File name:

PuntoSwitcherSetup.exe

Full analysis: https://app.any.run/tasks/db34ebe0-7db9-4824-8a69-85609ba41410
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: December 14, 2024, 06:38:41
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

4D117942431A29406CBD484BB348ED6E

SHA1:

B2A481BB6E6887546651CFA392708D2D35F5660B

SHA256:

A3928FD3924B4582DEE1987170E3B5619E3473ED5241602BFE65040206D3A7C8

SSDEEP:

98304:/fzBpPm6eZsRyOvgrQkvIqx2wgDEFx6GetZxxNcrIrX5sVqf4bgzjFyaWWu8d65G:DeGKnKveM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • punto.exe (PID: 556)

    • Steals credentials from Web Browsers

      • punto.exe (PID: 556)

  • SUSPICIOUS

    • Checks Windows Trust Settings

      • PuntoSwitcherSetup.exe (PID: 6404)
      • msiexec.exe (PID: 6600)
      • punto.exe (PID: 4764)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6600)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 6212)
      • ielowutil.exe (PID: 3732)
      • punto.exe (PID: 556)
      • msiexec.exe (PID: 3524)
      • punto.exe (PID: 4764)
      • PuntoSwitcherSetup.exe (PID: 6404)

  • INFO

    • The sample compiled with english language support

      • PuntoSwitcherSetup.exe (PID: 6404)

    • Checks supported languages

      • PuntoSwitcherSetup.exe (PID: 6404)
      • msiexec.exe (PID: 6600)
      • msiexec.exe (PID: 6212)
      • punto.exe (PID: 6232)
      • punto.exe (PID: 556)
      • ielowutil.exe (PID: 3732)
      • punto.exe (PID: 4764)
      • msiexec.exe (PID: 3524)
      • downloader.exe (PID: 3736)
      • identity_helper.exe (PID: 7356)

    • Drops encrypted VBS script (Microsoft Script Encoder)

      • PuntoSwitcherSetup.exe (PID: 6404)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 6600)
      • PuntoSwitcherSetup.exe (PID: 6404)
      • punto.exe (PID: 4764)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6600)

    • Reads the software policy settings

      • PuntoSwitcherSetup.exe (PID: 6404)
      • msiexec.exe (PID: 6600)
      • punto.exe (PID: 4764)

    • Reads the computer name

      • msiexec.exe (PID: 6212)
      • punto.exe (PID: 6232)
      • punto.exe (PID: 556)
      • ielowutil.exe (PID: 3732)
      • msiexec.exe (PID: 3524)
      • punto.exe (PID: 4764)
      • downloader.exe (PID: 3736)
      • identity_helper.exe (PID: 7356)
      • PuntoSwitcherSetup.exe (PID: 6404)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 6600)
      • punto.exe (PID: 6232)
      • punto.exe (PID: 556)
      • punto.exe (PID: 4764)

    • Create files in a temporary directory

      • msiexec.exe (PID: 6600)
      • downloader.exe (PID: 3736)
      • PuntoSwitcherSetup.exe (PID: 6404)

    • The sample compiled with russian language support

      • msiexec.exe (PID: 6600)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6600)

    • The process uses the downloaded file

      • msiexec.exe (PID: 6212)

    • Creates files in the program directory

      • punto.exe (PID: 556)

    • Process checks computer location settings

      • msiexec.exe (PID: 6212)

    • Checks proxy server information

      • punto.exe (PID: 556)
      • ielowutil.exe (PID: 3732)
      • punto.exe (PID: 4764)

    • Process checks whether UAC notifications are on

      • punto.exe (PID: 556)
      • punto.exe (PID: 4764)

    • Application launched itself

      • msedge.exe (PID: 4512)
      • msedge.exe (PID: 7716)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 5460)

