Malware analysis HPPSdr.exe Malicious activity | ANY.RUN

Add for printing

File name:	HPPSdr.exe
Full analysis:	https://app.any.run/tasks/4f623063-345d-4b36-9cfc-e67cb019b6e6
Verdict:	Malicious activity
Analysis date:	November 03, 2023, 14:21:34
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	FE236937872C20107145A8F8A0869EBD
SHA1:	C4818093839C24A3EBC583B49EF8789C5CEEA130
SHA256:	5F4467BA1D28CCD2367ACF1D4B6DB15A0D973C5CEC1FF59B25AC8074520B9BA4
SSDEEP:	98304:Z9MnRNTsjNNJusPSo1vomxCHv4AmOwruCVFKomWdyCc/stSvFwg8kJhpA7w26QGQ:EyUOaQtGLYmPU3dTszFTBo7r

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.100 (8.100)
Skype version 8.100 (8.100)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - NDP46-KB3045560-Web.exe (PID: 3688)
  - HPPSdr.exe (PID: 3372)
SUSPICIOUS
- Process drops legitimate windows executable
  - HPPSdr.exe (PID: 3372)
  - NDP46-KB3045560-Web.exe (PID: 3688)
- The process drops C-runtime libraries
  - HPPSdr.exe (PID: 3372)
- The process creates files with name similar to system file names
  - HPPSdr.exe (PID: 3372)
- Reads the Internet Settings
  - HPPSdr.exe (PID: 3372)
  - FileExtractor.exe (PID: 3624)
  - Setup.exe (PID: 3844)
- Checks Windows Trust Settings
  - Setup.exe (PID: 3844)
- Reads settings of System Certificates
  - Setup.exe (PID: 3844)
- Reads security settings of Internet Explorer
  - Setup.exe (PID: 3844)
- Adds/modifies Windows certificates
  - NDP46-KB3045560-Web.exe (PID: 3688)
INFO
- Checks supported languages
  - wmpnscfg.exe (PID: 3416)
  - HPPSdr.exe (PID: 3372)
  - FileExtractor.exe (PID: 3624)
  - NDP46-KB3045560-Web.exe (PID: 3688)
  - SetupUtility.exe (PID: 3924)
  - wmpnscfg.exe (PID: 3748)
  - SetupUtility.exe (PID: 4008)
  - Setup.exe (PID: 3844)
  - TMPB620.tmp.exe (PID: 3980)
- Reads the computer name
  - wmpnscfg.exe (PID: 3416)
  - HPPSdr.exe (PID: 3372)
  - FileExtractor.exe (PID: 3624)
  - NDP46-KB3045560-Web.exe (PID: 3688)
  - SetupUtility.exe (PID: 3924)
  - wmpnscfg.exe (PID: 3748)
  - Setup.exe (PID: 3844)
  - SetupUtility.exe (PID: 4008)
  - TMPB620.tmp.exe (PID: 3980)
- Reads the machine GUID from the registry
  - wmpnscfg.exe (PID: 3416)
  - NDP46-KB3045560-Web.exe (PID: 3688)
  - Setup.exe (PID: 3844)
  - SetupUtility.exe (PID: 3924)
  - wmpnscfg.exe (PID: 3748)
- Creates files in the program directory
  - HPPSdr.exe (PID: 3372)
- Create files in a temporary directory
  - NDP46-KB3045560-Web.exe (PID: 3688)
  - Setup.exe (PID: 3844)
  - SetupUtility.exe (PID: 3924)
  - TMPB620.tmp.exe (PID: 3980)
- Reads CPU info
  - Setup.exe (PID: 3844)
- Reads Environment values
  - Setup.exe (PID: 3844)
- Manual execution by a user
  - wmpnscfg.exe (PID: 3748)
- Creates files or folders in the user directory
  - Setup.exe (PID: 3844)
- Checks proxy server information
  - Setup.exe (PID: 3844)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (42.2)
.exe	\|	Win64 Executable (generic) (37.3)
.dll	\|	Win32 Dynamic Link Library (generic) (8.8)
.exe	\|	Win32 Executable (generic) (6)
.exe	\|	Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2021:02:24 06:14:02+01:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	10
CodeSize:	183808
InitializedDataSize:	122880
UninitializedDataSize:	-
EntryPoint:	0x250b7
OSVersion:	5.1
ImageVersion:	-
SubsystemVersion:	5.1
Subsystem:	Windows GUI
FileVersionNumber:	19.0.0.0
ProductVersionNumber:	19.0.0.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Hewlett-Packard Company
FileDescription:	HP Webpack
FileVersion:	19.0.0.0
InternalName:	7zS.sfx
LegalCopyright:	Hewlett-Packard Company
OriginalFileName:	7zS.sfx
ProductName:	HP Webpack
ProductVersion:	19.0.0.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

