File name:

dll-helper-install__25.exe

Full analysis: https://app.any.run/tasks/6d70541e-c808-4fed-b499-4e6ec949715b
Verdict: Malicious activity
Analysis date: May 20, 2024, 10:35:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F4E193158ACF48A7C1D515A3AEE89989

SHA1:

4037E0AF4142D73CEE6D449D2D4F446A5888857E

SHA256:

24DCC6BBD95E0FB0B685204D9FFB661A202F373A563F016CD0BFF5F15F887A24

SSDEEP:

98304:76YbmW/bHIqqZQShCW9C1yZ8sGLouK0rfWH6FlGAgf7yaYXR3/r+2svO3abwWcyX:YkUwFxA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • dll-helper-install__25.exe (PID: 3964)
      • dll-helper-install__25.exe (PID: 2044)
      • vcredist_x86.exe (PID: 1616)
      • vcredist_x86.exe (PID: 2012)
      • msiexec.exe (PID: 1868)

    • Changes the autorun value in the registry

      • vcredist_x86.exe (PID: 1616)

    • Creates a writable file in the system directory

      • msiexec.exe (PID: 1868)

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • dll-helper-install__25.exe (PID: 3964)
      • dll-helper-install__25.exe (PID: 2044)

    • Reads security settings of Internet Explorer

      • dll-helper-install__25.exe (PID: 3964)
      • dll-helper-install__25.exe (PID: 2044)
      • vcredist_x86.exe (PID: 1616)

    • Reads the Internet Settings

      • dll-helper-install__25.exe (PID: 3964)
      • dll-helper-install__25.exe (PID: 2044)
      • vcredist_x86.exe (PID: 1616)

    • Reads Internet Explorer settings

      • dll-helper-install__25.exe (PID: 3964)
      • dll-helper-install__25.exe (PID: 2044)

    • Application launched itself

      • dll-helper-install__25.exe (PID: 3964)
      • vcredist_x86.exe (PID: 1616)

    • Reads settings of System Certificates

      • dll-helper-install__25.exe (PID: 2044)
      • vcredist_x86.exe (PID: 1616)
      • ProxymaDataSetup.exe (PID: 2692)

    • Executable content was dropped or overwritten

      • dll-helper-install__25.exe (PID: 2044)
      • vcredist_x86.exe (PID: 1616)
      • vcredist_x86.exe (PID: 2012)

    • Adds/modifies Windows certificates

      • dll-helper-install__25.exe (PID: 2044)

    • Process drops legitimate windows executable

      • dll-helper-install__25.exe (PID: 2044)
      • vcredist_x86.exe (PID: 2012)
      • vcredist_x86.exe (PID: 1616)
      • msiexec.exe (PID: 1868)

    • Creates a software uninstall entry

      • dll-helper-install__25.exe (PID: 2044)
      • vcredist_x86.exe (PID: 1616)

    • Starts a Microsoft application from unusual location

      • vcredist_x86.exe (PID: 1616)
      • vcredist_x86.exe (PID: 2012)

    • Searches for installed software

      • vcredist_x86.exe (PID: 1616)
      • vcredist_x86.exe (PID: 2012)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1132)

    • Checks Windows Trust Settings

      • vcredist_x86.exe (PID: 1616)
      • msiexec.exe (PID: 1868)
      • dll-helper-install__25.exe (PID: 2044)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 1868)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 1868)

  • INFO

    • Checks supported languages

      • dll-helper-install__25.exe (PID: 3964)
      • dll-helper-install__25.exe (PID: 2044)
      • wmpnscfg.exe (PID: 304)
      • vcredist_x86.exe (PID: 1616)
      • vcredist_x86.exe (PID: 2012)
      • msiexec.exe (PID: 1868)
      • ProxymaDataSetup.exe (PID: 2692)
      • DllHelper.exe (PID: 1028)

    • Reads the computer name

      • dll-helper-install__25.exe (PID: 3964)
      • dll-helper-install__25.exe (PID: 2044)
      • wmpnscfg.exe (PID: 304)
      • vcredist_x86.exe (PID: 1616)
      • vcredist_x86.exe (PID: 2012)
      • msiexec.exe (PID: 1868)
      • ProxymaDataSetup.exe (PID: 2692)
      • DllHelper.exe (PID: 1028)

    • Reads the machine GUID from the registry

      • dll-helper-install__25.exe (PID: 3964)
      • dll-helper-install__25.exe (PID: 2044)
      • vcredist_x86.exe (PID: 1616)
      • msiexec.exe (PID: 1868)
      • ProxymaDataSetup.exe (PID: 2692)
      • DllHelper.exe (PID: 1028)

    • Checks proxy server information

      • dll-helper-install__25.exe (PID: 3964)
      • dll-helper-install__25.exe (PID: 2044)

    • Process checks whether UAC notifications are on

      • dll-helper-install__25.exe (PID: 2044)

    • Reads the software policy settings

      • dll-helper-install__25.exe (PID: 2044)
      • vcredist_x86.exe (PID: 1616)
      • msiexec.exe (PID: 1868)
      • ProxymaDataSetup.exe (PID: 2692)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 304)
      • msedge.exe (PID: 2972)

    • Creates files in the program directory

      • dll-helper-install__25.exe (PID: 2044)
      • vcredist_x86.exe (PID: 1616)
      • ProxymaDataSetup.exe (PID: 2692)
      • DllHelper.exe (PID: 1028)

    • Create files in a temporary directory

      • dll-helper-install__25.exe (PID: 2044)
      • vcredist_x86.exe (PID: 2012)
      • msiexec.exe (PID: 1868)
      • vcredist_x86.exe (PID: 1616)

    • Creates files or folders in the user directory

      • vcredist_x86.exe (PID: 1616)
      • dll-helper-install__25.exe (PID: 2044)
      • DllHelper.exe (PID: 1028)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 1868)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 1868)

    • Application launched itself

      • msedge.exe (PID: 2740)
      • msedge.exe (PID: 2972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:05:15 11:32:11+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 4756992
InitializedDataSize: 7288832
UninitializedDataSize: -
EntryPoint: 0x401a72
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.4.9.0
ProductVersionNumber: 3.4.9.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: ROSTPAY LTD.
FileDescription: Install DllHelper
InternalName: DllHelperInstaller
LegalCopyright: © ROSTPAY LTD. All rights reserved.
OriginalFileName: DllHelperInstaller.exe
ProductName: DllHelper
FileVersion: 3.4.9
ProductVersion: 3.4.9
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
73
Monitored processes
34
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dll-helper-install__25.exe no specs dll-helper-install__25.exe wmpnscfg.exe no specs vcredist_x86.exe vcredist_x86.exe vssvc.exe no specs msiexec.exe proxymadatasetup.exe dllhelper.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
304"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
616"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3340 --field-trial-handle=1308,i,12835451275731628496,16667943493279602705,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
692"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1308,i,12835451275731628496,16667943493279602705,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
752"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1424 --field-trial-handle=1308,i,12835451275731628496,16667943493279602705,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
768"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3940 --field-trial-handle=1308,i,12835451275731628496,16667943493279602705,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1028"C:\Program Files\DllHelper\DllHelper.exe" C:\Program Files\DllHelper\DllHelper.exe
dll-helper-install__25.exe
User:
admin
Company:
ROSTPAY LTD
Integrity Level:
HIGH
Description:
DllHelper
Version:
1.1.1.1712
Modules
Images
c:\program files\dllhelper\dllhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1132C:\Windows\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1616"C:\Users\admin\AppData\Local\Temp\DllHelper\vcredist_x86.exe" /quiet /norestartC:\Users\admin\AppData\Local\Temp\DllHelper\vcredist_x86.exe
dll-helper-install__25.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
Exit code:
0
Version:
12.0.40664.0
Modules
Images
c:\users\admin\appdata\local\temp\dllhelper\vcredist_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1868C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2012"C:\Users\admin\AppData\Local\Temp\DllHelper\vcredist_x86.exe" /quiet /norestart -burn.unelevated BurnPipe.{CFCDE589-32FB-46D0-84AF-72C4A6F1785C} {2A2F6593-AEDE-4A5C-819F-09E31B1217F6} 1616C:\Users\admin\AppData\Local\Temp\DllHelper\vcredist_x86.exe
vcredist_x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
Exit code:
0
Version:
12.0.40664.0
Modules
Images
c:\users\admin\appdata\local\temp\dllhelper\vcredist_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
41 870
Read events
40 593
Write events
971
Delete events
306

Modification events

(PID) Process:(3964) dll-helper-install__25.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3964) dll-helper-install__25.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3964) dll-helper-install__25.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3964) dll-helper-install__25.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3964) dll-helper-install__25.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3964) dll-helper-install__25.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3964) dll-helper-install__25.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2044) dll-helper-install__25.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2044) dll-helper-install__25.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2044) dll-helper-install__25.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
Executable files
119
Suspicious files
138
Text files
375
Unknown types
10