    • Reads Environment values

      • identity_helper.exe (PID: 7356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (56.1)
.scr | Windows screen saver (26.6)
.exe | Win32 Executable (generic) (9.1)
.exe | Generic Win/DOS Executable (4)
.exe | DOS Executable Generic (4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:07:22 17:25:26+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 72192
InitializedDataSize: 4834304
UninitializedDataSize: -
EntryPoint: 0x3866
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 4.5.0.583
ProductVersionNumber: 4.5.0.583
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Yandex LLC
FileDescription: Software Installer
FileVersion: 4, 5, 0, 583
InternalName: setup
LegalCopyright: Copyright (c) 2008-2023 Yandex LLC. All rights reserved.
OriginalFileName: setup.exe
ProductName: Punto Switcher
ProductVersion: 4, 5, 0, 583
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
184
Monitored processes
46
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start puntoswitchersetup.exe no specs msiexec.exe msiexec.exe no specs punto.exe no specs punto.exe ielowutil.exe no specs punto.exe msiexec.exe no specs msedge.exe downloader.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs tiworker.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
372"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4924 --field-trial-handle=2440,i,8622870124365219005,17567842659253275932,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
556"C:\Users\admin\AppData\Local\Yandex\Punto Switcher\punto.exe" -InstallC:\Users\admin\AppData\Local\Yandex\Punto Switcher\punto.exe
msiexec.exe
User:
admin
Company:
ООО Яндекс
Integrity Level:
MEDIUM
Description:
Punto Switcher
Exit code:
0
Version:
4, 5, 0, 583
Modules
Images
c:\users\admin\appdata\local\yandex\punto switcher\punto.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
1988"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3280 --field-trial-handle=2376,i,6782174478377498168,8177473797552442959,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2796"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5092 --field-trial-handle=2440,i,8622870124365219005,17567842659253275932,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2940"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4088 --field-trial-handle=2376,i,6782174478377498168,8177473797552442959,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3524C:\Windows\syswow64\MsiExec.exe -Embedding 1186D17E8B378D7D7F151D7C374A29B2 CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3732"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -PID:123C:\Program Files (x86)\Internet Explorer\ielowutil.exepunto.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Low-Mic Utility Tool
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\program files (x86)\internet explorer\ielowutil.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
3736"C:\Users\admin\AppData\Local\Temp\downloader.exe" --partner 129902 --noaction 1C:\Users\admin\AppData\Local\Temp\downloader.exe
PuntoSwitcherSetup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup Downloader
Exit code:
0
Version:
0.1.0.33
Modules
Images
c:\users\admin\appdata\local\temp\downloader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4300"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x300,0x304,0x308,0x2f8,0x310,0x7ff820d05fd8,0x7ff820d05fe4,0x7ff820d05ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.ru/soft/punto/win/release/C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
19 953
Read events
19 772
Write events
177
Delete events
4

Modification events

(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\0EB65B28F746F22489558C97A802F4D5
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Sounds\replace.wav
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\7BDCBD12600FD0449AF8BD70477831FD
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Images\bg.png
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\4A0E778E0A883D1458B7845F3EEE5CE9
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Images\favicon.ico
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\21341E0FEC5FA064FB38B5388C95A03E
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Images\feature.png
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\74A793027AA8E0345A35A3929A3F1F03
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Images\feature-ie.png
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\53D6855D22DC34F41B84F30CC7AE3677
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Images\flag.png
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\3FA40C7CFA670174A9F349F47E1063FB
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Images\icon-mail.png
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\B3CA8E7B631661146BD98528B0C31D16
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Images\icon-services.png
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\F084739D3C79719468E9656750CE4AE7
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Images\keyboard.png
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\39E96F86B1A018D4B8956876597D9C3F
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Images\keyboard-ie.png
Executable files
15
Suspicious files
189
Text files
103
Unknown types
11

