File name:

XBatteryStatus.msi

Full analysis: https://app.any.run/tasks/ccdb3db5-472a-48b2-95da-5152047191de
Verdict: Malicious activity
Analysis date: May 16, 2025, 16:53:50
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
generated-doc
advancedinstaller
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {B603525A-A16C-481C-ADDD-3DCA167B97AA}, Number of Words: 2, Subject: XBatteryStatus, Author: Nova_Max, Name of Creating Application: XBatteryStatus, Template: x64;1033, Comments: This installer database contains the logic and data required to install XBatteryStatus., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Thu Jul 11 21:03:40 2024, Last Saved Time/Date: Thu Jul 11 21:03:40 2024, Last Printed: Thu Jul 11 21:03:40 2024, Number of Pages: 450
MD5:

01AD3A31145A1F69C44E086BEAA78DF6

SHA1:

25F035E76152CCBE886C441F88B4E309F3388038

SHA256:

FE19584241070E2A9DD0F96678F370A3EED4964A89B67CBBAF5E26F903F413DB

SSDEEP:

98304:G9ISSVSpk0N/2WsYqr0V5RZlTvJ9jwPe42yStSq9x3LAknaM8tIGnIr830oIqAbt:DPu4sUSj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • msiexec.exe (PID: 6632)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 4892)

  • SUSPICIOUS

    • Detects AdvancedInstaller (YARA)

      • msiexec.exe (PID: 7376)
      • msiexec.exe (PID: 7232)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 6632)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 5800)

    • Process drops legitimate windows executable

      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 3240)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 5800)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 4892)
      • msiexec.exe (PID: 7468)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 5800)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 4892)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 3240)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 5800)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 4892)

    • Searches for installed software

      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 5800)

    • Starts itself from another location

      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 5800)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 4892)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 7468)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 7468)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 7468)

    • Executes as Windows Service

      • VSSVC.exe (PID: 7924)

  • INFO

    • An automatically generated document

      • msiexec.exe (PID: 7376)

    • The sample compiled with english language support

      • msiexec.exe (PID: 7376)
      • msiexec.exe (PID: 7232)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 3240)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 4892)
      • msiexec.exe (PID: 7468)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 5800)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 7376)
      • msiexec.exe (PID: 7232)
      • msiexec.exe (PID: 7468)

    • Checks supported languages

      • msiexec.exe (PID: 7468)
      • msiexec.exe (PID: 7508)
      • msiexec.exe (PID: 6632)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 3240)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 5800)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 4892)
      • msiexec.exe (PID: 7692)
      • msiexec.exe (PID: 7788)
      • msiexec.exe (PID: 7820)
      • msiexec.exe (PID: 7804)

    • Reads the computer name

      • msiexec.exe (PID: 7468)
      • msiexec.exe (PID: 7508)
      • msiexec.exe (PID: 6632)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 5800)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 4892)
      • msiexec.exe (PID: 7692)
      • msiexec.exe (PID: 7788)
      • msiexec.exe (PID: 7804)
      • msiexec.exe (PID: 7820)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 6632)
      • msiexec.exe (PID: 7468)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 4892)

    • Create files in a temporary directory

      • msiexec.exe (PID: 7376)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 3240)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 5800)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 4892)

    • Checks proxy server information

      • msiexec.exe (PID: 6632)

    • Reads the software policy settings

      • msiexec.exe (PID: 6632)
      • slui.exe (PID: 7588)
      • msiexec.exe (PID: 7468)

    • Manual execution by a user

      • msiexec.exe (PID: 7232)
      • Taskmgr.exe (PID: 4024)
      • Taskmgr.exe (PID: 7840)

    • Reads Environment values

      • msiexec.exe (PID: 6632)
      • msiexec.exe (PID: 7508)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 6632)
      • msiexec.exe (PID: 7468)

    • Process checks computer location settings

      • msiexec.exe (PID: 6632)
      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 5800)

    • Creates files in the program directory

      • windowsdesktop-runtime-5.0.17-win-x64.exe (PID: 4892)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 7468)

    • Manages system restore points

      • SrTasks.exe (PID: 3300)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 7468)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (81.9)
.mst | Windows SDK Setup Transform Script (9.2)
.msp | Windows Installer Patch (7.6)
.msi | Microsoft Installer (100)

EXIF

FlashPix

Security: None
CodePage: Windows Latin 1 (Western European)
RevisionNumber: {B603525A-A16C-481C-ADDD-3DCA167B97AA}
Words: 2
Subject: XBatteryStatus
Author: Nova_Max
LastModifiedBy: -
Software: XBatteryStatus
Template: x64;1033
Comments: This installer database contains the logic and data required to install XBatteryStatus.
Title: Installation Database
Keywords: Installer, MSI, Database
CreateDate: 2024:07:11 21:03:40
ModifyDate: 2024:07:11 21:03:40
LastPrinted: 2024:07:11 21:03:40
Pages: 450
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
164
Monitored processes
24
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe msiexec.exe no specs sppextcomobj.exe no specs slui.exe rundll32.exe no specs msiexec.exe msiexec.exe windowsdesktop-runtime-5.0.17-win-x64.exe windowsdesktop-runtime-5.0.17-win-x64.exe windowsdesktop-runtime-5.0.17-win-x64.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs slui.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs msi6e36.tmp no specs xbatterystatus.exe taskmgr.exe no specs taskmgr.exe

