File name:

ndp472-kb4054531-web.exe

Full analysis: https://app.any.run/tasks/f4ccebde-58a6-4b65-bb61-0104b8919abf
Verdict: Malicious activity
Analysis date: May 15, 2024, 23:26:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

B3844D880D71DE6D787190D2E378101B

SHA1:

0E1EC7C7E9E2C7678DB5548DE80FC5C57F97DDE2

SHA256:

151B1C11F625E7122D517B6A1778841DF8FF168D931C41730F59B9E4B8BCBE36

SSDEEP:

24576:FGHL3siy9LluSmtLvUDSRbm4Jah1rVxXmBz5px03LG5gPMmtM5KoZm6/ZcCUT:aL3s7p9eTUDBzrVxofxAG55o6/CCk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ndp472-kb4054531-web.exe (PID: 4088)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • ndp472-kb4054531-web.exe (PID: 3976)
      • ndp472-kb4054531-web.exe (PID: 4088)

    • Process drops legitimate windows executable

      • ndp472-kb4054531-web.exe (PID: 4088)

    • Executable content was dropped or overwritten

      • ndp472-kb4054531-web.exe (PID: 4088)

    • Reads security settings of Internet Explorer

      • Setup.exe (PID: 2108)

    • Checks Windows Trust Settings

      • Setup.exe (PID: 2108)

    • Reads settings of System Certificates

      • Setup.exe (PID: 2108)

    • Reads the Internet Settings

      • Setup.exe (PID: 2108)

  • INFO

    • Reads the computer name

      • ndp472-kb4054531-web.exe (PID: 4088)
      • Setup.exe (PID: 2108)
      • SetupUtility.exe (PID: 1184)
      • wmpnscfg.exe (PID: 2136)
      • SetupUtility.exe (PID: 1764)
      • SetupUtility.exe (PID: 1580)
      • SetupUtility.exe (PID: 312)

    • Checks supported languages

      • ndp472-kb4054531-web.exe (PID: 4088)
      • Setup.exe (PID: 2108)
      • SetupUtility.exe (PID: 1184)
      • SetupUtility.exe (PID: 1580)
      • wmpnscfg.exe (PID: 2136)
      • SetupUtility.exe (PID: 1764)
      • SetupUtility.exe (PID: 312)

    • Create files in a temporary directory

      • ndp472-kb4054531-web.exe (PID: 4088)
      • Setup.exe (PID: 2108)

    • Reads CPU info

      • Setup.exe (PID: 2108)

    • Reads Environment values

      • Setup.exe (PID: 2108)

    • Reads the machine GUID from the registry

      • Setup.exe (PID: 2108)
      • ndp472-kb4054531-web.exe (PID: 4088)
      • SetupUtility.exe (PID: 1184)
      • SetupUtility.exe (PID: 312)

    • Reads the software policy settings

      • Setup.exe (PID: 2108)

    • Creates files or folders in the user directory

      • Setup.exe (PID: 2108)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2136)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:07:16 21:09:16+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 160256
InitializedDataSize: 29184
UninitializedDataSize: -
EntryPoint: 0x18ee7
OSVersion: 5.1
ImageVersion: 10
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 4.7.3081.0
ProductVersionNumber: 4.7.3081.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Microsoft .NET Framework 4.7.2 Setup
FileVersion: 4.7.03081.00
InternalName: NDP472-KB4054531-Web.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: NDP472-KB4054531-Web.exe
ProductName: Microsoft .NET Framework 4.7.2
ProductVersion: 4.7.03081.00
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
8
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ndp472-kb4054531-web.exe setup.exe setuputility.exe no specs wmpnscfg.exe no specs setuputility.exe no specs setuputility.exe no specs setuputility.exe no specs ndp472-kb4054531-web.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
312SetupUtility.exe /auresumeC:\626c10ad59b290460fa977\SetupUtility.exeSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft .NET Framework 4.5 Setup
Exit code:
0
Version:
14.7.3081.0 built by: NET472REL1
Modules
Images
c:\626c10ad59b290460fa977\setuputility.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1184SetupUtility.exe /aupauseC:\626c10ad59b290460fa977\SetupUtility.exeSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft .NET Framework 4.5 Setup
Exit code:
0
Version:
14.7.3081.0 built by: NET472REL1
Modules
Images
c:\626c10ad59b290460fa977\setuputility.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1580SetupUtility.exe /msureboot 461833C:\626c10ad59b290460fa977\SetupUtility.exeSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft .NET Framework 4.5 Setup
Exit code:
0
Version:
14.7.3081.0 built by: NET472REL1
Modules
Images
c:\626c10ad59b290460fa977\setuputility.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1764SetupUtility.exe /screbootC:\626c10ad59b290460fa977\SetupUtility.exeSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft .NET Framework 4.5 Setup
Exit code:
0
Version:
14.7.3081.0 built by: NET472REL1
Modules
Images
c:\626c10ad59b290460fa977\setuputility.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2108C:\626c10ad59b290460fa977\\Setup.exe /x86 /x64 /webC:\626c10ad59b290460fa977\Setup.exe
ndp472-kb4054531-web.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Setup Installer
Exit code:
0
Version:
14.7.3081.0 built by: NET472REL1
Modules
Images
c:\626c10ad59b290460fa977\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\626c10ad59b290460fa977\setupengine.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
2136"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3976"C:\Users\admin\AppData\Local\Temp\ndp472-kb4054531-web.exe" C:\Users\admin\AppData\Local\Temp\ndp472-kb4054531-web.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft .NET Framework 4.7.2 Setup
Exit code:
3221226540
Version:
4.7.03081.00
Modules
Images
c:\users\admin\appdata\local\temp\ndp472-kb4054531-web.exe
c:\windows\system32\ntdll.dll
4088"C:\Users\admin\AppData\Local\Temp\ndp472-kb4054531-web.exe" C:\Users\admin\AppData\Local\Temp\ndp472-kb4054531-web.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft .NET Framework 4.7.2 Setup
Exit code:
0
Version:
4.7.03081.00
Modules
Images
c:\users\admin\appdata\local\temp\ndp472-kb4054531-web.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
Total events
6 547
Read events
6 520
Write events
20
Delete events
7

