File name:

netlimiter-5.3.19.0.exe

Full analysis: https://app.any.run/tasks/7d7abc4c-610b-407f-9d1a-58c1703bbd63
Verdict: Malicious activity
Analysis date: January 15, 2025, 15:51:11
OS: Windows 11 Professional (build: 22000, 64 bit)
Tags:
advancedinstaller
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

498BBA1C7133AD63A52A908E092A6322

SHA1:

4C4227567843397630109A88F77BE8E4B9D506C2

SHA256:

82CC21085FF74EAF3A4608869E91581C809C2836286A9D93F449F42CF186E797

SSDEEP:

98304:2pfE1CQOGlfuAfpLPlmmJUyI92/GIGWFyfywJ2ZOAT3ykK17qyTjyjY5YDLs/xmt:ODVppssgsCm7DE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • ADVANCEDINSTALLER mutex has been found

      • netlimiter-5.3.19.0.exe (PID: 2744)

    • Checks Windows Trust Settings

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • netlimiter-5.3.19.0.exe (PID: 1900)
      • msiexec.exe (PID: 6224)

    • Reads security settings of Internet Explorer

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • netlimiter-5.3.19.0.exe (PID: 1900)
      • NLSvc.exe (PID: 536)

    • Reads settings of System Certificates

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • netlimiter-5.3.19.0.exe (PID: 1900)
      • NLSvc.exe (PID: 536)

    • Process drops legitimate windows executable

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • msiexec.exe (PID: 2672)
      • msiexec.exe (PID: 2256)
      • netlimiter-5.3.19.0.exe (PID: 1900)
      • msiexec.exe (PID: 6224)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 2672)
      • msiexec.exe (PID: 2256)

    • Reads Internet Explorer settings

      • netlimiter-5.3.19.0.exe (PID: 2744)

    • Reads the Windows owner or organization settings

      • netlimiter-5.3.19.0.exe (PID: 1900)
      • msiexec.exe (PID: 6224)

    • Executable content was dropped or overwritten

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • netlimiter-5.3.19.0.exe (PID: 1900)

    • Reads the Internet Settings

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • NLSvc.exe (PID: 536)

    • Application launched itself

      • netlimiter-5.3.19.0.exe (PID: 2744)

    • Drops a system driver (possible attempt to evade defenses)

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • msiexec.exe (PID: 6224)

    • Executes as Windows Service

      • VSSVC.exe (PID: 6252)
      • NLSvc.exe (PID: 2380)

  • INFO

    • The sample compiled with english language support

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • msiexec.exe (PID: 2672)
      • netlimiter-5.3.19.0.exe (PID: 1900)
      • msiexec.exe (PID: 2256)
      • msiexec.exe (PID: 6224)

    • Reads the machine GUID from the registry

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • netlimiter-5.3.19.0.exe (PID: 1900)
      • msiexec.exe (PID: 6224)
      • NLSvc.exe (PID: 536)
      • NLSvc.exe (PID: 2380)

    • Reads the computer name

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • msiexec.exe (PID: 6224)
      • msiexec.exe (PID: 2672)
      • netlimiter-5.3.19.0.exe (PID: 1900)
      • msiexec.exe (PID: 2256)
      • NLSvc.exe (PID: 536)
      • NLSvc.exe (PID: 2380)
      • msiexec.exe (PID: 256)

    • Checks supported languages

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • msiexec.exe (PID: 2672)
      • netlimiter-5.3.19.0.exe (PID: 1900)
      • msiexec.exe (PID: 2256)
      • msiexec.exe (PID: 6224)
      • msiexec.exe (PID: 256)
      • NLSvc.exe (PID: 536)
      • NLSvc.exe (PID: 2380)

    • Reads Environment values

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • msiexec.exe (PID: 2672)
      • netlimiter-5.3.19.0.exe (PID: 1900)
      • msiexec.exe (PID: 2256)

    • Reads the software policy settings

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • netlimiter-5.3.19.0.exe (PID: 1900)
      • msiexec.exe (PID: 6224)
      • NLSvc.exe (PID: 2380)

    • Create files in a temporary directory

      • netlimiter-5.3.19.0.exe (PID: 2744)
      • netlimiter-5.3.19.0.exe (PID: 1900)
      • msiexec.exe (PID: 2672)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 2672)
      • msiexec.exe (PID: 6224)
      • msiexec.exe (PID: 2256)