Process information

PID
CMD
Path
Indicators
Parent process
1616C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
3240"C:\Users\admin\AppData\Roaming\Nova_Max\XBatteryStatus\prerequisites\.NET 5.0\windowsdesktop-runtime-5.0.17-win-x64.exe" C:\Users\admin\AppData\Roaming\Nova_Max\XBatteryStatus\prerequisites\.NET 5.0\windowsdesktop-runtime-5.0.17-win-x64.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Desktop Runtime - 5.0.17 (x64)
Exit code:
0
Version:
5.0.17.31219
Modules
Images
c:\users\admin\appdata\roaming\nova_max\xbatterystatus\prerequisites\.net 5.0\windowsdesktop-runtime-5.0.17-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
3300C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3332\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4024"C:\WINDOWS\system32\taskmgr.exe" /4C:\Windows\System32\Taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Manager
Exit code:
3221226540
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
4892"C:\Users\admin\AppData\Local\Temp\{55D74C05-F8A6-45F7-87DF-4CE7EAC4AAA3}\.be\windowsdesktop-runtime-5.0.17-win-x64.exe" -q -burn.elevated BurnPipe.{3058348D-A03A-4AF1-A725-339C7581A352} {7CEC83C3-A134-4E21-9501-C35C97458D4D} 5800C:\Users\admin\AppData\Local\Temp\{55D74C05-F8A6-45F7-87DF-4CE7EAC4AAA3}\.be\windowsdesktop-runtime-5.0.17-win-x64.exe
windowsdesktop-runtime-5.0.17-win-x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Windows Desktop Runtime - 5.0.17 (x64)
Exit code:
0
Version:
5.0.17.31219
Modules
Images
c:\users\admin\appdata\local\temp\{55d74c05-f8a6-45f7-87df-4ce7eac4aaa3}\.be\windowsdesktop-runtime-5.0.17-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5600"C:\Program Files\Nova_Max\XBatteryStatus\XBatteryStatus.exe" C:\Program Files\Nova_Max\XBatteryStatus\XBatteryStatus.exe
MSI6E36.tmp
User:
admin
Company:
XBatteryStatus
Integrity Level:
MEDIUM
Description:
XBatteryStatus
Version:
1.3.4.0
Modules
Images
c:\program files\nova_max\xbatterystatus\xbatterystatus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5800"C:\Users\admin\AppData\Local\Temp\{A4C01CC6-B0A4-4F82-94FB-1625E9EBC135}\.cr\windowsdesktop-runtime-5.0.17-win-x64.exe" -burn.clean.room="C:\Users\admin\AppData\Roaming\Nova_Max\XBatteryStatus\prerequisites\.NET 5.0\windowsdesktop-runtime-5.0.17-win-x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=552 C:\Users\admin\AppData\Local\Temp\{A4C01CC6-B0A4-4F82-94FB-1625E9EBC135}\.cr\windowsdesktop-runtime-5.0.17-win-x64.exe
windowsdesktop-runtime-5.0.17-win-x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Desktop Runtime - 5.0.17 (x64)
Exit code:
0
Version:
5.0.17.31219
Modules
Images
c:\users\admin\appdata\local\temp\{a4c01cc6-b0a4-4f82-94fb-1625e9ebc135}\.cr\windowsdesktop-runtime-5.0.17-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
6632C:\Windows\syswow64\MsiExec.exe -Embedding 841BE4AE02DB7396A605C52EC496B98B CC:\Windows\SysWOW64\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
7036"C:\WINDOWS\Installer\MSI6E36.tmp" /DontWait "C:\Program Files\Nova_Max\XBatteryStatus\XBatteryStatus.exe"C:\Windows\Installer\MSI6E36.tmpmsiexec.exe
User:
admin
Company:
Caphyon LTD
Integrity Level:
MEDIUM
Description:
File that launches another file
Exit code:
0
Version:
21.5.1.0
Modules
Images
c:\windows\installer\msi6e36.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\ucrtbase.dll
Total events
18 412
Read events
17 158
Write events
1 174
Delete events
80

