Malware analysis NovaLauncher_799f7cb55e4623e595d77c7868507cdc (1).msi Malicious activity

Add for printing

File name:	NovaLauncher_799f7cb55e4623e595d77c7868507cdc (1).msi
Full analysis:	https://app.any.run/tasks/4e856247-77be-49d3-b77c-c422bd82acb3
Verdict:	Malicious activity
Analysis date:	October 26, 2024, 13:01:43
OS:	Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME:	application/x-msi
File info:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 07:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: x64;1033, Number of Pages: 200, Revision Number: {576A935F-28CF-4854-9622-CCB19E1F8456}, Subject: Installation helper for Nova Launcher, Author: Project Nova, Number of Words: 2, Last Saved Time/Date: Fri Sep 27 19:07:37 2024, Last Printed: Fri Sep 27 19:07:37 2024
MD5:	799F7CB55E4623E595D77C7868507CDC
SHA1:	6A27BFBBE4869792162B9232AC2FEE688CCC1BC1
SHA256:	9A628183A7D928A848E57F1B64E26E427DD4E3A841AB760A4C275EF1BDAC6D43
SSDEEP:	98304:giRM4yFS7YCkIMPwJH/YCi4IqwWbLcvWVVUfRMfhH4AtxJriC2/s0Fqo2U7uv2wj:FQalcNELAMNb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Process drops legitimate windows executable
  - msiexec.exe (PID: 6028)
  - msiexec.exe (PID: 4548)
  - windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 9160)
  - windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 9184)
  - windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 8196)
  - NovaLauncher.Web.exe (PID: 7496)
- Executes as Windows Service
  - VSSVC.exe (PID: 5036)
- Executable content was dropped or overwritten
  - windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 9160)
  - windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 9184)
  - windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 8196)
  - NovaLauncher.Web.exe (PID: 7496)
- Starts a Microsoft application from unusual location
  - windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 9184)
  - windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 8196)
- The process drops C-runtime libraries
  - msiexec.exe (PID: 4548)
- Starts itself from another location
  - windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 9184)
INFO
- Creates files or folders in the user directory
  - msiexec.exe (PID: 6028)
- Reads security settings of Internet Explorer
  - msiexec.exe (PID: 6028)
- Checks supported languages
  - msiexec.exe (PID: 6256)
  - msiexec.exe (PID: 4548)
- Reads the software policy settings
  - msiexec.exe (PID: 6028)
- Executable content was dropped or overwritten
  - msiexec.exe (PID: 6028)
  - msiexec.exe (PID: 4548)
  - msedge.exe (PID: 6400)
  - msedge.exe (PID: 8380)
  - firefox.exe (PID: 8784)
- Checks proxy server information
  - msiexec.exe (PID: 6028)
- Manages system restore points
  - SrTasks.exe (PID: 7056)
- Reads the computer name
  - msiexec.exe (PID: 6256)
  - msiexec.exe (PID: 4548)
- Manual execution by a user
  - NovaLauncher.Web.exe (PID: 1344)
  - windowsdesktop-runtime-8.0.10-win-x64.exe (PID: 9160)
  - Taskmgr.exe (PID: 8736)
  - Taskmgr.exe (PID: 8788)
  - firefox.exe (PID: 8760)
  - NovaLauncher.Web.exe (PID: 7496)
- Application launched itself
  - msedge.exe (PID: 6400)
  - firefox.exe (PID: 8760)
  - firefox.exe (PID: 8784)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.msi	\|	Microsoft Windows Installer (90.2)
.msp	\|	Windows Installer Patch (8.4)
.msi	\|	Microsoft Installer (100)

EXIF

FlashPix

CreateDate:	1999:06:21 07:00:00
Software:	Windows Installer
Security:	Password protected
CodePage:	Windows Latin 1 (Western European)
Template:	x64;1033
Pages:	200
RevisionNumber:	{576A935F-28CF-4854-9622-CCB19E1F8456}
Title:	-
Subject:	Installation helper for Nova Launcher
Author:	Project Nova
Keywords:	-
Comments:	-
Words:	2
ModifyDate:	2024:09:27 19:07:37
LastPrinted:	2024:09:27 19:07:37

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

233

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

824

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2936 -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 2924 -prefsLen 31121 -prefMapSize 244343 -jsInitHandle 1512 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f103451-6ddc-4a68-80dd-15b4f6a0b7ae} 8784 "\\.\pipe\gecko-crash-server-pipe.8784" 20a35a29150 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Version:

123.0

1028

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20240213221259 -prefsHandle 2260 -prefMapHandle 2256 -prefsLen 30705 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d74c5b0d-e5ec-4327-9128-c5fdf07116e4} 8784 "\\.\pipe\gecko-crash-server-pipe.8784" 20a23780b10 socket

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Version:

123.0

1172

\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

—

SrTasks.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Console Window Host

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1344

"C:\Program Files\Project Nova\Nova Launcher\NovaLauncher.Web.exe"

C:\Program Files\Project Nova\Nova Launcher\NovaLauncher.Web.exe

—

explorer.exe

User:

admin

Company:

Project Nova LLC

Integrity Level:

MEDIUM

Description:

Nova

Exit code:

2147516547

Version:

1.0.1.7

1376

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2276 --field-trial-handle=2228,i,6308161779775037675,11686130439210291751,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Version:

122.0.2365.59

2088

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1904 -parentBuildID 20240213221259 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 30705 -prefMapSize 244343 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02ba4cd1-3f5f-4142-ba7d-7a80cd1b1a8c} 8784 "\\.\pipe\gecko-crash-server-pipe.8784" 20a302e4410 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Version:

123.0

2272

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5880 -childID 3 -isForBrowser -prefsHandle 5836 -prefMapHandle 5600 -prefsLen 31161 -prefMapSize 244343 -jsInitHandle 1512 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e33d8ee9-3d67-40e0-84f8-05e526150b9d} 8784 "\\.\pipe\gecko-crash-server-pipe.8784" 20a3acfe850 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Version:

123.0

2464

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6336 --field-trial-handle=2228,i,6308161779775037675,11686130439210291751,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

3104

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7544 --field-trial-handle=2228,i,6308161779775037675,11686130439210291751,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

3740

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x31c,0x320,0x324,0x314,0x32c,0x7ffbc97c5fd8,0x7ffbc97c5fe4,0x7ffbc97c5ff0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Version:

122.0.2365.59

Add for printing

Total events

8 974

Read events

8 820

Write events

145

Delete events

Modification events


(PID) Process:	(4548) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:	write	Name:	SrCreateRp (Enter)
Value: 4800000000000000C720A83DA727DB01C4110000D0150000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(4548) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:	write	Name:	SppGetSnapshots (Enter)
Value: 48000000000000005984AA3DA727DB01C4110000D0150000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(4548) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:	write	Name:	SppGetSnapshots (Leave)
Value: 4800000000000000B479E83DA727DB01C4110000D0150000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(4548) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:	write	Name:	SppEnumGroups (Enter)
Value: 4800000000000000B479E83DA727DB01C4110000D0150000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(4548) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:	write	Name:	SppEnumGroups (Leave)
Value: 48000000000000004CDDEA3DA727DB01C4110000D0150000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(4548) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:	write	Name:	SppCreate (Enter)
Value: 48000000000000007F41ED3DA727DB01C4110000D0150000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(4548) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:	write	Name:	LastIndex
Value: 11
(PID) Process:	(4548) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:	write	Name:	SppGatherWriterMetadata (Enter)
Value: 480000000000000050C9533EA727DB01C4110000D0150000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(4548) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:	write	Name:	IDENTIFY (Enter)
Value: 4800000000000000AA2C563EA727DB01C4110000B4030000E8030000010000000000000000000000E309B6308AD9E741B78C3DD89B95C9B400000000000000000000000000000000
(PID) Process:	(5036) VSSVC.exe	Key:	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:	write	Name:	IDENTIFY (Enter)
Value: 480000000000000096A85F3EA727DB01AC130000F01A0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000

Add for printing

Executable files

502

Suspicious files

629

Text files

161

Unknown types

Dropped files

PID	Process	Filename		Type
4548	msiexec.exe	C:\System Volume Information\SPP\metadata-2		—
		MD5:—	SHA256:—
4548	msiexec.exe	C:\Windows\Installer\912ef.msi		—
		MD5:—	SHA256:—
4548	msiexec.exe	C:\Windows\Installer\912f1.msi		—
		MD5:—	SHA256:—
6028	msiexec.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FE17BEC2A573BC9AE36869D0274FFA19_6DA81F04C5F9EAD2CD0268808FCE61E1		der
		MD5:7E5E9912DE7A985FF6257B5E3005DE2C	SHA256:EC0BDEA0FCC54BE0A302CAC5A2513186CCD5A9E1BD9DE7C8DD81CE1773141571
4548	msiexec.exe	C:\Program Files\Project Nova\Nova Launcher\Nova.ico		image
		MD5:A822520B46E3A5360F5D662E0C6A88CD	SHA256:E0F42A0448846149D60407DBBD65714C7F76A79353A4830D208F127CBEF84FBA
4548	msiexec.exe	C:\Windows\Temp\~DF239D1C4891266221.TMP		binary
		MD5:BF619EAC0CDF3F68D496EA9344137E8B	SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
4548	msiexec.exe	C:\Windows\Installer\MSI163B.tmp		executable
		MD5:B77A2A2768B9CC78A71BBFFB9812B978	SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0
6028	msiexec.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\248DDD9FCF61002E219645695E3FFC98_8161B15032C07B64978FB2EBA40D052B		der
		MD5:1043B6DB11243E797C79FC7FC98127F2	SHA256:79B5D21245E9D72B766C032E3730205E226A9095C6222D9501260683E1720556
4548	msiexec.exe	C:\Windows\Installer\inprogressinstallinfo.ipi		binary
		MD5:15FFC6560FA9CC83CF26B97EE807F9B8	SHA256:B3A07DBD3D375B0B8CE92629E2C2A9A5BA1A2C6D5C3DE4E3B662F21B73E9602F
6028	msiexec.exe	C:\Users\admin\AppData\Local\Temp\MSIBA6F.tmp		executable
		MD5:B77A2A2768B9CC78A71BBFFB9812B978	SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

