)
      • Skype.exe (PID: 7868)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:16 00:50:56+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 25600
InitializedDataSize: 162816
UninitializedDataSize: 1024
EntryPoint: 0x326b
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
168
Monitored processes
39
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start dcsb_4.0.0.9.exe dcsb.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs openwith.exe no specs skype.exe skype.exe no specs skype.exe no specs skype.exe reg.exe conhost.exe no specs skype.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs skype.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs dcsb_4.0.0.9.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
5432"C:\Users\admin\AppData\Local\Temp\DCSB_4.0.0.9.exe" C:\Users\admin\AppData\Local\Temp\DCSB_4.0.0.9.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\dcsb_4.0.0.9.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6428"C:\Users\admin\AppData\Local\Temp\DCSB_4.0.0.9.exe" C:\Users\admin\AppData\Local\Temp\DCSB_4.0.0.9.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\dcsb_4.0.0.9.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6984"C:\Program Files (x86)\Deathcounter and Soundboard\DCSB.exe"C:\Program Files (x86)\Deathcounter and Soundboard\DCSB.exe
DCSB_4.0.0.9.exe
User:
admin
Company:
Kalejin
Integrity Level:
HIGH
Description:
DCSB
Exit code:
0
Version:
4.0.0.9
Modules
Images
c:\program files (x86)\deathcounter and soundboard\dcsb.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
6452"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\crypt32.dll
1224"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
520"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1900 -parentBuildID 20240213221259 -prefsHandle 1840 -prefMapHandle 1836 -prefsLen 31031 -prefMapSize 244583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {507ece9b-9e4b-43b6-8d63-36cb21f3e3b5} 1224 "\\.\pipe\gecko-crash-server-pipe.1224" 22a516eab10 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140_1.dll
3144"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2060 -parentBuildID 20240213221259 -prefsHandle 2152 -prefMapHandle 2148 -prefsLen 31031 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {514ea78b-5fc5-4e3f-b4e9-97672c3b3391} 1224 "\\.\pipe\gecko-crash-server-pipe.1224" 22a44680710 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
4388"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2784 -childID 1 -isForBrowser -prefsHandle 2720 -prefMapHandle 2800 -prefsLen 31447 -prefMapSize 244583 -jsInitHandle 1540 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50ad8594-476f-4e27-9283-b0851ce9cdaf} 1224 "\\.\pipe\gecko-crash-server-pipe.1224" 22a5623af50 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
6704"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -childID 2 -isForBrowser -prefsHandle 4324 -prefMapHandle 4320 -prefsLen 36588 -prefMapSize 244583 -jsInitHandle 1540 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6b44dbe-e79f-402b-80e6-5c28a72036b2} 1224 "\\.\pipe\gecko-crash-server-pipe.1224" 22a586d44d0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
7116"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2656 -parentBuildID 20240213221259 -sandboxingKind 0 -prefsHandle 2652 -prefMapHandle 2236 -prefsLen 37989 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9964dc93-9932-4e86-bb7a-d8f4da95fd05} 1224 "\\.\pipe\gecko-crash-server-pipe.1224" 22a599c8910 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
Total events
23 341
Read events
23 291
Write events
32
Delete events
18

Modification events

(PID) Process:(6428) DCSB_4.0.0.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DCSB
Operation:writeName:DisplayName
Value:
Deathcounter and Soundboard
(PID) Process:(6428) DCSB_4.0.0.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DCSB
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\Deathcounter and Soundboard\uninstall.exe"
(PID) Process:(6428) DCSB_4.0.0.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DCSB
Operation:writeName:QuietUninstallString
Value:
"C:\Program Files (x86)\Deathcounter and Soundboard\uninstall.exe" /S
(PID) Process:(6428) DCSB_4.0.0.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DCSB
Operation:writeName:Publisher
Value:
Kalejin
(PID) Process:(6428) DCSB_4.0.0.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DCSB
Operation:writeName:DisplayVersion
Value:
4.0.0.9
(PID) Process:(6428) DCSB_4.0.0.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DCSB
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\Deathcounter and Soundboard\DCSB.exe
(PID) Process:(6428) DCSB_4.0.0.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DCSB
Operation:writeName:EstimatedSize
Value:
1697
(PID) Process:(6428) DCSB_4.0.0.9.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DCSB
Operation:writeName:InstallLocation
Value:
"C:\Program Files (x86)\Deathcounter and Soundboard"
(PID) Process:(6984) DCSB.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DCSB_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6984) DCSB.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DCSB_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
Executable files
24
Suspicious files
193
Text files
40
Unknown types
0

