File name:

Application_YD63W_WN32_3.5.1004.0_A00_01.EXE

Full analysis: https://app.any.run/tasks/20accf5e-fef5-46be-952a-c4f9c46d9b44
Verdict: Malicious activity
Analysis date: April 29, 2025, 22:21:18
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

CB2F61736B73E6360A08DE12422B76A4

SHA1:

2CC2CBCFF26E1EF7A3C5615B6CC534F2CF70B45D

SHA256:

2B4BA882DEB7EA6A63B555A0D001BE94767904ACECBA5849EAFE4B035E1F1F2F

SSDEEP:

98304:lC1DZcdGL+hNLlbMsfM+eFfOiH0PpoEx2w+hNThn/b8UzDV8ZBeEhAoJp7phXl6z:2jF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 6036)
      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 5392)

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 6036)

    • Reads security settings of Internet Explorer

      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 6036)
      • DeliveryService.exe (PID: 1388)

    • Executable content was dropped or overwritten

      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 6036)
      • miniunz.exe (PID: 2392)
      • rundll32.exe (PID: 664)

    • Reads Internet Explorer settings

      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 6036)

    • Adds/modifies Windows certificates

      • msiexec.exe (PID: 5392)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 4268)

    • Executes as Windows Service

      • DeliveryService.exe (PID: 1388)

  • INFO

    • The sample compiled with english language support

      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 6036)

    • Creates files in the program directory

      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 6036)
      • miniunz.exe (PID: 2392)
      • msiexec.exe (PID: 5392)
      • DeliveryService.exe (PID: 1388)

    • Checks supported languages

      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 6036)
      • miniunz.exe (PID: 2392)
      • msiexec.exe (PID: 960)
      • DeliveryService.exe (PID: 1388)
      • msiexec.exe (PID: 4268)

    • Checks proxy server information

      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 6036)
      • msiexec.exe (PID: 5392)

    • Reads the computer name

      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 6036)
      • msiexec.exe (PID: 4268)
      • msiexec.exe (PID: 960)
      • DeliveryService.exe (PID: 1388)

    • Process checks computer location settings

      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 6036)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 5392)

    • Reads the software policy settings

      • msiexec.exe (PID: 5392)
      • msiexec.exe (PID: 4268)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4268)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 4268)
      • DeliveryService.exe (PID: 1388)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4268)