Dropped files

PID
Process
Filename
Type
6404PuntoSwitcherSetup.exeC:\Users\admin\AppData\Local\Temp\{EB732FBF-BA1A-46CF-80F2-176B3B7EAD73}\PuntoSwitcher.msi
MD5:
SHA256:
6600msiexec.exeC:\Windows\Installer\137ef7.msi
MD5:
SHA256:
6404PuntoSwitcherSetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554Eder
MD5:047221A98FE7ED353E334113D005FE98
SHA256:7E3DBF100E024B60E536A03B0254CF5893B3D9676C4124BFA0FF9FA5805F4AC7
6404PuntoSwitcherSetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7der
MD5:031F37671033B68E14B2F2CBA38CD285
SHA256:3AD2197FD97BEBC28A039B71ABBCD84181FD0855800F4D7126417B3B5FCA69FE
6600msiexec.exeC:\Windows\Temp\~DFAD8B38C4194A95A6.TMPbinary
MD5:4B4B07EB33227AE901BACEF8BC5418FB
SHA256:C2AC5D35EDB1078255400B9FDC692135EF21044FA96FE42B88A7D195C910EC07
6600msiexec.exeC:\Windows\Installer\MSI8226.tmpexecutable
MD5:A3AE5D86ECF38DB9427359EA37A5F646
SHA256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
6404PuntoSwitcherSetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7binary
MD5:B0D4850D1BC906D0599F9A394A87AD7A
SHA256:09D9B9F2A8441A5DD482116AEE3FE3E5BEBD71377CC085A9B656AFF737DC9ECF
6600msiexec.exeC:\Windows\Installer\MSI812A.tmpexecutable
MD5:6F063931E1F0C939722E80D7B0BA03A9
SHA256:B0C8FD21AED6FAEB1168BB8B722E586A52F9E8468B4675B9DD33FCD779DB720B
6600msiexec.exeC:\Windows\Temp\~DF5B2FC804C193CA18.TMPbinary
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
6600msiexec.exeC:\Windows\Installer\MSI8205.tmpbinary
MD5:0E28E954489853AF34666DFAB97932CA
SHA256:A1B6FA7FCFD9B694113FD1A1422A021F303A02FC81A462DFD99A257F944BE690
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
104
DNS requests
69
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.20.245.138:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
151.101.130.133:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
whitelisted
GET
200
23.38.73.129:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6468
svchost.exe
HEAD
200
87.250.254.20:80
http://soft.export.yandex.ru/status.xml?yasoft=punto&clid=1551207&ui={D530A3F2-59A5-40AF-BF4E-75F5A476F48E}&ver=4.5.0.583&os=win&stat=install&ga_amg=0&ga_ch=0&ga_edge=0&ga_ff=0&ga_ie=0&ga_op=0&ga_op64=0&ga_opch=0&ga_yb=0&launchesAsAdmin=0&os=win10x64&osver=win10x64&usesAutocorrection=0&usesDiary=0&uv=1.2.0.1831&yb_installed=0&fd=14.12.2024
unknown
whitelisted
GET
200
151.101.130.133:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDG8SbJzCh95FjOiQ9g%3D%3D
unknown
whitelisted
4764
punto.exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/rootr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHUeP1PjGFkz6V8I7O6tApc%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6468
svchost.exe
GET
200
87.250.254.20:80
http://soft.export.yandex.ru/status.xml?yasoft=punto&clid=1551207&ui={D530A3F2-59A5-40AF-BF4E-75F5A476F48E}&ver=4.5.0.583&os=win&stat=install&ga_amg=0&ga_ch=0&ga_edge=0&ga_ff=0&ga_ie=0&ga_op=0&ga_op64=0&ga_opch=0&ga_yb=0&launchesAsAdmin=0&os=win10x64&osver=win10x64&usesAutocorrection=0&usesDiary=0&uv=1.2.0.1831&yb_installed=0&fd=14.12.2024
unknown
whitelisted
3736
downloader.exe
GET
200
213.180.204.14:80
http://clck.yandex.ru/click/dtype=stred/pid=12/cid=72435/path=noaction/p=129902/*
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
2.20.245.138:80
crl.microsoft.com
Akamai International B.V.
SE
whitelisted
23.38.73.129:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2.19.80.89:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
151.101.130.133:80
ocsp.globalsign.com
FASTLY
US
whitelisted
40.126.32.133:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
184.30.17.189:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 20.73.194.208
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 2.20.245.138
  • 2.20.245.137
whitelisted
www.microsoft.com
  • 23.38.73.129
whitelisted
google.com
  • 216.58.206.46
whitelisted
www.bing.com
  • 2.19.80.89
  • 2.19.80.27
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ocsp.globalsign.com
  • 151.101.130.133
  • 151.101.66.133
  • 151.101.194.133
  • 151.101.2.133
whitelisted
login.live.com
  • 40.126.32.133
  • 40.126.32.140
  • 40.126.32.138
  • 40.126.32.68
  • 20.190.160.14
  • 40.126.32.134
  • 40.126.32.136
  • 20.190.160.20
  • 40.126.32.72
  • 20.190.160.22
  • 40.126.32.76
  • 40.126.32.74
  • 20.190.160.17
whitelisted
go.microsoft.com
  • 184.30.17.189
whitelisted
soft.export.yandex.ru
  • 87.250.254.20
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PuntoSwitcherSetup.exe