Dropped files

PID
Process
Filename
Type
6428DCSB_4.0.0.9.exeC:\Users\admin\AppData\Local\Temp\nsf56FE.tmp\InstallOptions.dllexecutable
MD5:5D425526856CBDB7B14C75DF417B6EF3
SHA256:AAACC7EF5CB2BAF2338AC8E8479227E0A6336A6509119543680EFA1DCDBAE6A6
6428DCSB_4.0.0.9.exeC:\Program Files (x86)\Deathcounter and Soundboard\DCSB.Utils.dllexecutable
MD5:AFC7148A94B0ADDFF7258579CCBC4268
SHA256:F8EAD606BACB4FBF4C777A09CF50275210020EE4102A6E1C191521474A2E09C0
6428DCSB_4.0.0.9.exeC:\Program Files (x86)\Deathcounter and Soundboard\DCSB.SoundPlayer.dllexecutable
MD5:5C624D955270CF4C6BF8A7E376065271
SHA256:E2F8766931F4C81B59B79990720ED11C52B42AFBB19DB9DD4A957AD33D84DFCC
6428DCSB_4.0.0.9.exeC:\Program Files (x86)\Deathcounter and Soundboard\DCSB.ViewModels.dllexecutable
MD5:8E1062C7174BF620B011976C24F1C6E3
SHA256:9420C5964D1C20EBAA603A9A1658AC11F007D5B741B1AF98AE7010C3C5687393
6428DCSB_4.0.0.9.exeC:\Program Files (x86)\Deathcounter and Soundboard\DCSB.Models.dllexecutable
MD5:4789A95AE263346E177D290CABECDFED
SHA256:2F932429A33881C4BCF201E5708871434E8378B8405F870683A079E53390342D
6428DCSB_4.0.0.9.exeC:\Program Files (x86)\Deathcounter and Soundboard\uninstall.exeexecutable
MD5:90900A4C8850CB765C00D1A8B0BA4CE2
SHA256:BB65474C574300F34E8B505CA8EAFC7C1A3EA92CC2C6175686EE7A3F637ED45C
6428DCSB_4.0.0.9.exeC:\Users\admin\AppData\Local\Temp\nsf56FE.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
6428DCSB_4.0.0.9.exeC:\Users\admin\AppData\Local\Temp\nsf56FE.tmp\ioSpecial.initext
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
6428DCSB_4.0.0.9.exeC:\Program Files (x86)\Deathcounter and Soundboard\DCSB.Input.dllexecutable
MD5:FD056420A06D194EEF19BBFC5E611F6C
SHA256:76F66B5ADCCFBBA9C810234331B3FBC08460CBF38FC2B4B357C1E1B342410ADA
6428DCSB_4.0.0.9.exeC:\Program Files (x86)\Deathcounter and Soundboard\DCSB.Icons.dllexecutable
MD5:6310704D43D121C3ACBD5281F4716BE0
SHA256:445337C0768DF9D2EB5408EEDEC739C66E67CFFA261775F4478CFFABEA832D35
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
62
TCP/UDP connections
161
DNS requests
188
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1224
firefox.exe
POST
200
142.250.185.67:80
http://o.pki.goog/wr2
unknown
whitelisted
1224
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
1224
firefox.exe
POST
200
184.24.77.48:80
http://r10.o.lencr.org/
unknown
whitelisted
1224
firefox.exe
POST
200
184.24.77.48:80
http://r10.o.lencr.org/
unknown
whitelisted
1224
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1224
firefox.exe
POST
200
184.24.77.48:80
http://r10.o.lencr.org/
unknown
whitelisted
1224
firefox.exe
POST
200
184.24.77.48:80
http://r11.o.lencr.org/
unknown
whitelisted
1224
firefox.exe
POST
142.250.185.67:80
http://o.pki.goog/wr2
unknown
whitelisted
1224
firefox.exe
POST
200
184.24.77.48:80
http://r11.o.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
92.123.104.31:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1176
svchost.exe
20.190.160.20:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 2.23.246.101
whitelisted
google.com
  • 142.250.185.206
whitelisted
www.bing.com
  • 92.123.104.31
  • 92.123.104.38
  • 92.123.104.34
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.160.20
  • 40.126.32.133
  • 40.126.32.72
  • 20.190.160.17
  • 40.126.32.136
  • 40.126.32.138
  • 40.126.32.134
  • 40.126.32.76
  • 40.126.31.73
  • 40.126.31.71
  • 40.126.31.69
  • 20.190.159.71
  • 20.190.159.4
  • 20.190.159.68
  • 20.190.159.73
  • 20.190.159.75
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
api.github.com
  • 140.82.121.6
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted

Threats

No threats detected
No debug info