Modification events

(PID) Process:(7508) msiexec.exeKey:HKEY_CURRENT_USER\SOFTWARE\Nova_Max AiTemp
Operation:delete valueName:{38C08490-E237-4D5B-82C0-32EBE4DB2E76}
Value:
(PID) Process:(7508) msiexec.exeKey:HKEY_CURRENT_USER\SOFTWARE\Nova_Max AiTemp
Operation:delete keyName:(default)
Value:
(PID) Process:(7508) msiexec.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Operation:delete valueName:{38C08490-E237-4D5B-82C0-32EBE4DB2E76}
Value:
(PID) Process:(6632) msiexec.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:{38C08490-E237-4D5B-82C0-32EBE4DB2E76}
Value:
C:\WINDOWS\system32\msiexec.exe /i "C:\Users\admin\Downloads\XBatteryStatus.msi" ADDLOCAL=MainFeature,A9DBE469DEED46998DA553406739ED74
(PID) Process:(4892) windowsdesktop-runtime-5.0.17-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20d5df4e-006c-4d6d-a0dc-490d009b9786}
Operation:writeName:BundleCachePath
Value:
C:\ProgramData\Package Cache\{20d5df4e-006c-4d6d-a0dc-490d009b9786}\windowsdesktop-runtime-5.0.17-win-x64.exe
(PID) Process:(4892) windowsdesktop-runtime-5.0.17-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20d5df4e-006c-4d6d-a0dc-490d009b9786}
Operation:writeName:BundleUpgradeCode
Value:
{695B6546-5CD6-7EE3-0917-5416920CF5C7}
(PID) Process:(4892) windowsdesktop-runtime-5.0.17-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20d5df4e-006c-4d6d-a0dc-490d009b9786}
Operation:writeName:BundleAddonCode
Value:
(PID) Process:(4892) windowsdesktop-runtime-5.0.17-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20d5df4e-006c-4d6d-a0dc-490d009b9786}
Operation:writeName:BundleDetectCode
Value:
(PID) Process:(4892) windowsdesktop-runtime-5.0.17-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20d5df4e-006c-4d6d-a0dc-490d009b9786}
Operation:writeName:BundlePatchCode
Value:
(PID) Process:(4892) windowsdesktop-runtime-5.0.17-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20d5df4e-006c-4d6d-a0dc-490d009b9786}
Operation:writeName:BundleVersion
Value:
5.0.17.31219
Executable files
559
Suspicious files
94
Text files
37
Unknown types
0

Dropped files

PID
Process
Filename
Type
7376msiexec.exeC:\Users\admin\AppData\Local\Temp\MSIBF89.tmpexecutable
MD5:D0C9613582605F3793FDAD7279DE428B
SHA256:8BD84F1156EBDFA44AFAAC8A4579BA56A8C7513E3D51E00822167EA144923726
7376msiexec.exeC:\Users\admin\AppData\Local\Temp\MSIF039.tmpexecutable
MD5:BDA4A367E26991C32F566D8A171A2821
SHA256:BD67B69D62B8CF2A65BD97A55EA20A3F8206E264CC4956F0A12AB5BC83EF5AB9
7232msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI15AB.tmpexecutable
MD5:D0C9613582605F3793FDAD7279DE428B
SHA256:8BD84F1156EBDFA44AFAAC8A4579BA56A8C7513E3D51E00822167EA144923726
7376msiexec.exeC:\Users\admin\AppData\Local\Temp\MSIEFE9.tmpexecutable
MD5:BDA4A367E26991C32F566D8A171A2821
SHA256:BD67B69D62B8CF2A65BD97A55EA20A3F8206E264CC4956F0A12AB5BC83EF5AB9
7376msiexec.exeC:\Users\admin\AppData\Local\Temp\MSIC190.tmpexecutable
MD5:D0C9613582605F3793FDAD7279DE428B
SHA256:8BD84F1156EBDFA44AFAAC8A4579BA56A8C7513E3D51E00822167EA144923726
7376msiexec.exeC:\Users\admin\AppData\Local\Temp\MSIF009.tmpexecutable
MD5:BDA4A367E26991C32F566D8A171A2821
SHA256:BD67B69D62B8CF2A65BD97A55EA20A3F8206E264CC4956F0A12AB5BC83EF5AB9
6632msiexec.exeC:\Users\admin\AppData\Roaming\Nova_Max\XBatteryStatus\prerequisites\.NET 5.0\windowsdesktop-runtime-5.0.17-win-x64.exe.part
MD5:
SHA256:
6632msiexec.exeC:\Users\admin\AppData\Roaming\Nova_Max\XBatteryStatus\prerequisites\.NET 5.0\windowsdesktop-runtime-5.0.17-win-x64.exe
MD5:
SHA256:
7376msiexec.exeC:\Users\admin\AppData\Local\Temp\MSIC1A0.tmpexecutable
MD5:D0C9613582605F3793FDAD7279DE428B
SHA256:8BD84F1156EBDFA44AFAAC8A4579BA56A8C7513E3D51E00822167EA144923726
7232msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI1659.tmpexecutable
MD5:BDA4A367E26991C32F566D8A171A2821
SHA256:BD67B69D62B8CF2A65BD97A55EA20A3F8206E264CC4956F0A12AB5BC83EF5AB9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
39
DNS requests
25
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4692
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7468
msiexec.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4692
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6632
msiexec.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
7468
msiexec.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.16.168.124:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
5496
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.160.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4692
SIHClient.exe
20.12.23.50:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 216.58.212.174
whitelisted
crl.microsoft.com
  • 2.16.168.124
  • 2.16.168.114
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 23.35.229.160
  • 95.101.149.131
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.160.130
  • 20.190.160.17
  • 20.190.160.66
  • 40.126.32.68
  • 20.190.160.131
  • 40.126.32.140
  • 40.126.32.136
  • 20.190.160.65
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted
download.visualstudio.microsoft.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
XBatteryStatus.msi