Modification events

(PID) Process:(2108) Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
3C0800008CEE52491FA7DA01
(PID) Process:(2108) Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
7E202971B076808DB6C5BD319C7E90B7AC72933C63D1292C6DAE3828D19C3E97
(PID) Process:(2108) Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(2108) Setup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2108) Setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
Operation:delete valueName:9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Value:
(PID) Process:(2108) Setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2108) Setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
1400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D70300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB60F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D8200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2108) Setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
190000000100000010000000BCC80DAA2F98A4692805BFF4CBB372EB0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB61400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D7200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2108) Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Sequence
Value:

(PID) Process:(2108) Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:SessionHash
Value:
⁾焩皰趀얶ㆽ纜랐犬㲓텣Ⱙ깭⠸鳑霾
Executable files
29
Suspicious files
5
Text files
81
Unknown types
0

Dropped files

PID
Process
Filename
Type
4088ndp472-kb4054531-web.exeC:\626c10ad59b290460fa977\Graphics\Rotate10.icoimage
MD5:0CCA04A3468575FDCEFEE9957E32F904
SHA256:B94E68C711B3B06D9A63C80AD013C7C7BBDB5F8E82CBC866B246FF22D99B03FE
4088ndp472-kb4054531-web.exeC:\626c10ad59b290460fa977\Graphics\SysReqMet.icoimage
MD5:889472312E724195D7B946EECAEA20C1
SHA256:C9CA53F83A5CC10F726248D47FF82981B584B3FF62EE591229A8237C11340991
4088ndp472-kb4054531-web.exeC:\626c10ad59b290460fa977\Graphics\Print.icoimage
MD5:D39BAD9DDA7B91613CB29B6BD55F0901
SHA256:D80FFEB020927F047C11FC4D9F34F985E0C7E5DFEA9FB23F2BC134874070E4E6
4088ndp472-kb4054531-web.exeC:\626c10ad59b290460fa977\Graphics\Save.icoimage
MD5:C66BBE8F84496EF85F7AF6BED5212CEC
SHA256:1372C7F132595DDAD210C617E44FEDFF7A990A9E8974CC534CA80D897DD15ABD
4088ndp472-kb4054531-web.exeC:\626c10ad59b290460fa977\Graphics\Rotate1.icoimage
MD5:9B70C7FA81DCA6D3B992037D0C251D92
SHA256:18226B9D56D2B1C070A2C606428892773CB00B5B4B95397E79D01DE26685CCD4
4088ndp472-kb4054531-web.exeC:\626c10ad59b290460fa977\DisplayIcon.icoimage
MD5:F9657D290048E169FFABBBB9C7412BE0
SHA256:B74AD253B9B8F9FCADE725336509143828EE739CC2B24782BE3ECFF26F229160
4088ndp472-kb4054531-web.exeC:\626c10ad59b290460fa977\Graphics\SysReqNotMet.icoimage
MD5:ECA24331CE0850D188BD2EB5C22DE684
SHA256:DEBA0A7A6E2CA99D3380D35AE33F8D266806FDBCBF75FB06B5718BE5873258F6
4088ndp472-kb4054531-web.exeC:\626c10ad59b290460fa977\Graphics\Rotate9.icoimage
MD5:8853DA1F831CAE28E59D45F5E51885AC
SHA256:0203C7D678464641C016DC3D658ABA0A68F20B9A141D6E3EE1820C5B8B6401DB
4088ndp472-kb4054531-web.exeC:\626c10ad59b290460fa977\watermark.bmpimage
MD5:B0075CEE80173D764C0237E840BA5879
SHA256:AB18374B3AAB10E5979E080D0410579F9771DB888BA1B80A5D81BA8896E2D33A
4088ndp472-kb4054531-web.exeC:\626c10ad59b290460fa977\Graphics\Rotate2.icoimage
MD5:F824905E5501603E6720B784ADD71BDD
SHA256:D15A6F1EEFEFE4F9CD51B7B22E9C7B07C7ACAD72FD53E5F277E6D4E0976036C3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
5
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2108
Setup.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c3a30193aac673ab
unknown
unknown
2108
Setup.exe
GET
200
104.85.249.145:80
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
unknown
unknown
2108
Setup.exe
GET
200
104.85.249.145:80
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2108
Setup.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
2108
Setup.exe
104.85.249.145:80
crl.microsoft.com
Akamai International B.V.
PL
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
crl.microsoft.com
  • 104.85.249.145
  • 104.85.249.160
whitelisted

Threats

No threats detected
Process
Message
Setup.exe
The operation completed successfully.
Setup.exe
The operation completed successfully.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ndp472-kb4054531-web.exe