Dropped files

PID
Process
Filename
Type
2044dll-helper-install__25.exeC:\Program Files\DllHelper\DllHelperUninstaller.exeexecutable
MD5:4AC41C2F51E3EE69F06C9F6A38FA3784
SHA256:7BA1C47944F58D7BD94B86FF4102FA9A9418546095AF76468F6BDD563858AEAC
2044dll-helper-install__25.exeC:\Program Files\DllHelper\d3dcompiler_47.dllexecutable
MD5:C5B362BCE86BB0AD3149C4540201331D
SHA256:EFBDBBCD0D954F8FDC53467DE5D89AD525E4E4A9CFFF8A15D07C6FDB350C407F
2044dll-helper-install__25.exeC:\Program Files\DllHelper\Images\DllHelperLogo.pngimage
MD5:A434D6346C8232A5C4406807CD0D921A
SHA256:AE9906FC8339C15010894887FCB76AE0EA167C006370B3222D0456CEC3A8729C
2044dll-helper-install__25.exeC:\Program Files\DllHelper\DllHelper.exebinary
MD5:3F2AA0AF7E866025E6120EBBCE195C18
SHA256:603541E915D5AD2508EA30DD3E24B94B1616C46C34E335282A57DFA5A2EC43CB
2044dll-helper-install__25.exeC:\Program Files\DllHelper\imageformats\qgif.dllexecutable
MD5:CD04C37F552AA6FF4E8F707D49B85793
SHA256:40462E48DA9DF043EFDAB6A17F95C23E1C71DA2FD51B00C8003E73FEEA33A0B2
2044dll-helper-install__25.exeC:\Program Files\DllHelper\libcurl.dllexecutable
MD5:E5064ADFBC48E3FB81F09E7B8E78D49D
SHA256:4BFCAEE356CF1B99D3DBC03D42018FCFC29271C6A72B373343D24C45A7569489
2044dll-helper-install__25.exeC:\Program Files\DllHelper\Qt5Network.dllexecutable
MD5:0E899AEFF3613D823B5460790EEBF7C7
SHA256:32FB909A9008D2EF33CF0B24ADC06B3629B1E1AA441B5A86739FEE97C2634361
2044dll-helper-install__25.exeC:\Program Files\DllHelper\Qt5Gui.dllexecutable
MD5:A962CAFC19ADF96E58383324883EBEAA
SHA256:63294C22404AFE318DEB52489429EF6FB08CD249C4E5674544AAC9AA52501F4D
2044dll-helper-install__25.exeC:\Program Files\DllHelper\Qt5Qml.dllexecutable
MD5:9CCFC04318D80E6DDFAF052038598A17
SHA256:6D060872C67CA53E51D80CAA04E462967FD4FCA8B38F43496D7825C9A1D7A124
2044dll-helper-install__25.exeC:\Program Files\DllHelper\Qt5Quick.dllexecutable
MD5:8F4709796005CCE936ED23AFB034B440
SHA256:A95ACD1CF71590AF546F125A3E14B1870FDB8FDDD61EE0F18934B82609A8C3B4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
56
DNS requests
42
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1616
vcredist_x86.exe
GET
304
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e3dfadf1f9a61222
unknown
unknown
1616
vcredist_x86.exe
GET
200
2.19.217.218:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
unknown
1616
vcredist_x86.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1616
vcredist_x86.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
unknown
unknown
1616
vcredist_x86.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
unknown
unknown
2044
dll-helper-install__25.exe
GET
200
2.19.217.103:80
http://x1.c.lencr.org/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown
2044
dll-helper-install__25.exe
188.130.153.33:443
api.az-partners.net
Rostpay Ltd
RU
unknown
1616
vcredist_x86.exe
199.232.210.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
1616
vcredist_x86.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1616
vcredist_x86.exe
2.19.217.218:80
www.microsoft.com
Akamai International B.V.
NL
unknown
2692
ProxymaDataSetup.exe
185.147.81.209:443
api.proxymadata.com
Miran Ltd.
RU
unknown
2044
dll-helper-install__25.exe
2.19.217.103:80
x1.c.lencr.org
Akamai International B.V.
NL
unknown
3296
msedge.exe
188.130.153.40:443
multipassword.com
Rostpay Ltd
RU
unknown

DNS requests

Domain
IP
Reputation
api.az-partners.net
  • 188.130.153.33
  • 188.130.153.32
unknown
www.dllhelper.net
  • 188.130.153.33
  • 188.130.153.32
unknown
www.az-partners.net
  • 188.130.153.33
  • 188.130.153.32
malicious
ctldl.windowsupdate.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 2.19.217.218
whitelisted
api.proxymadata.com
  • 185.147.81.209
unknown
www.proxymadata.com
  • 185.147.81.209
unknown
x1.c.lencr.org
  • 2.19.217.103
whitelisted
multipassword.com
  • 188.130.153.40
  • 188.130.153.41
unknown

Threats

PID
Process
Class
Message
3296
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] A free CDN for open source projects (jsdelivr .net)
Process
Message
DllHelper.exe
QWindowsEGLStaticContext::create: When using ANGLE, check if d3dcompiler_4x.dll is available
DllHelper.exe
QWindowsEGLStaticContext::create: Could not initialize EGL display: error 0x3001
DllHelper.exe
qrc:///main.qml:155:13: QML Rectangle: Binding loop detected for property "height"
DllHelper.exe
qrc:///main.qml:155:13: QML Rectangle: Binding loop detected for property "width"
DllHelper.exe
qrc:///main.qml:155:13: QML Rectangle: Binding loop detected for property "width"
DllHelper.exe
qrc:///main.qml:155:13: QML Rectangle: Binding loop detected for property "width"
DllHelper.exe
qrc:///main.qml:155:13: QML Rectangle: Binding loop detected for property "height"
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dll-helper-install__25.exe