    • Creates files or folders in the user directory

      • Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe (PID: 6036)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (17.3)
.dll | Win32 Dynamic Link Library (generic) (4.1)
.exe | Win32 Executable (generic) (2.8)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:06:09 10:09:55+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 3830272
InitializedDataSize: 2111488
UninitializedDataSize: -
EntryPoint: 0x30fbfb
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 103.4.6.59
ProductVersionNumber: 3.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Dell Inc.
FileDescription: Update Package: Dell Digital Delivery Application, 3.5.1004.0, A00
FileVersion: 003.000.000.000
InternalName: DUPFramework.exe
LegalCopyright: Copyright (C) Dell Inc. 2003. All rights reserved.
OriginalFileName: DUPFramework.exe
ProductName: Dell Digital Delivery Application, 3.5.1004.0, A00
ProductVersion: 3.5.1004.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
141
Monitored processes
11
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start application_yd63w_wn32_3.5.1004.0_a00_01.exe.exe sppextcomobj.exe no specs slui.exe miniunz.exe conhost.exe no specs msiexec.exe msiexec.exe msiexec.exe no specs rundll32.exe deliveryservice.exe no specs application_yd63w_wn32_3.5.1004.0_a00_01.exe.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
664rundll32.exe "C:\WINDOWS\Installer\MSIE457.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1107109 2 DetectAlienware!DetectAlienware.CustomActions.DetectAlienwareC:\Windows\SysWOW64\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
960C:\Windows\syswow64\MsiExec.exe -Embedding CE85F0E3D14F08909EB2CCBAD2AE1578C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1388"C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe"C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exeservices.exe
User:
SYSTEM
Company:
Dell Products, LP.
Integrity Level:
SYSTEM
Description:
Dell Digital Delivery Windows Service
Version:
3.5.1004
Modules
Images
c:\program files (x86)\dell digital delivery\deliveryservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
2392 -x C:\Users\admin\Desktop\APPLIC~1.EXE -o -d C:\PROGRA~3\dell\drivers\APPLIC~1.EXEC:\ProgramData\Dell\drivers\Application_YD63W_WN32_3.5.1004.0_A00_01.EXE\miniunz.exe
Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\programdata\dell\drivers\application_yd63w_wn32_3.5.1004.0_a00_01.exe\miniunz.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
4268C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5392"C:\Users\admin\Desktop\Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe" C:\Users\admin\Desktop\Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exeexplorer.exe
User:
admin
Company:
Dell Inc.
Integrity Level:
MEDIUM
Description:
Update Package: Dell Digital Delivery Application, 3.5.1004.0, A00
Exit code:
3221226540
Version:
003.000.000.000
Modules
Images
c:\users\admin\desktop\application_yd63w_wn32_3.5.1004.0_a00_01.exe.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
5392"C:\Windows\System32\msiexec.exe" /i DellDigitalDelivery.3.5.1004.0.msi /log C:\ProgramData\dell\drivers\Application_YD63W_WN32_3.5.1004.0_A00_01.EXE\DUPD9C8.tmpC:\Windows\SysWOW64\msiexec.exe
Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6032C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
6036"C:\Users\admin\Desktop\Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe" C:\Users\admin\Desktop\Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exe
explorer.exe
User:
admin
Company:
Dell Inc.
Integrity Level:
HIGH
Description:
Update Package: Dell Digital Delivery Application, 3.5.1004.0, A00
Exit code:
0
Version:
003.000.000.000
Modules
Images
c:\users\admin\desktop\application_yd63w_wn32_3.5.1004.0_a00_01.exe.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6640\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeminiunz.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
15 222
Read events
15 024
Write events
184
Delete events
14