181

DNS requests

232

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
6028	msiexec.exe	GET	200	100.24.223.135:80	http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQg3SSkKA74hABkhmlBtJTz8w3hlAQU%2BWC71OPVNPa49QaAJadz20ZpqJ4CEEJLalPOx2YUHCpjsaUcQQQ%3D	unknown	—	—	whitelisted
6028	msiexec.exe	GET	200	100.24.223.135:80	http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSoEwb5tith0jIBy9frSyNGB1lsAAQUNr1J%2FzEs669qQP6ZwBbtuvxI3V8CEETYGZ8pxUPDiS64gDyQEZM%3D	unknown	—	—	whitelisted
—	—	GET	200	23.35.229.160:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
—	—	GET	200	23.48.23.156:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
—	—	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D	unknown	—	—	whitelisted
—	—	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
—	—	GET	200	23.35.229.160:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted
—	—	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D	unknown	—	—	whitelisted
—	—	GET	200	23.35.229.160:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
—	—	HEAD	200	184.24.77.30:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a081ba6e-045a-42ea-b073-95dd0653279b?P1=1730343534&P2=404&P3=2&P4=fvVsq%2bV0XGDuv8d%2fFNQwWT3zNMPFY5I%2bo9tWiC0MwdhD%2fMsSJv0lHdzvPu2kRCgmmQpIqqjlCtOiEBpqVoGiUg%3d%3d	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	192.168.100.255:137	—	—	—	whitelisted
6944	svchost.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
5488	MoUsoCoreWorker.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
3396	RUXIMICS.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
6028	msiexec.exe	100.24.223.135:80	ocsps.ssl.com	AMAZON-AES	US	whitelisted
6944	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
—	—	23.48.23.156:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
—	—	23.35.229.160:80	www.microsoft.com	AKAMAI-AS	DE	whitelisted
—	—	92.123.104.31:443	www.bing.com	Akamai International B.V.	DE	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	20.73.194.208 51.124.78.146 51.104.136.2 40.127.240.158	whitelisted
google.com	142.250.185.206	whitelisted
ocsps.ssl.com	100.24.223.135 34.237.184.165 52.6.97.148	whitelisted
crl.microsoft.com	23.48.23.156 23.48.23.143 23.48.23.176 23.48.23.177 23.48.23.166 23.48.23.173 23.48.23.194 23.48.23.141 2.16.164.49 2.16.164.9	whitelisted
www.microsoft.com	23.35.229.160 88.221.169.152	whitelisted
www.bing.com	92.123.104.31 92.123.104.32 92.123.104.34 92.123.104.19 92.123.104.47 92.123.104.28 92.123.104.11 92.123.104.33 92.123.104.59 92.123.104.44 92.123.104.38 92.123.104.40	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
login.live.com	40.126.31.69 40.126.31.67 20.190.159.75 20.190.159.23 20.190.159.68 20.190.159.2 20.190.159.64 20.190.159.0	whitelisted
th.bing.com	92.123.104.34 92.123.104.11 92.123.104.32 92.123.104.33 92.123.104.19 92.123.104.40 92.123.104.44 92.123.104.31 92.123.104.28	whitelisted
go.microsoft.com	23.213.166.81	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

NovaLauncher_799f7cb55e4623e595d77c7868507cdc (1).msi

799F7CB55E4623E595D77C7868507CDC

6A27BFBBE4869792162B9232AC2FEE688CCC1BC1

9A628183A7D928A848E57F1B64E26E427DD4E3A841AB760A4C275EF1BDAC6D43

98304:giRM4yFS7YCkIMPwJH/YCi4IqwWbLcvWVVUfRMfhH4AtxJriC2/s0Fqo2U7uv2wj:FQalcNELAMNb

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Process drops legitimate windows executable

Executes as Windows Service

Executable content was dropped or overwritten

Starts a Microsoft application from unusual location

The process drops C-runtime libraries

Starts itself from another location

INFO

Creates files or folders in the user directory

Reads security settings of Internet Explorer

Checks supported languages

Reads the software policy settings

Executable content was dropped or overwritten

Checks proxy server information

Manages system restore points

Reads the computer name

Manual execution by a user

Application launched itself

Malware configuration

Static information

TRiD

EXIF

FlashPix

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Modules

Information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings