File name:

Adobe AIR Installer.exe

Full analysis: https://app.any.run/tasks/025b6e37-128b-49cc-b9c7-0fb4c2ecfacd
Verdict: Malicious activity
Analysis date: April 15, 2025, 18:49:04
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
MD5:

DE9C3DD3F3FB4503D7015489ABF90DCE

SHA1:

D38FAAA4D24AB180BE143F890BCACFC1CD6C6F16

SHA256:

5F85EAF8622ADDA6E7196E7E1662362B49C35DC4FDFE08DC42E8AADC3B9DC968

SSDEEP:

98304:XaacpLdSzu8q9Dr4JxoVXwqOgjMMLYZnD74LlGJ8fIoSREuGpcD/cpbwWePd39F/:iePGDBUGcj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Executing a file with an untrusted certificate

      • Adobe AIR Installer.exe (PID: 7812)
      • Adobe AIR Installer.exe (PID: 7300)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Adobe AIR Installer.exe (PID: 7500)
      • Adobe AIR Installer.exe (PID: 7812)
    • Reads security settings of Internet Explorer

      • Adobe AIR Installer.exe (PID: 7500)
      • Adobe AIR Installer.exe (PID: 7812)
    • There is functionality for taking screenshot (YARA)

      • Adobe AIR Installer.exe (PID: 7500)
    • Application launched itself

      • Adobe AIR Installer.exe (PID: 7812)
    • Adds/modifies Windows certificates

      • msiexec.exe (PID: 6944)
    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6944)
  • INFO

    • Creates files or folders in the user directory

      • Adobe AIR Installer.exe (PID: 7500)
      • Adobe AIR Installer.exe (PID: 7812)
      • msiexec.exe (PID: 6944)
    • Checks supported languages

      • Adobe AIR Installer.exe (PID: 7500)
      • Adobe AIR Installer.exe (PID: 7812)
      • Adobe AIR Installer.exe (PID: 7300)
      • msiexec.exe (PID: 6944)
    • The sample compiled with english language support

      • Adobe AIR Installer.exe (PID: 7500)
      • msiexec.exe (PID: 6944)
      • Adobe AIR Installer.exe (PID: 7812)
    • Create files in a temporary directory

      • Adobe AIR Installer.exe (PID: 7500)
    • Reads the computer name

      • Adobe AIR Installer.exe (PID: 7500)
      • Adobe AIR Installer.exe (PID: 7812)
      • Adobe AIR Installer.exe (PID: 7300)
      • msiexec.exe (PID: 6944)
    • Reads CPU info

      • Adobe AIR Installer.exe (PID: 7812)
      • Adobe AIR Installer.exe (PID: 7300)
    • Reads the machine GUID from the registry

      • Adobe AIR Installer.exe (PID: 7812)
      • msiexec.exe (PID: 6944)
    • Process checks computer location settings

      • Adobe AIR Installer.exe (PID: 7812)
    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6944)
    • Reads the software policy settings

      • msiexec.exe (PID: 6944)
    • Creates a software uninstall entry

      • msiexec.exe (PID: 6944)
    • Creates files in the program directory

      • Adobe AIR Installer.exe (PID: 7812)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2008:01:07 16:19:09+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 5.12
CodeSize: 82514
InitializedDataSize: 24584
UninitializedDataSize: -
EntryPoint: 0x4ffee
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.20
ProductVersionNumber: 2.0.0.20
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments:
FileVersion: 2.0.0.20
ProductVersion: 2.0.0.20
CompanyName:
LegalCopyright:
ProductName: NOSSO(R)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
138
Monitored processes
7
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start adobe air installer.exe sppextcomobj.exe no specs slui.exe no specs adobe air installer.exe adobe air installer.exe no specs msiexec.exe adobe air installer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6944C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
7300"C:\Users\admin\appdata\local\nos\adobe air installer\adobe air installer.exe" -stdio \\.\pipe\AIR_7812_0 -silentC:\Users\admin\AppData\Local\nos\Adobe AIR Installer\Adobe AIR Installer.exeAdobe AIR Installer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\nos\adobe air installer\adobe air installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7404"C:\Users\admin\AppData\Local\Temp\Adobe AIR Installer.exe" C:\Users\admin\AppData\Local\Temp\Adobe AIR Installer.exeexplorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
2.0.0.20
Modules
Images
c:\users\admin\appdata\local\temp\adobe air installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7500"C:\Users\admin\AppData\Local\Temp\Adobe AIR Installer.exe" C:\Users\admin\AppData\Local\Temp\Adobe AIR Installer.exe
explorer.exe
User:
admin
Company:
Integrity Level:
HIGH
Exit code:
0
Version:
2.0.0.20
Modules
Images
c:\users\admin\appdata\local\temp\adobe air installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7744C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
7776"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7812"C:\Users\admin\AppData\Local\nos\Adobe AIR Installer\Adobe AIR Installer.exe" C:\Users\admin\AppData\Local\nos\Adobe AIR Installer\Adobe AIR Installer.exe
Adobe AIR Installer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\nos\adobe air installer\adobe air installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
7 379
Read events
7 263
Write events
105
Delete events
11

Modification events

(PID) Process:(6944) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Operation:delete valueName:742C3192E607E424EB4549542BE1BBC53E6174E2
Value:
(PID) Process:(6944) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
Operation:writeName:Blob
Value:
04000000010000001000000010FC635DF6263E0DF325BE5F79CD67677E0000000100000008000000000010C51E92D2011D000000010000001000000027B3517667331CE2C1E74002B5FF2298620000000100000020000000E7685634EFACF69ACE939A6B255B7B4FABEF42935B50A265ACB5CB6027E44E7009000000010000002A000000302806082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030119000000010000001000000091161B894B117ECDC257628DB460CC04030000000100000014000000742C3192E607E424EB4549542BE1BBC53E6174E20F0000000100000010000000D7C63BE0837DBABF881D4FBF5F986AD80B000000010000004600000056006500720069005300690067006E00200043006C006100730073002000330020005000750062006C006900630020005000720069006D00610072007900200043004100000053000000010000002400000030223020060A2B0601040182375E010130123010060A2B0601040182373C0101030200C0140000000100000014000000E27F7BD877D5DF9E0A3F9EB4CB0E2EA9EFDB69777A000000010000000E000000300C060A2B0601040182375E010268000000010000000800000000003DB65BD9D5012000000001000000400200003082023C308201A5021070BAE41D10D92934B638CA7B03CCBABF300D06092A864886F70D0101020500305F310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E31373035060355040B132E436C6173732033205075626C6963205072696D6172792043657274696669636174696F6E20417574686F72697479301E170D3936303132393030303030305A170D3238303830313233353935395A305F310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E31373035060355040B132E436C6173732033205075626C6963205072696D6172792043657274696669636174696F6E20417574686F7269747930819F300D06092A864886F70D010101050003818D0030818902818100C95C599EF21B8A0114B410DF0440DBE357AF6A45408F840C0BD133D9D911CFEE02581F25F72AA84405AAEC031F787F9E93B99A00AA237DD6AC85A26345C77227CCF44CC67571D239EF4F42F075DF0A90C68E206F980FF8AC235F702936A4C986E7B19A20CB53A585E73DBE7D9AFE244533DC7615ED0FA271644C652E816845A70203010001300D06092A864886F70D010102050003818100BB4C122BCF2C26004F1413DDA6FBFC0A11848CF3281C67922F7CB6C5FADFF0E895BC1D8F6C2CA851CC73D8A4C053F04ED626C076015781925E21F1D1B1FFE7D02158CD6917E3441C9C194439895CDC9C000F568D0299EDA290454CE4BB10A43DF032030EF1CEF8E8C9518CE6629FE69FC07DB7729CC9363A6B9F4EA8FF640D64
(PID) Process:(6944) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
Operation:writeName:Blob
Value:
5C00000001000000040000000004000068000000010000000800000000003DB65BD9D5017A000000010000000E000000300C060A2B0601040182375E0102140000000100000014000000E27F7BD877D5DF9E0A3F9EB4CB0E2EA9EFDB697753000000010000002400000030223020060A2B0601040182375E010130123010060A2B0601040182373C0101030200C00B000000010000004600000056006500720069005300690067006E00200043006C006100730073002000330020005000750062006C006900630020005000720069006D0061007200790020004300410000000F0000000100000010000000D7C63BE0837DBABF881D4FBF5F986AD8030000000100000014000000742C3192E607E424EB4549542BE1BBC53E6174E219000000010000001000000091161B894B117ECDC257628DB460CC0409000000010000002A000000302806082B0601050507030206082B0601050507030306082B0601050507030406082B06010505070301620000000100000020000000E7685634EFACF69ACE939A6B255B7B4FABEF42935B50A265ACB5CB6027E44E701D000000010000001000000027B3517667331CE2C1E74002B5FF22987E0000000100000008000000000010C51E92D20104000000010000001000000010FC635DF6263E0DF325BE5F79CD67672000000001000000400200003082023C308201A5021070BAE41D10D92934B638CA7B03CCBABF300D06092A864886F70D0101020500305F310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E31373035060355040B132E436C6173732033205075626C6963205072696D6172792043657274696669636174696F6E20417574686F72697479301E170D3936303132393030303030305A170D3238303830313233353935395A305F310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E31373035060355040B132E436C6173732033205075626C6963205072696D6172792043657274696669636174696F6E20417574686F7269747930819F300D06092A864886F70D010101050003818D0030818902818100C95C599EF21B8A0114B410DF0440DBE357AF6A45408F840C0BD133D9D911CFEE02581F25F72AA84405AAEC031F787F9E93B99A00AA237DD6AC85A26345C77227CCF44CC67571D239EF4F42F075DF0A90C68E206F980FF8AC235F702936A4C986E7B19A20CB53A585E73DBE7D9AFE244533DC7615ED0FA271644C652E816845A70203010001300D06092A864886F70D010102050003818100BB4C122BCF2C26004F1413DDA6FBFC0A11848CF3281C67922F7CB6C5FADFF0E895BC1D8F6C2CA851CC73D8A4C053F04ED626C076015781925E21F1D1B1FFE7D02158CD6917E3441C9C194439895CDC9C000F568D0299EDA290454CE4BB10A43DF032030EF1CEF8E8C9518CE6629FE69FC07DB7729CC9363A6B9F4EA8FF640D64
(PID) Process:(6944) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Operation:delete valueName:4F65566336DB6598581D584A596C87934D5F2AB4
Value:
(PID) Process:(6944) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4
Operation:writeName:Blob
Value:
5C00000001000000040000000004000019000000010000001000000091161B894B117ECDC257628DB460CC040300000001000000140000004F65566336DB6598581D584A596C87934D5F2AB41D000000010000001000000027B3517667331CE2C1E74002B5FF2298140000000100000014000000E27F7BD877D5DF9E0A3F9EB4CB0E2EA9EFDB697709000000010000002A000000302806082B0601050507030406082B0601050507030206082B0601050507030306082B060105050703010B000000010000003800000056006500720069005300690067006E00200043006C006100730073002000330020005000720069006D006100720079002000430041000000040000000100000010000000782A02DFDB2E14D5A75F0ADFB68E9C5D0F0000000100000010000000F1BBAC2D9038DDEC8DB173C53BC72A2A2000000001000000410200003082023D308201A6021100E49EFDF33AE80ECFA5113E19A4240232300D06092A864886F70D0101020500305F310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E31373035060355040B132E436C6173732033205075626C6963205072696D6172792043657274696669636174696F6E20417574686F72697479301E170D3936303132393030303030305A170D3034303130373233353935395A305F310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E31373035060355040B132E436C6173732033205075626C6963205072696D6172792043657274696669636174696F6E20417574686F7269747930819F300D06092A864886F70D010101050003818D0030818902818100C95C599EF21B8A0114B410DF0440DBE357AF6A45408F840C0BD133D9D911CFEE02581F25F72AA84405AAEC031F787F9E93B99A00AA237DD6AC85A26345C77227CCF44CC67571D239EF4F42F075DF0A90C68E206F980FF8AC235F702936A4C986E7B19A20CB53A585E73DBE7D9AFE244533DC7615ED0FA271644C652E816845A70203010001300D06092A864886F70D0101020500038181006170EC2F3F9EFD2BE6685421B06779080C2096318A0D7ABEB626DF792C22694936E397776261A232D77A542136BA02C934E725DA4435B0D25C805DB394F8F9ACEEA460752A1F954923B14A7CF4B34772215B7E97AB54AC62E75DECAE9BD2C9B224FB82ADE967154BBAAAA6F097A0F6B0975700C80C3C09A08204BA41DAF799A4
(PID) Process:(6944) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:writeName:C:\Config.Msi\
Value:
(PID) Process:(6944) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:C:\Config.Msi\11176f.rbs
Value:
31174199
(PID) Process:(6944) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:C:\Config.Msi\11176f.rbsLow
Value:
574374096
(PID) Process:(6944) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90A2D107EB418F542933C10EDE00329A
Operation:writeName:8663020007180A44EB446B23AFD487F0
Value:
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll
(PID) Process:(6944) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C3C47CD8BAC94C4EB81B5D1DCD091E7
Operation:writeName:8663020007180A44EB446B23AFD487F0
Value:
C:\Program Files (x86)\Common Files\Adobe AIR\sentinel
Executable files
21
Suspicious files
46
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
7500Adobe AIR Installer.exeC:\Users\admin\AppData\Local\nos\Adobe AIR Installer\setup.msiexecutable
MD5:89681670507C9C1506037522B6DC1E45
SHA256:0D990492081936B6C45BDC67B510157BBE2AF27AC2DFAC02E436EE4BA079AC8F
7500Adobe AIR Installer.exeC:\Users\admin\AppData\Local\nos\Adobe AIR Installer\Adobe AIR\Versions\1.0\digest.sbinary
MD5:C400A73A2B181103530B9DEF6715099D
SHA256:930818F85EADBF1855ADF534DEBAFC72AA8F5C32BCDA85BD09A20AC93F1079D5
7500Adobe AIR Installer.exeC:\Users\admin\AppData\Local\nos\Adobe AIR Installer\Adobe AIR\Versions\1.0\Adobe Root Certificate.cerbinary
MD5:BF70913FF8D6D60A47FE825330815DB4
SHA256:944E66AA967BD390952D22426BF1DFCD379A2C87A21B942FBCA79F41F0354AAC
7500Adobe AIR Installer.exeC:\Users\admin\AppData\Local\Temp\~DF81A4B5CB604FBB18.TMPbinary
MD5:ABE33CEFCEAFC56A341987FDC071598B
SHA256:FF076D3CE5CBC510BE346E1CBC5575B738559660650C15C937FB6A14B6875AFA
7500Adobe AIR Installer.exeC:\Users\admin\AppData\Local\Temp\~DF8ADE103D4E5DEB55.TMPbinary
MD5:13EB24C0BD04864D99554ACFBD0B0E40
SHA256:B73052D0D1F92531C8D838DA1B520AF70D6458907396B7DC638EE3EB9767A635
7500Adobe AIR Installer.exeC:\Users\admin\AppData\Local\nos\Adobe AIR Installer\Adobe AIR\sentineltext
MD5:A5C11CA014FE30B8085EA2E95F7196C4
SHA256:096E4BFD9F7E1FAF15058C0A0FE45E6DBD00E3E1360F21F2CA92BCE16A9A919A
7500Adobe AIR Installer.exeC:\Users\admin\AppData\Local\nos\Adobe AIR Installer\Adobe AIR\Versions\1.0\template.msiexecutable
MD5:D4A1A427AE17047055186395CA873089
SHA256:A7438FBE8C8996D966CAFF507C77114A861833B4C1BC1248A71271762005A2C8
7500Adobe AIR Installer.exeC:\Users\admin\AppData\Local\nos\Adobe AIR Installer\Adobe AIR\Versions\1.0\setup.swfbinary
MD5:5A933EAA6F248C06A2FF42410720E243
SHA256:B1DEA74CFA75B57B37F14E678B86A7BE35F42A8A2A9C808AC4E6CE6E78B31188
7500Adobe AIR Installer.exeC:\Users\admin\AppData\Local\nos\Adobe AIR Installer\setup.swfbinary
MD5:5A933EAA6F248C06A2FF42410720E243
SHA256:B1DEA74CFA75B57B37F14E678B86A7BE35F42A8A2A9C808AC4E6CE6E78B31188
7500Adobe AIR Installer.exeC:\Users\admin\AppData\Local\nos\Adobe AIR Installer\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.swfbinary
MD5:8599589CB2F1CFAD899F0E95C3CF2BC9
SHA256:101140C8DF33CD81AF64000549872EF9E48AF5913A27367E0865A4F83BECC509
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
19
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
184.24.77.35:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6944
msiexec.exe
GET
200
2.17.189.192:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FxkCfyHfJr7GQ6M658NRZ4SHo%2FAQUCPVR6Pv%2BPT1kNnxoz1t4qN%2B5xTcCEDA2ePYtKPWPCdFq3RW5wHE%3D
unknown
whitelisted
7172
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6944
msiexec.exe
GET
200
2.17.189.192:80
http://crl.verisign.com/pca3.crl
unknown
whitelisted
6944
msiexec.exe
GET
200
2.17.189.192:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ%2FxkCfyHfJr7GQ6M658NRZ4SHo%2FAQUCPVR6Pv%2BPT1kNnxoz1t4qN%2B5xTcCEDA2ePYtKPWPCdFq3RW5wHE%3D
unknown
whitelisted
7172
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
184.24.77.35:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6944
msiexec.exe
2.17.189.192:80
crl.verisign.com
AKAMAI-AS
DE
whitelisted
7172
SIHClient.exe
20.12.23.50:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.78
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 184.24.77.35
  • 184.24.77.37
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.159.0
  • 40.126.31.71
  • 20.190.159.130
  • 40.126.31.73
  • 40.126.31.0
  • 40.126.31.131
  • 20.190.159.4
  • 40.126.31.69
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
crl.verisign.com
  • 2.17.189.192
whitelisted
ocsp.verisign.com
  • 2.17.189.192
whitelisted
csc3-2004-crl.verisign.com
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted

Threats

No threats detected
No debug info