Modification events

(PID) Process:(6036) Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6036) Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6036) Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(5392) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Operation:delete valueName:8CF427FD790C3AD166068DE81E57EFBB932272D4
Value:
(PID) Process:(5392) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4
Operation:writeName:Blob
Value:
0400000001000000100000004BE2C99196650CF40E5A9392A00AFEB21D0000000100000010000000521B5F4582C1DCAAE381B05E37CA2D340B000000010000001800000045006E00740072007500730074002E006E006500740000007F000000010000002C000000302A060A2B0601040182370A030406082B0601050507030506082B0601050507030606082B06010505070307090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F0000000100000020000000FDE5F2D9CE2026E1E10064C0A468C9F355B90ACF85BAF5CE6F52D4016837FD940300000001000000140000008CF427FD790C3AD166068DE81E57EFBB932272D4190000000100000010000000FA46CE7CBB85CFB4310075313A09EE05530000000100000041000000303F3020060A6086480186FA6C0A010230123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C062000000010000002000000043DF5774B03E7FEF5FE40D931A7BEDF1BB2E6B42738C4E6D3841103D3AA7F3391400000001000000140000006A72267AD01EEF7DE73B6951D46C8D9F901266AB7E000000010000000800000000C001B39667D6012000000001000000420400003082043E30820326A00302010202044A538C28300D06092A864886F70D01010B05003081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D204732301E170D3039303730373137323535345A170D3330313230373137353535345A3081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BA84B672DB9E0C6BE299E93001A776EA32B895411AC9DA614E5872CFFEF68279BF7361060AA527D8B35FD3454E1C72D64E32F2728A0FF78319D06A808000451EB0C7E79ABF1257271CA3682F0A87BD6A6B0E5E65F31C77D5D4858D7021B4B332E78BA2D5863902B1B8D247CEE4C949C43BA7DEFB547D57BEF0E86EC279B23A0B55E250981632135C2F7856C1C294B3F25AE4279A9F24D7C6ECD09B2582E3CCC2C445C58C977A066B2A119FA90A6E483B6FDBD4111942F78F07BFF5535F9C3EF4172CE669AC4E324C6277EAB7E8E5BB34BC198BAE9C51E7B77EB553B13322E56DCF703C1AFAE29B67B683F48DA5AF624C4DE058AC64341203F8B68D946324A4710203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604146A72267AD01EEF7DE73B6951D46C8D9F901266AB300D06092A864886F70D01010B05000382010100799F1D96C6B6793F228D87D3870304606A6B9A2E59897311AC43D1F513FF8D392BC0F2BD4F708CA92FEA17C40B549ED41B9698333CA8AD62A20076AB59696E061D7EC4B9448D98AF12D461DB0A194647F3EBF763C1400540A5D2B7F4B59A36BFA98876880455042B9C877F1A373C7E2DA51AD8D4895ECABDAC3D6CD86DAFD5F3760FCD3B8838229D6C939AC43DBF821B653FA60F5DAAFCE5B215CAB5ADC6BC3DD084E8EA0672B04D393278BF3E119C0BA49D9A21F3F09B0B3078DBC1DC8743FEBC639ACAC5C21CC9C78DFF3B125808E6B63DEC7A2C4EFB8396CE0C3C69875473A473C293FF5110AC155401D8FC05B189A17F74839A49D7DC4E7B8A486F8B45F6
(PID) Process:(5392) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4
Operation:writeName:Blob
Value:
5C0000000100000004000000000800007E000000010000000800000000C001B39667D6011400000001000000140000006A72267AD01EEF7DE73B6951D46C8D9F901266AB62000000010000002000000043DF5774B03E7FEF5FE40D931A7BEDF1BB2E6B42738C4E6D3841103D3AA7F339530000000100000041000000303F3020060A6086480186FA6C0A010230123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C0190000000100000010000000FA46CE7CBB85CFB4310075313A09EE050300000001000000140000008CF427FD790C3AD166068DE81E57EFBB932272D40F0000000100000020000000FDE5F2D9CE2026E1E10064C0A468C9F355B90ACF85BAF5CE6F52D4016837FD94090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703087F000000010000002C000000302A060A2B0601040182370A030406082B0601050507030506082B0601050507030606082B060105050703070B000000010000001800000045006E00740072007500730074002E006E006500740000001D0000000100000010000000521B5F4582C1DCAAE381B05E37CA2D340400000001000000100000004BE2C99196650CF40E5A9392A00AFEB22000000001000000420400003082043E30820326A00302010202044A538C28300D06092A864886F70D01010B05003081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D204732301E170D3039303730373137323535345A170D3330313230373137353535345A3081BE310B300906035504061302555331163014060355040A130D456E74727573742C20496E632E31283026060355040B131F536565207777772E656E74727573742E6E65742F6C6567616C2D7465726D7331393037060355040B1330286329203230303920456E74727573742C20496E632E202D20666F7220617574686F72697A656420757365206F6E6C793132303006035504031329456E747275737420526F6F742043657274696669636174696F6E20417574686F72697479202D20473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BA84B672DB9E0C6BE299E93001A776EA32B895411AC9DA614E5872CFFEF68279BF7361060AA527D8B35FD3454E1C72D64E32F2728A0FF78319D06A808000451EB0C7E79ABF1257271CA3682F0A87BD6A6B0E5E65F31C77D5D4858D7021B4B332E78BA2D5863902B1B8D247CEE4C949C43BA7DEFB547D57BEF0E86EC279B23A0B55E250981632135C2F7856C1C294B3F25AE4279A9F24D7C6ECD09B2582E3CCC2C445C58C977A066B2A119FA90A6E483B6FDBD4111942F78F07BFF5535F9C3EF4172CE669AC4E324C6277EAB7E8E5BB34BC198BAE9C51E7B77EB553B13322E56DCF703C1AFAE29B67B683F48DA5AF624C4DE058AC64341203F8B68D946324A4710203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604146A72267AD01EEF7DE73B6951D46C8D9F901266AB300D06092A864886F70D01010B05000382010100799F1D96C6B6793F228D87D3870304606A6B9A2E59897311AC43D1F513FF8D392BC0F2BD4F708CA92FEA17C40B549ED41B9698333CA8AD62A20076AB59696E061D7EC4B9448D98AF12D461DB0A194647F3EBF763C1400540A5D2B7F4B59A36BFA98876880455042B9C877F1A373C7E2DA51AD8D4895ECABDAC3D6CD86DAFD5F3760FCD3B8838229D6C939AC43DBF821B653FA60F5DAAFCE5B215CAB5ADC6BC3DD084E8EA0672B04D393278BF3E119C0BA49D9A21F3F09B0B3078DBC1DC8743FEBC639ACAC5C21CC9C78DFF3B125808E6B63DEC7A2C4EFB8396CE0C3C69875473A473C293FF5110AC155401D8FC05B189A17F74839A49D7DC4E7B8A486F8B45F6
(PID) Process:(5392) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Operation:delete valueName:503006091D97D4F5AE39F7CBE7927D7D652D3431
Value:
(PID) Process:(5392) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431
Operation:writeName:Blob
Value:
040000000100000010000000EE2931BC327E9AE6E8B5F751B43471901D0000000100000010000000E871723E266F38AF5D49CDA2A502669C0B000000010000001E00000045006E0074007200750073007400200028003200300034003800290000007F000000010000002C000000302A060A2B0601040182370A030406082B0601050507030506082B0601050507030606082B06010505070307090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703080F0000000100000014000000327FC447408DE9BF596F83D4B2FA4B8E3E7097D8030000000100000014000000503006091D97D4F5AE39F7CBE7927D7D652D343119000000010000001000000091FAD483F14848A8A69B18B805CDBB3A530000000100000041000000303F3020060A6086480186FA6C0A010230123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C06200000001000000200000006DC47172E01CBCB0BF62580D895FE2B8AC9AD4F873801E0C10B9C837D21EB17714000000010000001400000055E481D11180BED889B908A331F9A1240916B9707E000000010000000800000000C001B39667D60120000000010000002E0400003082042A30820312A00302010202043863DEF8300D06092A864886F70D01010505003081B431143012060355040A130B456E74727573742E6E65743140303E060355040B14377777772E656E74727573742E6E65742F4350535F3230343820696E636F72702E206279207265662E20286C696D697473206C6961622E2931253023060355040B131C286329203139393920456E74727573742E6E6574204C696D69746564313330310603550403132A456E74727573742E6E65742043657274696669636174696F6E20417574686F7269747920283230343829301E170D3939313232343137353035315A170D3239303732343134313531325A3081B431143012060355040A130B456E74727573742E6E65743140303E060355040B14377777772E656E74727573742E6E65742F4350535F3230343820696E636F72702E206279207265662E20286C696D697473206C6961622E2931253023060355040B131C286329203139393920456E74727573742E6E6574204C696D69746564313330310603550403132A456E74727573742E6E65742043657274696669636174696F6E20417574686F726974792028323034382930820122300D06092A864886F70D01010105000382010F003082010A0282010100AD4D4BA91286B2EAA320071516642A2B4BD1BF0B4A4D8EED8076A567B77840C07342C868C0DB532BDD5EB8769835938B1A9D7C133A0E1F5BB71ECFE524141EB181A98D7DB8CC6B4B03F1020CDCABA54024007F7494A19D0829B3880BF587779D55CDE4C37ED76A64AB851486955B9732506F3DC8BA660CE3FCBDB849C176894919FDC0A8BD89A3672FC69FBC711960B82DE92CC99076667B94E2AF78D665535D3CD69CB2CF2903F92FA450B2D448CE0532558AFDB2644C0EE4980775DB7FDFB9085560853029F97B48A46986E3353F1E865D7A7A15BDEF008E1522541700902693BC0E496891BFF847D39D9542C10E4DDF6F26CFC3182162664370D6D5C007E10203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E0416041455E481D11180BED889B908A331F9A1240916B970300D06092A864886F70D010105050003820101003B9B8F569B30E753997C7A79A74D97D7199590FB061FCA337C46638F966624FA401B2127CAE67273F24FFE3199FDC80C4C6853C680821398FAB6ADDA5D3DF1CE6EF6151194820CEE3F95AF11AB0FD72FDE1F038F572C1EC9BB9A1A4495EB184FA61FCD7D57102F9B04095A84B56ED81D3AE1D69ED16C795E791C14C5E3D04C933B653CEDDF3DBEA6E5951AC3B519C3BD5E5BBBFF23EF6819CB1293275C032D6F30D01EB61AACDE5AF7D1AAA827A6FE7981C479993357BA12B0A9E0426C93CA56DEFE6D840B088B7E8DEAD79821C6F3E73C792F5E9CD14C158DE1EC2237CC9A430B97DC80908DB3679B6F48081556CFBFF12B7C5E9A76E95990C57C8335116551
(PID) Process:(5392) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431
Operation:writeName:Blob
Value:
5C0000000100000004000000000800007E000000010000000800000000C001B39667D60114000000010000001400000055E481D11180BED889B908A331F9A1240916B9706200000001000000200000006DC47172E01CBCB0BF62580D895FE2B8AC9AD4F873801E0C10B9C837D21EB177530000000100000041000000303F3020060A6086480186FA6C0A010230123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C019000000010000001000000091FAD483F14848A8A69B18B805CDBB3A030000000100000014000000503006091D97D4F5AE39F7CBE7927D7D652D34310F0000000100000014000000327FC447408DE9BF596F83D4B2FA4B8E3E7097D8090000000100000054000000305206082B0601050507030206082B06010505070303060A2B0601040182370A030406082B0601050507030406082B0601050507030606082B0601050507030706082B0601050507030106082B060105050703087F000000010000002C000000302A060A2B0601040182370A030406082B0601050507030506082B0601050507030606082B060105050703070B000000010000001E00000045006E0074007200750073007400200028003200300034003800290000001D0000000100000010000000E871723E266F38AF5D49CDA2A502669C040000000100000010000000EE2931BC327E9AE6E8B5F751B434719020000000010000002E0400003082042A30820312A00302010202043863DEF8300D06092A864886F70D01010505003081B431143012060355040A130B456E74727573742E6E65743140303E060355040B14377777772E656E74727573742E6E65742F4350535F3230343820696E636F72702E206279207265662E20286C696D697473206C6961622E2931253023060355040B131C286329203139393920456E74727573742E6E6574204C696D69746564313330310603550403132A456E74727573742E6E65742043657274696669636174696F6E20417574686F7269747920283230343829301E170D3939313232343137353035315A170D3239303732343134313531325A3081B431143012060355040A130B456E74727573742E6E65743140303E060355040B14377777772E656E74727573742E6E65742F4350535F3230343820696E636F72702E206279207265662E20286C696D697473206C6961622E2931253023060355040B131C286329203139393920456E74727573742E6E6574204C696D69746564313330310603550403132A456E74727573742E6E65742043657274696669636174696F6E20417574686F726974792028323034382930820122300D06092A864886F70D01010105000382010F003082010A0282010100AD4D4BA91286B2EAA320071516642A2B4BD1BF0B4A4D8EED8076A567B77840C07342C868C0DB532BDD5EB8769835938B1A9D7C133A0E1F5BB71ECFE524141EB181A98D7DB8CC6B4B03F1020CDCABA54024007F7494A19D0829B3880BF587779D55CDE4C37ED76A64AB851486955B9732506F3DC8BA660CE3FCBDB849C176894919FDC0A8BD89A3672FC69FBC711960B82DE92CC99076667B94E2AF78D665535D3CD69CB2CF2903F92FA450B2D448CE0532558AFDB2644C0EE4980775DB7FDFB9085560853029F97B48A46986E3353F1E865D7A7A15BDEF008E1522541700902693BC0E496891BFF847D39D9542C10E4DDF6F26CFC3182162664370D6D5C007E10203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E0416041455E481D11180BED889B908A331F9A1240916B970300D06092A864886F70D010105050003820101003B9B8F569B30E753997C7A79A74D97D7199590FB061FCA337C46638F966624FA401B2127CAE67273F24FFE3199FDC80C4C6853C680821398FAB6ADDA5D3DF1CE6EF6151194820CEE3F95AF11AB0FD72FDE1F038F572C1EC9BB9A1A4495EB184FA61FCD7D57102F9B04095A84B56ED81D3AE1D69ED16C795E791C14C5E3D04C933B653CEDDF3DBEA6E5951AC3B519C3BD5E5BBBFF23EF6819CB1293275C032D6F30D01EB61AACDE5AF7D1AAA827A6FE7981C479993357BA12B0A9E0426C93CA56DEFE6D840B088B7E8DEAD79821C6F3E73C792F5E9CD14C158DE1EC2237CC9A430B97DC80908DB3679B6F48081556CFBFF12B7C5E9A76E95990C57C8335116551
(PID) Process:(4268) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
AC1000009BB9841355B9DB01
Executable files
49
Suspicious files
27
Text files
11
Unknown types
0

Dropped files

PID
Process
Filename
Type
2392miniunz.exeC:\ProgramData\Dell\drivers\Application_YD63W_WN32_3.5.1004.0_A00_01.EXE\package.xmlbinary
MD5:6A3373C6CFA52B8873B867BF8E9617AE
SHA256:6D4793DE89119D28E485305614A2B3B1D9744C8235B44A13DC7C5CC517F51D23
4268msiexec.exeC:\Windows\Installer\10e205.msiexecutable
MD5:24D5B5CF0D9FCCB1EFE890E6F83AE700
SHA256:4FD19FCD2BFD7EB449624099B13E154952081566A7EC02ED3D447A987C0FFE98
2392miniunz.exeC:\ProgramData\Dell\drivers\Application_YD63W_WN32_3.5.1004.0_A00_01.EXE\mup.xmlxml
MD5:D05C624940A6BAF790F4B3D41982201A
SHA256:42C7030CFA5201838522D693B7254A65E92DFB036B1E7A0B92BD86B1CB99398C
6036Application_YD63W_WN32_3.5.1004.0_A00_01.EXE.exeC:\ProgramData\Dell\drivers\Application_YD63W_WN32_3.5.1004.0_A00_01.EXE\miniunz.exeexecutable
MD5:E766FB50873A6255F6CE015F7E692F22
SHA256:B252EA293FFD0CE83160E27ED98BB94A526C21CB13F26E45E0F3AACA70CA00E0
664rundll32.exeC:\Windows\Installer\MSIE457.tmp-\Microsoft.Deployment.WindowsInstaller.dllexecutable
MD5:5EF88919012E4A3D8A1E2955DC8C8D81
SHA256:3E54286E348EBD3D70EAED8174CCA500455C3E098CDD1FCCB167BC43D93DB29D
4268msiexec.exeC:\Program Files (x86)\Dell Digital Delivery\DeliveryEula.exeexecutable
MD5:4ACB645F4E0A8B586DFABD5AC5C243C6
SHA256:80658490829E7617B93C07F89971A649EFF53F31394C50740E5D32B707BC3FD7
4268msiexec.exeC:\Program Files (x86)\Dell Digital Delivery\DeliveryTray.exebinary
MD5:4DA497119B22994A8E91E4161D20AEBE
SHA256:247C7F9E065B493E4B329CF98B8BC7A835AB28659E3FC648B814905E3E28FFD6
4268msiexec.exeC:\Windows\Temp\~DF2FA3EB21BEA4BE17.TMPbinary
MD5:2991B7B62B06797E979B6AFCA6ACEC49
SHA256:87CBC9D287F9DD32805ADFF77673AAE916EC32CC4C44351DBB20E7E99F53B1B7
4268msiexec.exeC:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe.configxml
MD5:6C05F8C0DF116EB7DB7DEC6BA72B9DC5
SHA256:6E3C6886645D9C3D63A3AFA5854E215A3F1EB7C6C16D6AC1EC654B39CBB8BB39
664rundll32.exeC:\Windows\Installer\MSIE457.tmp-\DetectAlienware.dllexecutable
MD5:C378B163BAA67BE5BFCCFB6BD646E703
SHA256:BB2440CB90183B1864E3F1C5B746254E28ED37EE6045912BDBFA054D53122FF2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
39
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5392
msiexec.exe
GET
404
69.192.162.201:80
http://ocsp.entrust.net/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCDEPBCxwAAAAAUdNz2g%3D%3D
unknown
whitelisted
5392
msiexec.exe
GET
404
23.50.131.88:80
http://crl.entrust.net/g2ca.crl
unknown
whitelisted
5392
msiexec.exe
POST
404
69.192.162.201:80
http://ocsp.entrust.net/
unknown
whitelisted
5392
msiexec.exe
GET
404
69.192.162.201:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSgzf9cSnJr%2BqITIlPzCwhkRjQmwQUfhofGhF0XGTJDB%2BUAav9gWQuoSwCEBgsqLeVNXMHAAAAAFVmLZw%3D
unknown
whitelisted
5392
msiexec.exe
POST
404
69.192.162.201:80
http://ocsp.entrust.net/
unknown
whitelisted
4268
msiexec.exe
GET
404
69.192.162.201:80
http://ocsp.entrust.net/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCDEPBCxwAAAAAUdNz2g%3D%3D
unknown
whitelisted
5392
msiexec.exe
GET
404
23.50.131.88:80
http://crl.entrust.net/ovcs1.crl
unknown
whitelisted
4268
msiexec.exe
POST
404
69.192.162.201:80
http://ocsp.entrust.net/
unknown
whitelisted
4268
msiexec.exe
GET
404
23.50.131.88:80
http://crl.entrust.net/g2ca.crl
unknown
whitelisted
4268
msiexec.exe
GET
404
69.192.162.201:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSgzf9cSnJr%2BqITIlPzCwhkRjQmwQUfhofGhF0XGTJDB%2BUAav9gWQuoSwCEBgsqLeVNXMHAAAAAFVmLZw%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2112
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.160.17:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5392
msiexec.exe
69.192.162.201:80
ocsp.entrust.net
AKAMAI-AS
DE
whitelisted
5392
msiexec.exe
23.50.131.88:80
crl.entrust.net
Akamai International B.V.
DE
whitelisted
4268
msiexec.exe
69.192.162.201:80
ocsp.entrust.net
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 142.250.184.206
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.160.17
  • 20.190.160.66
  • 20.190.160.5
  • 20.190.160.67
  • 20.190.160.2
  • 20.190.160.4
  • 20.190.160.14
  • 40.126.32.72
whitelisted
ocsp.entrust.net
  • 69.192.162.201
whitelisted
crl.entrust.net
  • 23.50.131.88
  • 23.50.131.79
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
  • 2603:1030:7::106
whitelisted
198.187.3.20.in-addr.arpa
unknown
6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Application_YD63W_WN32_3.5.1004.0_A00_01.EXE