3372

"C:\Users\admin\AppData\Local\Temp\HPPSdr.exe"

C:\Users\admin\AppData\Local\Temp\HPPSdr.exe

—

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

Modules

Images
c:\users\admin\appdata\local\temp\hppsdr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll

3416

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Program Files\Windows Media Player\wmpnscfg.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Media Player Network Sharing Service Configuration Application

Exit code:

Version:

12.0.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll

3496

"C:\HP\Diagnostics\PSDR\FileExtractor.exe"

C:\HP\Diagnostics\PSDR\FileExtractor.exe

—

HPPSdr.exe

User:

admin

Company:

HPDC LP

Integrity Level:

MEDIUM

Description:

HP Print and Scan Doctor 5.7.4

Exit code:

3221226540

Version:

1.0.0.2

Modules

Images
c:\hp\diagnostics\psdr\fileextractor.exe
c:\windows\system32\ntdll.dll

3624

"C:\HP\Diagnostics\PSDR\FileExtractor.exe"

C:\HP\Diagnostics\PSDR\FileExtractor.exe

HPPSdr.exe

User:

admin

Company:

HPDC LP

Integrity Level:

HIGH

Description:

HP Print and Scan Doctor 5.7.4

Exit code:

Version:

1.0.0.2

Modules

Images
c:\hp\diagnostics\psdr\fileextractor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll

3688

"C:\HP\Diagnostics\PSDR\NDP46-KB3045560-Web.exe"

C:\HP\Diagnostics\PSDR\NDP46-KB3045560-Web.exe

—

FileExtractor.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft .NET Framework 4.6 Setup

Exit code:

1602

Version:

4.6.00081.00

Modules

Images
c:\hp\diagnostics\psdr\ndp46-kb3045560-web.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll

3748

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Program Files\Windows Media Player\wmpnscfg.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Media Player Network Sharing Service Configuration Application

Exit code:

Version:

12.0.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll

3844

C:\54123ad1e0459d779813aa0587\\Setup.exe /x86 /x64 /web

C:\54123ad1e0459d779813aa0587\Setup.exe

NDP46-KB3045560-Web.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Setup Installer

Exit code:

1602

Version:

14.0.0081.0 built by: NETFXREL2

Modules

Images
c:\54123ad1e0459d779813aa0587\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\54123ad1e0459d779813aa0587\setupengine.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll

3924

SetupUtility.exe /aupause

C:\54123ad1e0459d779813aa0587\SetupUtility.exe

—

Setup.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft .NET Framework 4.5 Setup

Exit code:

Version:

14.0.0081.0 built by: NETFXREL2

Modules

Images
c:\54123ad1e0459d779813aa0587\setuputility.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

3980

TMPB620.tmp.exe /Q /X:C:\54123ad1e0459d779813aa0587\TMPB620.tmp.exe.tmp

C:\54123ad1e0459d779813aa0587\TMPB620.tmp.exe

—

Setup.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft .NET Framework 4.6 Setup

Exit code:

Version:

4.6.00081.00

Modules

Images
c:\54123ad1e0459d779813aa0587\tmpb620.tmp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll

4008

SetupUtility.exe /screboot

C:\54123ad1e0459d779813aa0587\SetupUtility.exe

—

Setup.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft .NET Framework 4.5 Setup

Exit code:

Version:

14.0.0081.0 built by: NETFXREL2

Modules

Images
c:\54123ad1e0459d779813aa0587\setuputility.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

Add for printing

Total events

9 001

Read events

8 926

Write events

Delete events

Modification events


(PID) Process:	(3416) wmpnscfg.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{A8E678A2-6901-4282-B4F7-A3E5A6C83760}\{E484809C-2353-4669-A8A0-CAEDBE311F21}
Operation:	delete key	Name:	(default)
Value:
(PID) Process:	(3416) wmpnscfg.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{A8E678A2-6901-4282-B4F7-A3E5A6C83760}
Operation:	delete key	Name:	(default)
Value:
(PID) Process:	(3416) wmpnscfg.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{D80F53DD-09C3-4F44-AF6F-3C7102B6D22B}\{E484809C-2353-4669-A8A0-CAEDBE311F21}
Operation:	delete key	Name:	(default)
Value:
(PID) Process:	(3416) wmpnscfg.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{D80F53DD-09C3-4F44-AF6F-3C7102B6D22B}
Operation:	delete key	Name:	(default)
Value:
(PID) Process:	(3416) wmpnscfg.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{ADA2D2C1-5D74-47C7-8C9D-49273AAF4C05}
Operation:	delete key	Name:	(default)
Value:
(PID) Process:	(3372) HPPSdr.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(3372) HPPSdr.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(3372) HPPSdr.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(3372) HPPSdr.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(3624) FileExtractor.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1

Add for printing

Executable files

135

Suspicious files

Text files

114

Unknown types

Dropped files

PID	Process	Filename		Type
3372	HPPSdr.exe	C:\HP\Diagnostics\PSDR\help\1028\ndu_firewall.chm		binary
		MD5:48E0D6E4553100FF92E8DDE011306CE5	SHA256:80E213CB1CA268094974772AD34F8AE8C583C7A7D480A0289945E526B9C9655F
3372	HPPSdr.exe	C:\HP\Diagnostics\PSDR\help\1035\ndu_firewall.chm		binary
		MD5:93F9A8AFD7BBBCFA86814F1AB8C5EC5B	SHA256:E1FF52A1EF93EC3D38EEBB5AF6EBBB819873AB2EFC9B325C1F6DC1FDCB04976B
3372	HPPSdr.exe	C:\HP\Diagnostics\PSDR\help\1030\ndu_firewall.chm		binary
		MD5:73D8024987151A49BC8D821609A9BC07	SHA256:15FE05930F8E06955C9A405F8B26C012441B292D7A141D7949B5ABF6F837931E
3372	HPPSdr.exe	C:\HP\Diagnostics\PSDR\help\1029\ndu_firewall.chm		binary
		MD5:561548CCEE59C3B2ED984D9F4368FC2A	SHA256:2429BEA8F4F2D42F8F53D1474A51FF0532F2324A854533FDE9DB4DA0AA54766D
3372	HPPSdr.exe	C:\HP\Diagnostics\PSDR\help\1034\ndu_firewall.chm		binary
		MD5:37A3CA5C4AE35B1B4BA9FA83F4427534	SHA256:DE01F7846378175050717C3BB7876E03B0260A3D31352A794ECBA0797DEE53B8
3372	HPPSdr.exe	C:\HP\Diagnostics\PSDR\help\1032\ndu_firewall.chm		binary
		MD5:2EF3B036FA90ADE4021E7AA64B1B3E17	SHA256:31FC0B144D73F12F2EF4CD0F8F9B3EBF6EA908CA446BE1DC79947B73A018FA89
3372	HPPSdr.exe	C:\HP\Diagnostics\PSDR\help\1040\ndu_firewall.chm		binary
		MD5:F511DEAAEEFFA7CA8D00213D05A8B647	SHA256:F591B09D3918804C82002A9F7541DE32693828E20B0F7E4AB40BFAEB2D373C29
3372	HPPSdr.exe	C:\HP\Diagnostics\PSDR\help\1025\ndu_firewall.chm		binary
		MD5:5DB4574DC67604873C3A5BDAE114BB78	SHA256:4FB1B4CC7892625E1AE1842B47A1C873F9AB1BBFEC68FF6D66557684C82EC836
3372	HPPSdr.exe	C:\HP\Diagnostics\PSDR\help\1044\ndu_firewall.chm		binary
		MD5:6AA6F8368AB323CAF5AA970AFE9EBB79	SHA256:065C49111DEDE2B78FC258B5F3F66CE5DB9B0A20E9DB8D428C97F1BF29F17074
3372	HPPSdr.exe	C:\HP\Diagnostics\PSDR\help\1043\ndu_firewall.chm		binary
		MD5:49AEA0EDC8071DF7AE9D30B3F4246AC0	SHA256:506E3E0B1D5CF5DC85728E28500E13D95453879C7F939B4728DF7D3325327AA8

