File name:

GlassWireSetup.exe

Full analysis: https://app.any.run/tasks/56dab9dd-41f0-445d-8a76-8eeeba990428
Verdict: Malicious activity
Analysis date: May 18, 2025, 18:34:46
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

D4F00E685D637E999243AD5AA96C3ED2

SHA1:

7995C07CFFA3C4E631D0FFD196FC5C24C4F315BC

SHA256:

F6A21594C80BA4AA5DCAC7DE02628C7DE01AE8505F38BF9F89CECC2DC27DF49C

SSDEEP:

786432:3KqTn83X1gWIJ3+4CTKRP4rRvQsOkUtrHQblTugaU8Zbg54:3AgN+4CTKRPYGkUtrHutJN28e

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts NET.EXE for service management

      • net.exe (PID: 968)
      • GlassWireSetup.exe (PID: 7680)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • GlassWireSetup.exe (PID: 7680)

    • Process drops legitimate windows executable

      • GlassWireSetup.exe (PID: 7680)
      • vc_redist.x86.exe (PID: 7808)
      • vc_redist.x86.exe (PID: 7784)
      • VC_redist.x86.exe (PID: 7856)
      • msiexec.exe (PID: 4120)
      • VC_redist.x86.exe (PID: 5256)

    • The process creates files with name similar to system file names

      • GlassWireSetup.exe (PID: 7680)

    • Starts a Microsoft application from unusual location

      • vc_redist.x86.exe (PID: 7784)
      • VC_redist.x86.exe (PID: 7856)
      • vc_redist.x86.exe (PID: 7808)

    • Executable content was dropped or overwritten

      • GlassWireSetup.exe (PID: 7680)
      • vc_redist.x86.exe (PID: 7784)
      • vc_redist.x86.exe (PID: 7808)
      • VC_redist.x86.exe (PID: 7856)
      • VC_redist.x86.exe (PID: 5048)
      • VC_redist.x86.exe (PID: 5256)
      • rundll32.exe (PID: 4464)
      • drvinst.exe (PID: 2800)
      • drvinst.exe (PID: 4488)

    • Reads security settings of Internet Explorer

      • vc_redist.x86.exe (PID: 7808)

    • Starts itself from another location

      • vc_redist.x86.exe (PID: 7808)

    • Executes as Windows Service

      • VSSVC.exe (PID: 7944)
      • GWCtlSrv.exe (PID: 5020)

    • Searches for installed software

      • vc_redist.x86.exe (PID: 7808)
      • dllhost.exe (PID: 7900)

    • Application launched itself

      • VC_redist.x86.exe (PID: 2960)
      • VC_redist.x86.exe (PID: 5048)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 4120)

    • Drops a system driver (possible attempt to evade defenses)

      • GlassWireSetup.exe (PID: 7680)
      • rundll32.exe (PID: 4464)
      • drvinst.exe (PID: 2800)

    • There is functionality for taking screenshot (YARA)

      • GlassWireSetup.exe (PID: 7680)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • GlassWireSetup.exe (PID: 7680)
      • wevtutil.exe (PID: 6392)

    • Explorer used for Indirect Command Execution

      • explorer.exe (PID: 660)

    • Uses RUNDLL32.EXE to load library

      • GlassWireSetup.exe (PID: 7680)

  • INFO

    • The sample compiled with english language support

      • GlassWireSetup.exe (PID: 7680)
      • vc_redist.x86.exe (PID: 7784)
      • vc_redist.x86.exe (PID: 7808)
      • VC_redist.x86.exe (PID: 7856)
      • msiexec.exe (PID: 4120)
      • VC_redist.x86.exe (PID: 5048)
      • VC_redist.x86.exe (PID: 5256)

    • Checks supported languages

      • GlassWireSetup.exe (PID: 7680)
      • vc_redist.x86.exe (PID: 7784)
      • vc_redist.x86.exe (PID: 7808)
      • VC_redist.x86.exe (PID: 7856)

    • Create files in a temporary directory

      • GlassWireSetup.exe (PID: 7680)
      • vc_redist.x86.exe (PID: 7808)

    • Reads the computer name

      • vc_redist.x86.exe (PID: 7784)
      • VC_redist.x86.exe (PID: 7856)
      • vc_redist.x86.exe (PID: 7808)

    • Process checks computer location settings

      • vc_redist.x86.exe (PID: 7808)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4120)

    • Manages system restore points

      • SrTasks.exe (PID: 5404)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:15+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x351c
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 3.5.821.0
ProductVersionNumber: 3.5.821.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: GlassWire
FileDescription: GlassWire Setup
FileVersion: 3,5,821,0
LegalCopyright: (c) 2025 GlassWire
OriginalFileName: glasswire-setup-3.5.821.0-full.exe
ProductName: GlassWire
ProductVersion: 3,5,821,0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
174
Monitored processes
44
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start glasswiresetup.exe vc_redist.x86.exe vc_redist.x86.exe vc_redist.x86.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe vc_redist.x86.exe no specs vc_redist.x86.exe vc_redist.x86.exe slui.exe gwinstst.exe rundll32.exe drvinst.exe drvinst.exe runonce.exe no specs grpconv.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs gwctlsrv.exe conhost.exe no specs gwcrashpadhandler.exe no specs gwctlsrv.exe conhost.exe no specs gwcrashpadhandler.exe no specs gwctlsrv.exe gwcrashpadhandler.exe no specs gwidlmon.exe conhost.exe no specs gwcrashpadhandler.exe no specs explorer.exe no specs explorer.exe no specs glasswire.exe gwcrashpadhandler.exe no specs gwidlmon.exe conhost.exe no specs gwcrashpadhandler.exe no specs glasswiresetup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
660"C:\WINDOWS\explorer.exe" "C:\Program Files (x86)\GlassWire\glasswire.exe"C:\Windows\explorer.exeGlassWireSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Explorer
Exit code:
1
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
684\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exewevtutil.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968"C:\WINDOWS\system32\net.exe" start gwdrvC:\Windows\System32\net.exeGlassWireSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1168\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2084"C:\Program Files (x86)\GlassWire\GWCrashpadHandler.exe" --no-rate-limit --database=C:\ProgramData\glasswire\.sentry-native\system-service --metrics-dir=C:\ProgramData\glasswire\.sentry-native\system-service --url=https://o987771.ingest.us.sentry.io:443/api/4507899343601664/minidump/?sentry_client=sentry.native/0.7.8&sentry_key=04e57d3832851252464860012085bbb2 --attachment=C:\ProgramData\glasswire\.sentry-native\system-service\7ccf9baf-afad-423f-974e-751c38af2f9c.run\__sentry-event --attachment=C:\ProgramData\glasswire\.sentry-native\system-service\7ccf9baf-afad-423f-974e-751c38af2f9c.run\__sentry-breadcrumb1 --attachment=C:\ProgramData\glasswire\.sentry-native\system-service\7ccf9baf-afad-423f-974e-751c38af2f9c.run\__sentry-breadcrumb2 --initial-client-data=0x364,0x368,0x36c,0x340,0x370,0x207f94c,0x207f960,0x207f970C:\Program Files (x86)\GlassWire\GWCrashpadHandler.exeGWCtlSrv.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Modules
Images
c:\program files (x86)\glasswire\gwcrashpadhandler.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
2136"C:\Program Files (x86)\GlassWire\GWCtlSrv.exe" "-s"C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
GlassWireSetup.exe
User:
admin
Company:
GlassWire
Integrity Level:
HIGH
Description:
GlassWire Control Service
Exit code:
0
Version:
3.5.821.0
Modules
Images
c:\program files (x86)\glasswire\gwctlsrv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2152"C:\Program Files (x86)\GlassWire\GlassWire.exe" C:\Program Files (x86)\GlassWire\GlassWire.exe
explorer.exe
User:
admin
Company:
GlassWire
Integrity Level:
MEDIUM
Description:
GlassWire
Version:
3.5.821.0
Modules
Images
c:\program files (x86)\glasswire\glasswire.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
2800DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{edd5494f-332a-7944-8eeb-48e615e6755e}\gwdrv.inf" "9" "4e7eab47b" "00000000000001D4" "WinSta0\Default" "00000000000001DC" "208" "C:\WINDOWS\system32\drivers"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
2960"C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={4373d0b5-4457-4a80-bad9-029de8df097b} -burn.filehandle.self=1124 -burn.embedded BurnPipe.{88A2A0DD-B433-4B86-84A9-EF38717C5190} {4B71ED56-27A6-40C9-B026-7100399D19BD} 7856C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exeVC_redist.x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
Modules
Images
c:\programdata\package cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3676C:\WINDOWS\system32\net1 start gwdrvC:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ucrtbase.dll
Total events
54 850
Read events
53 836
Write events
725
Delete events
289

Modification events

(PID) Process:(7900) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000282D61A523C8DB01DC1E0000F41E0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7856) VC_redist.x86.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4000000000000000F5C65EA523C8DB01B01E0000B41E0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7900) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000C799B4A523C8DB01DC1E0000F41E0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7900) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000C799B4A523C8DB01DC1E0000F41E0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7900) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
48000000000000000B63B9A523C8DB01DC1E0000F41E0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7900) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000815CBEA523C8DB01DC1E0000F41E0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7900) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
4800000000000000828C7DA623C8DB01DC1E0000F41E0000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7900) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
480000000000000004447FA623C8DB01DC1E0000E41F0000E80300000100000000000000000000001964C2EA07EC46479B7870F663FFE32900000000000000000000000000000000
(PID) Process:(7944) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Leave)
Value:
4800000000000000C3B394A623C8DB01081F0000AC100000E80300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7944) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Operation:delete keyName:(default)
Value:
Executable files
103
Suspicious files
121
Text files
95
Unknown types
0

Dropped files

PID
Process
Filename
Type
7680GlassWireSetup.exeC:\Users\admin\AppData\Local\Temp\nsa10B7.tmp\System.dllexecutable
MD5:192639861E3DC2DC5C08BB8F8C7260D5
SHA256:23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
7680GlassWireSetup.exeC:\Users\admin\AppData\Local\Temp\nsa10B7.tmp\vc_redist.x86.exeexecutable
MD5:D38126688B5647BF209606D07A90C2E6
SHA256:ED1967C2AC27D806806D121601B526F84E497AE1B99ED139C0C4C6B50147DF4A
7680GlassWireSetup.exeC:\Users\admin\AppData\Local\Temp\nsa10B7.tmp\nsihelper.dllexecutable
MD5:7CBD37CB483D5DE89448CF0E8BA24C17
SHA256:7024CA515DDCC1B2883F34D8528DE203DD0AD699FB7615FDE4E93F73DA8C5213
7808vc_redist.x86.exeC:\Windows\Temp\{9FC718EA-E34C-431C-BBA1-991597465F96}\.ba\1028\thm.wxlxml
MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
SHA256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
7680GlassWireSetup.exeC:\Users\admin\AppData\Local\Temp\nsa10B7.tmp\GWInstSt.exeexecutable
MD5:3165072385F1C183BF25FFC27D67685A
SHA256:C3FC3942BE83E3EA62B1802304C1DA542E11AEA73EA148E9EC5FCC267A619B83
7808vc_redist.x86.exeC:\Windows\Temp\{9FC718EA-E34C-431C-BBA1-991597465F96}\.ba\1029\thm.wxlxml
MD5:16343005D29EC431891B02F048C7F581
SHA256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
7784vc_redist.x86.exeC:\Windows\Temp\{3DD4C0A9-B833-4A20-95CD-6C41EF635934}\.cr\vc_redist.x86.exeexecutable
MD5:38B9328B53A786141DC7D54992AA03BC
SHA256:32E2651799071C5E6C51BDAF0DF7823526B25B2F34C01F9472BB159044D62C11
7808vc_redist.x86.exeC:\Windows\Temp\{9FC718EA-E34C-431C-BBA1-991597465F96}\.ba\thm.xmlxml
MD5:F62729C6D2540015E072514226C121C7
SHA256:F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
7808vc_redist.x86.exeC:\Windows\Temp\{9FC718EA-E34C-431C-BBA1-991597465F96}\.ba\thm.wxlxml
MD5:FBFCBC4DACC566A3C426F43CE10907B6
SHA256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
7808vc_redist.x86.exeC:\Windows\Temp\{9FC718EA-E34C-431C-BBA1-991597465F96}\.ba\1029\license.rtftext
MD5:E7DC9CA9474A13FA4529D91BCD2AB8CC
SHA256:503C433DCDE2F3A9E7D388A5FF2B0612E7D8F90F5188D5B2B60228DB33044FDE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
90
DNS requests
28
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2104
svchost.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
8024
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
8024
SIHClient.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
8024
SIHClient.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
8024
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8024
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
8024
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
2104
svchost.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
2104
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
20.190.159.75:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
  • 20.73.194.208
whitelisted
google.com
  • 172.217.18.14
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
crl.microsoft.com
  • 2.16.168.114
  • 2.16.168.124
  • 23.48.23.173
  • 23.48.23.166
  • 23.48.23.177
  • 23.48.23.176
  • 23.48.23.193
  • 23.48.23.194
  • 23.48.23.180
  • 23.48.23.164
  • 23.48.23.147
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 2.23.246.101
  • 23.52.120.96
whitelisted
login.live.com
  • 20.190.159.75
  • 20.190.159.0
  • 40.126.31.71
  • 40.126.31.128
  • 20.190.159.129
  • 40.126.31.0
  • 20.190.159.4
  • 40.126.31.130
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GlassWireSetup.exe