    • The process uses the downloaded file

      • netlimiter-5.3.19.0.exe (PID: 2744)

    • Sends debugging messages

      • msiexec.exe (PID: 2256)
      • msiexec.exe (PID: 256)

    • Manages system restore points

      • SrTasks.exe (PID: 6184)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6224)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:12:14 13:40:00+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.34
CodeSize: 2450944
InitializedDataSize: 1032704
UninitializedDataSize: -
EntryPoint: 0x1d0974
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 5.3.19.0
ProductVersionNumber: 5.3.19.0
FileFlagsMask: 0x003f
FileFlags: Debug
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Locktime Software
FileDescription: NetLimiter Installer
FileVersion: 5.3.19.0
InternalName: netlimiter-5.3.19.0
LegalCopyright: Copyright (C) 2025 Locktime Software
OriginalFileName: netlimiter-5.3.19.0.exe
ProductName: NetLimiter
ProductVersion: 5.3.19.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
124
Monitored processes
14
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start netlimiter-5.3.19.0.exe msiexec.exe msiexec.exe netlimiter-5.3.19.0.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe msiexec.exe no specs nlsvc.exe no specs conhost.exe no specs nlsvc.exe nlclientapp.exe no specs netlimiter-5.3.19.0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
256C:\Windows\syswow64\MsiExec.exe -Embedding 0857466BBD5A874EAD63A27CF73A8B0C E Global\MSI0000C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.22000.653 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64base.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64con.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
536"C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe" /afterinstallC:\Program Files\Locktime Software\NetLimiter\NLSvc.exemsiexec.exe
User:
admin
Company:
Locktime Software
Integrity Level:
HIGH
Description:
NLSvc
Exit code:
0
Version:
5.3.19.0
Modules
Images
c:\program files\locktime software\netlimiter\nlsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework64\v4.0.30319\mscoreei.dll
1132\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeNLSvc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
1900"C:\Users\admin\Desktop\netlimiter-5.3.19.0.exe" /i C:\Users\admin\AppData\Local\Temp\{259F42CD-B18F-42CA-8402-C2454BBB2D44}\BBB2D44\netlimiter-5.3.19.0.x64.msi AI_EUIMSI=1 APPDIR="C:\Program Files\Locktime Software\NetLimiter" SECONDSEQUENCE="1" CLIENTPROCESSID="2744" AI_MORE_CMD_LINE=1C:\Users\admin\Desktop\netlimiter-5.3.19.0.exe
netlimiter-5.3.19.0.exe
User:
admin
Company:
Locktime Software
Integrity Level:
HIGH
Description:
NetLimiter Installer
Exit code:
0
Version:
5.3.19.0
Modules
Images
c:\users\admin\desktop\netlimiter-5.3.19.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64base.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64con.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
2256C:\Windows\syswow64\MsiExec.exe -Embedding B045BC7FDBEF5B9BB0CE9CBD5ABFDC13C:\Windows\SysWOW64\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.22000.653 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64base.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64con.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
2380"C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe"C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe
services.exe
User:
SYSTEM
Company:
Locktime Software
Integrity Level:
SYSTEM
Description:
NLSvc
Version:
5.3.19.0
Modules
Images
c:\program files\locktime software\netlimiter\nlsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework64\v4.0.30319\mscoreei.dll
2672C:\Windows\syswow64\MsiExec.exe -Embedding 9BA1B9A7241204BCFAD3093426F3CB12 CC:\Windows\SysWOW64\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.22000.653 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64base.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64con.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
2744"C:\Users\admin\Desktop\netlimiter-5.3.19.0.exe" C:\Users\admin\Desktop\netlimiter-5.3.19.0.exe
explorer.exe
User:
admin
Company:
Locktime Software
Integrity Level:
HIGH
Description:
NetLimiter Installer
Exit code:
0
Version:
5.3.19.0
Modules
Images
c:\users\admin\desktop\netlimiter-5.3.19.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64base.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64con.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
3664"C:\Program Files\Locktime Software\NetLimiter\NLClientApp.exe" /installC:\Program Files\Locktime Software\NetLimiter\NLClientApp.exemsiexec.exe
User:
admin
Company:
Locktime Software
Integrity Level:
HIGH
Description:
NetLimiter Client
Exit code:
0
Version:
5.3.19.0
Modules
Images
c:\program files\locktime software\netlimiter\nlclientapp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework64\v4.0.30319\mscoreei.dll
5064"C:\Users\admin\Desktop\netlimiter-5.3.19.0.exe" C:\Users\admin\Desktop\netlimiter-5.3.19.0.exeexplorer.exe
User:
admin
Company:
Locktime Software
Integrity Level:
MEDIUM
Description:
NetLimiter Installer
Exit code:
3221226540
Version:
5.3.19.0
Modules
Images
c:\users\admin\desktop\netlimiter-5.3.19.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
31 458
Read events
30 911
Write events
523
Delete events
24

Modification events

(PID) Process:(2744) netlimiter-5.3.19.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:delete valueName:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Value:
(PID) Process:(2744) netlimiter-5.3.19.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Operation:writeName:Blob
Value:
04000000010000001000000078F2FCAA601F2FB4EBC937BA532E7549140000000100000014000000ECD7E382D2715D644CDF2E673FE7BA98AE1C0F4F0B00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006F006F0074002000470034000000530000000100000040000000303E301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C00F00000001000000300000004EA1B34B10B982A96A38915843507820AD632C6AAD8343E337B34D660CD8366FA154544AE80668AE1FDF3931D57E1996030000000100000014000000DDFB16CD4931C973A2037D3FC83A4D7D775D05E4190000000100000010000000FFAC207997BB2CFE865570179EE037B9090000000100000034000000303206082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030106082B06010505070308620000000100000020000000552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC899881D0000000100000010000000A86DC6A233EB339610F3ED414927C5592000000001000000940500003082059030820378A0030201020210059B1B579E8E2132E23907BDA777755C300D06092A864886F70D01010C05003062310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3121301F060355040313184469676943657274205472757374656420526F6F74204734301E170D3133303830313132303030305A170D3338303131353132303030305A3062310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3121301F060355040313184469676943657274205472757374656420526F6F7420473430820222300D06092A864886F70D01010105000382020F003082020A0282020100BFE6907368DEBBE45D4A3C3022306933ECC2A7252EC9213DF28AD859C2E129A73D58AB769ACDAE7B1B840DC4301FF31BA43816EB56C6976D1DABB279F2CA11D2E45FD6053C520F521FC69E15A57EBE9FA95716595572AF689370C2B2BA75996A733294D11044102EDF82F30784E6743B6D71E22D0C1BEE20D5C9201D63292DCEEC5E4EC893F821619B34EB05C65EEC5B1ABCEBC9CFCDAC34405FB17A66EE77C848A86657579F54588E0C2BB74FA730D956EECA7B5DE3ADC94F5EE535E731CBDA935EDC8E8F80DAB69198409079C378C7B6B1C4B56A183803108DD8D437A42E057D88F5823E109170AB55824132D7DB04732A6E91017C214CD4BCAE1B03755D7866D93A31449A3340BF08D75A49A4C2E6A9A067DDA427BCA14F39B5115817F7245C468F64F7C169887698763D595D4276878997697A48F0E0A2121B669A74CADE4B1EE70E63AEE6D4EF92923A9E3DDC00E4452589B69A44192B7EC094B4D2616DEB33D9C5DF4B0400CC7D1C95C38FF721B2B211B7BB7FF2D58C702C4160AAB1631844951A76627EF680B0FBE864A633D18907E1BDB7E643A418B8A67701E10F940C211DB2542925896CE50E52514774BE26ACB64175DE7AAC5F8D3FC9BCD34111125BE51050EB31C5CA72162209DF7C4C753F63EC215FC420516B6FB1AB868B4FC2D6455F9D20FCA11EC5C08FA2B17E0A2699F5E4692F981D2DF5D9A9B21DE51B0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186301D0603551D0E04160414ECD7E382D2715D644CDF2E673FE7BA98AE1C0F4F300D06092A864886F70D01010C05000382020100BB61D97DA96CBE17C4911BC3A1A2008DE364680F56CF77AE70F9FD9A4A99B9C9785C0C0C5FE4E61429560B36495D4463E0AD9C9618661B230D3D79E96D6BD654F8D23CC14340AE1D50F552FC903BBB9899696BC7C1A7A868A427DC9DF927AE3085B9F6674D3A3E8F5939225344EBC85D03CAED507A7D62210A80C87366D1A005605FE8A5B4A7AFA8F76D359C7C5A8AD6A23899F3788BF44DD2200BDE04EE8C9B4781720DC01432EF30592EAEE071F256E46A976F92506D968D687A9AB236147A06F224B9091150D708B1B8897A8423614229E5A3CDA22041D7D19C64D9EA26A18B14D74C19B25041713D3F4D7023860C4ADC81D2CC3294840D0809971C4FC0EE6B207430D2E03934108521150108E85532DE7149D92817504DE6BE4DD175ACD0CAFB41B843A5AAD3C305444F2C369BE2FAE245B823536C066F67557F46B54C3F6E285A7926D2A4A86297D21EE2ED4A8BBC1BFD474A0DDF67667EB25B41D03BE4F43BF40463E9EFC2540051A08A2AC9CE78CCD5EA870418B3CEAF4988AFF39299B6B3E6610FD28500E7501AE41B959D19A1B99CB19BB1001EEFD00F4F426CC90ABCEE43FA3A71A5C84D26A535FD895DBC85621D32D2A02B54ED9A57C1DBFA10CF19B78B4A1B8F01B6279553E8B6896D5BBC68D423E88B51A256F9F0A680A0D61EB3BC0F0F537529AAEA1377E4DE8C8121AD07104711AD873D07D175BCCFF3667E
(PID) Process:(2744) netlimiter-5.3.19.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Operation:writeName:Blob
Value:
5C0000000100000004000000001000001D0000000100000010000000A86DC6A233EB339610F3ED414927C559620000000100000020000000552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988090000000100000034000000303206082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030106082B06010505070308190000000100000010000000FFAC207997BB2CFE865570179EE037B9030000000100000014000000DDFB16CD4931C973A2037D3FC83A4D7D775D05E40F00000001000000300000004EA1B34B10B982A96A38915843507820AD632C6AAD8343E337B34D660CD8366FA154544AE80668AE1FDF3931D57E1996530000000100000040000000303E301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C00B00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006F006F0074002000470034000000140000000100000014000000ECD7E382D2715D644CDF2E673FE7BA98AE1C0F4F04000000010000001000000078F2FCAA601F2FB4EBC937BA532E75492000000001000000940500003082059030820378A0030201020210059B1B579E8E2132E23907BDA777755C300D06092A864886F70D01010C05003062310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3121301F060355040313184469676943657274205472757374656420526F6F74204734301E170D3133303830313132303030305A170D3338303131353132303030305A3062310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3121301F060355040313184469676943657274205472757374656420526F6F7420473430820222300D06092A864886F70D01010105000382020F003082020A0282020100BFE6907368DEBBE45D4A3C3022306933ECC2A7252EC9213DF28AD859C2E129A73D58AB769ACDAE7B1B840DC4301FF31BA43816EB56C6976D1DABB279F2CA11D2E45FD6053C520F521FC69E15A57EBE9FA95716595572AF689370C2B2BA75996A733294D11044102EDF82F30784E6743B6D71E22D0C1BEE20D5C9201D63292DCEEC5E4EC893F821619B34EB05C65EEC5B1ABCEBC9CFCDAC34405FB17A66EE77C848A86657579F54588E0C2BB74FA730D956EECA7B5DE3ADC94F5EE535E731CBDA935EDC8E8F80DAB69198409079C378C7B6B1C4B56A183803108DD8D437A42E057D88F5823E109170AB55824132D7DB04732A6E91017C214CD4BCAE1B03755D7866D93A31449A3340BF08D75A49A4C2E6A9A067DDA427BCA14F39B5115817F7245C468F64F7C169887698763D595D4276878997697A48F0E0A2121B669A74CADE4B1EE70E63AEE6D4EF92923A9E3DDC00E4452589B69A44192B7EC094B4D2616DEB33D9C5DF4B0400CC7D1C95C38FF721B2B211B7BB7FF2D58C702C4160AAB1631844951A76627EF680B0FBE864A633D18907E1BDB7E643A418B8A67701E10F940C211DB2542925896CE50E52514774BE26ACB64175DE7AAC5F8D3FC9BCD34111125BE51050EB31C5CA72162209DF7C4C753F63EC215FC420516B6FB1AB868B4FC2D6455F9D20FCA11EC5C08FA2B17E0A2699F5E4692F981D2DF5D9A9B21DE51B0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186301D0603551D0E04160414ECD7E382D2715D644CDF2E673FE7BA98AE1C0F4F300D06092A864886F70D01010C05000382020100BB61D97DA96CBE17C4911BC3A1A2008DE364680F56CF77AE70F9FD9A4A99B9C9785C0C0C5FE4E61429560B36495D4463E0AD9C9618661B230D3D79E96D6BD654F8D23CC14340AE1D50F552FC903BBB9899696BC7C1A7A868A427DC9DF927AE3085B9F6674D3A3E8F5939225344EBC85D03CAED507A7D62210A80C87366D1A005605FE8A5B4A7AFA8F76D359C7C5A8AD6A23899F3788BF44DD2200BDE04EE8C9B4781720DC01432EF30592EAEE071F256E46A976F92506D968D687A9AB236147A06F224B9091150D708B1B8897A8423614229E5A3CDA22041D7D19C64D9EA26A18B14D74C19B25041713D3F4D7023860C4ADC81D2CC3294840D0809971C4FC0EE6B207430D2E03934108521150108E85532DE7149D92817504DE6BE4DD175ACD0CAFB41B843A5AAD3C305444F2C369BE2FAE245B823536C066F67557F46B54C3F6E285A7926D2A4A86297D21EE2ED4A8BBC1BFD474A0DDF67667EB25B41D03BE4F43BF40463E9EFC2540051A08A2AC9CE78CCD5EA870418B3CEAF4988AFF39299B6B3E6610FD28500E7501AE41B959D19A1B99CB19BB1001EEFD00F4F426CC90ABCEE43FA3A71A5C84D26A535FD895DBC85621D32D2A02B54ED9A57C1DBFA10CF19B78B4A1B8F01B6279553E8B6896D5BBC68D423E88B51A256F9F0A680A0D61EB3BC0F0F537529AAEA1377E4DE8C8121AD07104711AD873D07D175BCCFF3667E
(PID) Process:(2744) netlimiter-5.3.19.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:delete valueName:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Value:
(PID) Process:(2744) netlimiter-5.3.19.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
040000000100000010000000E94FB54871208C00DF70F708AC47085B1D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD953000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C00B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000000F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C0300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B81900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B46200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF861400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B09000000010000000C000000300A06082B06010505070303200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(2744) netlimiter-5.3.19.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
5C00000001000000040000000010000009000000010000000C000000300A06082B060105050703031400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B6200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF861900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B40300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B80F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C0B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F0074002000520034003500000053000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C01D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD9040000000100000010000000E94FB54871208C00DF70F708AC47085B200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(2744) netlimiter-5.3.19.0.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2744) netlimiter-5.3.19.0.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2744) netlimiter-5.3.19.0.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2744) netlimiter-5.3.19.0.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
502
Suspicious files
59
Text files
108
Unknown types
4

Dropped files

PID
Process
Filename
Type
2744netlimiter-5.3.19.0.exeC:\Users\admin\AppData\Local\Temp\{259F42CD-B18F-42CA-8402-C2454BBB2D44}\holder0.aiph
MD5:
SHA256:
2744netlimiter-5.3.19.0.exeC:\Users\admin\AppData\Local\Temp\{259F42CD-B18F-42CA-8402-C2454BBB2D44}\BBB2D44\netlimiter-5.3.19.0.x64.msiexecutable
MD5:830131AE9243138466781EEEC935D057
SHA256:6233E30AB0C2F9856C06BC97AFDE1C8CC4B3B5A684FB69FA124CF74409B3C9C5
2744netlimiter-5.3.19.0.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:BE32B9F6830238F4048316AB52E983C0
SHA256:0F07688F75A4CDB63F294685A346B202ABBFFE3CFEB386F39B0A2BC250EB6FE1
2744netlimiter-5.3.19.0.exeC:\Users\admin\AppData\Local\Temp\{259F42CD-B18F-42CA-8402-C2454BBB2D44}\BBB2D44\netlimiter-5.3.19.0.msiexecutable
MD5:85A828BDD41D4506FBB315DDAE085368
SHA256:2A962270C549FD53BD128B497DA98E38AB0D36E86191AD9951A624B621C5FE4F
2744netlimiter-5.3.19.0.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_2744\whitebackgroundimage
MD5:EB93C0ABAE8A7DE7AE6DC3755B12C802
SHA256:EDA260871BBA09273B71A165DC8B4F254B186046AB383722DC2D8803FA698725
2744netlimiter-5.3.19.0.exeC:\Users\admin\AppData\Local\Temp\MSI2AE6.tmpexecutable
MD5:DB7612F0FD6408D664185CFC81BEF0CB
SHA256:E9E426B679B3EFB233F03C696E997E2DA3402F16A321E954B54454317FCEB240
2744netlimiter-5.3.19.0.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_2744\repair.pngimage
MD5:CE23E801FACF4DC9980692913ECC5FB3
SHA256:A8856BD3783A5FC30504FD8AFCFABAA8295ECEFC0D91E5CDD00453F2137495D3
2744netlimiter-5.3.19.0.exeC:\Users\admin\AppData\Local\Temp\MSI2A49.tmpexecutable
MD5:DB7612F0FD6408D664185CFC81BEF0CB
SHA256:E9E426B679B3EFB233F03C696E997E2DA3402F16A321E954B54454317FCEB240
2744netlimiter-5.3.19.0.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554Ebinary
MD5:CEE28CA9BD10201BEF5A531826E46AC6
SHA256:7657838AFAE8F6E6A0FCAAEA536232C4A2AD4356FA112AAC3404491B93F8B147
2744netlimiter-5.3.19.0.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_2744\backgroundimage
MD5:A0EFB0E7B9CEE25B09E09A1A64E96BA6
SHA256:F044F542BC46464054084C63596877F06C6E2C215C0E954C4ACE9787CED82787
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
8
DNS requests
6
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1296
svchost.exe
GET
200
2.16.164.99:80
http://www.msftconnecttest.com/connecttest.txt
unknown
whitelisted
2744
netlimiter-5.3.19.0.exe
GET
200
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?66df4bcf04ca7ff6
unknown
whitelisted
2744
netlimiter-5.3.19.0.exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
whitelisted
2744
netlimiter-5.3.19.0.exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDEX685ZejurnNJyDZQ%3D%3D
unknown
whitelisted
2380
NLSvc.exe
GET
200
151.101.194.133:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
whitelisted
2380
NLSvc.exe
GET
200
151.101.194.133:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDEX685ZejurnNJyDZQ%3D%3D
unknown
whitelisted
2860
svchost.exe
GET
304
2.22.50.144:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?32d22768d7b6597c
unknown
whitelisted
2860
svchost.exe
GET
200
2.22.50.144:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?3a456b18a040042f
unknown
whitelisted
2860
svchost.exe
GET
200
2.22.50.144:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?3c7486c98ac9b237
unknown
whitelisted
2860
svchost.exe
GET
200
2.22.50.144:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?fd9bfe37cacffe13
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1296
svchost.exe
2.16.164.99:80
Akamai International B.V.
NL
unknown
2744
netlimiter-5.3.19.0.exe
199.232.210.172:80
ctldl.windowsupdate.com
FASTLY
US
whitelisted
5060
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2744
netlimiter-5.3.19.0.exe
151.101.2.133:80
ocsp.globalsign.com
FASTLY
US
whitelisted
2380
NLSvc.exe
151.101.194.133:80
ocsp.globalsign.com
FASTLY
US
whitelisted
4
System
192.168.100.255:137
whitelisted
2860
svchost.exe
2.22.50.144:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.238
whitelisted
ctldl.windowsupdate.com
  • 199.232.210.172
  • 199.232.214.172
  • 2.22.50.144
  • 2.22.50.131
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
ocsp.globalsign.com
  • 151.101.2.133
  • 151.101.66.133
  • 151.101.194.133
  • 151.101.130.133
whitelisted

Threats

PID
Process
Class
Message
1296
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
netlimiter-5.3.19.0.exe