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
868	svchost.exe	HEAD	302	23.218.210.69:80	http://go.microsoft.com/fwlink/?LinkId=249117&clcid=0x409	unknown	—	—	unknown
868	svchost.exe	GET	302	23.218.210.69:80	http://go.microsoft.com/fwlink/?LinkId=249117&clcid=0x409	unknown	—	—	unknown
868	svchost.exe	HEAD	302	23.218.210.69:80	http://go.microsoft.com/fwlink/?LinkId=528231&clcid=0x409	unknown	—	—	unknown
868	svchost.exe	GET	302	23.218.210.69:80	http://go.microsoft.com/fwlink/?LinkId=528231&clcid=0x409	unknown	—	—	unknown
868	svchost.exe	HEAD	302	23.218.210.69:80	http://go.microsoft.com/fwlink/?LinkId=528226&clcid=0x409	unknown	—	—	unknown
868	svchost.exe	GET	302	23.218.210.69:80	http://go.microsoft.com/fwlink/?LinkId=528226&clcid=0x409	unknown	—	—	unknown
3844	Setup.exe	GET	302	2.19.246.123:80	http://go.microsoft.com/fwlink/?LinkId=528226&clcid=0x409	unknown	—	—	unknown
3844	Setup.exe	GET	302	2.19.246.123:80	http://go.microsoft.com/fwlink/?LinkId=528226&clcid=0x409	unknown	—	—	unknown
868	svchost.exe	HEAD	302	23.218.210.69:80	http://go.microsoft.com/fwlink/?LinkId=528226&clcid=0x409	unknown	—	—	unknown
868	svchost.exe	GET	302	23.218.210.69:80	http://go.microsoft.com/fwlink/?LinkId=528226&clcid=0x409	unknown	—	—	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
2588	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
3844	Setup.exe	46.228.146.128:80	ctldl.windowsupdate.com	LLNW	US	unknown
3844	Setup.exe	23.216.77.6:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
868	svchost.exe	23.218.210.69:80	go.microsoft.com	AKAMAI-AS	DE	unknown
868	svchost.exe	184.30.24.206:443	download.microsoft.com	AKAMAI-AS	DE	unknown
868	svchost.exe	68.232.34.200:443	download.visualstudio.microsoft.com	EDGECAST	US	whitelisted
3844	Setup.exe	95.101.149.131:80	www.microsoft.com	Akamai International B.V.	NL	unknown

DNS requests

Domain	IP	Reputation
ctldl.windowsupdate.com	46.228.146.128	whitelisted
crl.microsoft.com	23.216.77.6 23.216.77.28	whitelisted
go.microsoft.com	23.218.210.69 2.19.246.123	whitelisted
download.microsoft.com	184.30.24.206	whitelisted
download.visualstudio.microsoft.com	68.232.34.200	whitelisted
www.microsoft.com	95.101.149.131	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
dns.msftncsi.com	131.107.255.255	shared

Threats

No threats detected

Add for printing

Process	Message
Setup.exe	User cancelled installation.

General Info

HPPSdr.exe

FE236937872C20107145A8F8A0869EBD

C4818093839C24A3EBC583B49EF8789C5CEEA130

5F4467BA1D28CCD2367ACF1D4B6DB15A0D973C5CEC1FF59B25AC8074520B9BA4

98304:Z9MnRNTsjNNJusPSo1vomxCHv4AmOwruCVFKomWdyCc/stSvFwg8kJhpA7w26QGQ:EyUOaQtGLYmPU3dTszFTBo7r

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Process drops legitimate windows executable

The process drops C-runtime libraries

The process creates files with name similar to system file names

Reads the Internet Settings

Checks Windows Trust Settings

Reads settings of System Certificates

Reads security settings of Internet Explorer

Adds/modifies Windows certificates

INFO

Checks supported languages

Reads the computer name

Reads the machine GUID from the registry

Creates files in the program directory

Create files in a temporary directory

Reads CPU info

Reads Environment values

Manual execution by a user

Creates files or folders in the user directory

Checks proxy server information

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings