File name:

PuntoSwitcherSetup.exe

Full analysis: https://app.any.run/tasks/db34ebe0-7db9-4824-8a69-85609ba41410
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: December 14, 2024, 06:38:41
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

4D117942431A29406CBD484BB348ED6E

SHA1:

B2A481BB6E6887546651CFA392708D2D35F5660B

SHA256:

A3928FD3924B4582DEE1987170E3B5619E3473ED5241602BFE65040206D3A7C8

SSDEEP:

98304:/fzBpPm6eZsRyOvgrQkvIqx2wgDEFx6GetZxxNcrIrX5sVqf4bgzjFyaWWu8d65G:DeGKnKveM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Steals credentials from Web Browsers

      • punto.exe (PID: 556)

    • Actions looks like stealing of personal data

      • punto.exe (PID: 556)

  • SUSPICIOUS

    • Checks Windows Trust Settings

      • PuntoSwitcherSetup.exe (PID: 6404)
      • msiexec.exe (PID: 6600)
      • punto.exe (PID: 4764)

    • Reads security settings of Internet Explorer

      • PuntoSwitcherSetup.exe (PID: 6404)
      • msiexec.exe (PID: 6212)
      • ielowutil.exe (PID: 3732)
      • msiexec.exe (PID: 3524)
      • punto.exe (PID: 556)
      • punto.exe (PID: 4764)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6600)

  • INFO

    • Checks supported languages

      • PuntoSwitcherSetup.exe (PID: 6404)
      • msiexec.exe (PID: 6212)
      • punto.exe (PID: 556)
      • punto.exe (PID: 6232)
      • msiexec.exe (PID: 6600)
      • downloader.exe (PID: 3736)
      • identity_helper.exe (PID: 7356)
      • ielowutil.exe (PID: 3732)
      • msiexec.exe (PID: 3524)
      • punto.exe (PID: 4764)

    • Reads the machine GUID from the registry

      • PuntoSwitcherSetup.exe (PID: 6404)
      • msiexec.exe (PID: 6600)
      • punto.exe (PID: 4764)

    • Reads the computer name

      • PuntoSwitcherSetup.exe (PID: 6404)
      • msiexec.exe (PID: 6212)
      • punto.exe (PID: 6232)
      • punto.exe (PID: 556)
      • downloader.exe (PID: 3736)
      • msiexec.exe (PID: 3524)
      • punto.exe (PID: 4764)
      • ielowutil.exe (PID: 3732)
      • identity_helper.exe (PID: 7356)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6600)

    • Reads the software policy settings

      • msiexec.exe (PID: 6600)
      • PuntoSwitcherSetup.exe (PID: 6404)
      • punto.exe (PID: 4764)

    • Drops encrypted VBS script (Microsoft Script Encoder)

      • PuntoSwitcherSetup.exe (PID: 6404)

    • Create files in a temporary directory

      • PuntoSwitcherSetup.exe (PID: 6404)
      • msiexec.exe (PID: 6600)
      • downloader.exe (PID: 3736)

    • The sample compiled with english language support

      • PuntoSwitcherSetup.exe (PID: 6404)

    • Creates files or folders in the user directory

      • punto.exe (PID: 556)
      • msiexec.exe (PID: 6600)
      • punto.exe (PID: 6232)
      • punto.exe (PID: 4764)

    • The sample compiled with russian language support

      • msiexec.exe (PID: 6600)

    • Creates files in the program directory

      • punto.exe (PID: 556)

    • Process checks computer location settings

      • msiexec.exe (PID: 6212)

    • Checks proxy server information

      • punto.exe (PID: 556)
      • ielowutil.exe (PID: 3732)
      • punto.exe (PID: 4764)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6600)

    • The process uses the downloaded file

      • msiexec.exe (PID: 6212)

    • Process checks whether UAC notifications are on

      • punto.exe (PID: 556)
      • punto.exe (PID: 4764)

    • Application launched itself

      • msedge.exe (PID: 4512)
      • msedge.exe (PID: 7716)

    • Reads Environment values

      • identity_helper.exe (PID: 7356)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 5460)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (56.1)
.scr | Windows screen saver (26.6)
.exe | Win32 Executable (generic) (9.1)
.exe | Generic Win/DOS Executable (4)
.exe | DOS Executable Generic (4)

EXIF

EXE

ProductVersion: 4, 5, 0, 583
ProductName: Punto Switcher
OriginalFileName: setup.exe
LegalCopyright: Copyright (c) 2008-2023 Yandex LLC. All rights reserved.
InternalName: setup
FileVersion: 4, 5, 0, 583
FileDescription: Software Installer
CompanyName: Yandex LLC
CharacterSet: Windows, Latin1
LanguageCode: English (U.S.)
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 4.5.0.583
FileVersionNumber: 4.5.0.583
Subsystem: Windows GUI
SubsystemVersion: 6
ImageVersion: -
OSVersion: 6
EntryPoint: 0x3866
UninitializedDataSize: -
InitializedDataSize: 4834304
CodeSize: 72192
LinkerVersion: 14.16
PEType: PE32
ImageFileCharacteristics: No relocs, Executable, 32-bit
TimeStamp: 2024:07:22 17:25:26+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
184
Monitored processes
46
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start puntoswitchersetup.exe no specs msiexec.exe msiexec.exe no specs punto.exe no specs punto.exe ielowutil.exe no specs punto.exe msiexec.exe no specs msedge.exe downloader.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs tiworker.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6404"C:\Users\admin\AppData\Local\Temp\PuntoSwitcherSetup.exe" C:\Users\admin\AppData\Local\Temp\PuntoSwitcherSetup.exeexplorer.exe
User:
admin
Company:
Yandex LLC
Integrity Level:
MEDIUM
Description:
Software Installer
Exit code:
0
Version:
4, 5, 0, 583
Modules
Images
c:\users\admin\appdata\local\temp\puntoswitchersetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6600C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\coml2.dll
c:\windows\system32\wldp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
6212C:\Windows\syswow64\MsiExec.exe -Embedding 8562924F88836F53DA036B55E8B1CB6DC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6232"C:\Users\admin\AppData\Local\Yandex\Punto Switcher\punto.exe" /import_old_settingsC:\Users\admin\AppData\Local\Yandex\Punto Switcher\punto.exemsiexec.exe
User:
admin
Company:
ООО Яндекс
Integrity Level:
MEDIUM
Description:
Punto Switcher
Exit code:
0
Version:
4, 5, 0, 583
Modules
Images
c:\users\admin\appdata\local\yandex\punto switcher\punto.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
556"C:\Users\admin\AppData\Local\Yandex\Punto Switcher\punto.exe" -InstallC:\Users\admin\AppData\Local\Yandex\Punto Switcher\punto.exe
msiexec.exe
User:
admin
Company:
ООО Яндекс
Integrity Level:
MEDIUM
Description:
Punto Switcher
Exit code:
0
Version:
4, 5, 0, 583
Modules
Images
c:\users\admin\appdata\local\yandex\punto switcher\punto.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
3732"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -PID:123C:\Program Files (x86)\Internet Explorer\ielowutil.exepunto.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Low-Mic Utility Tool
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\program files (x86)\internet explorer\ielowutil.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
4764"C:\Users\admin\AppData\Local\Yandex\Punto Switcher\punto.exe"C:\Users\admin\AppData\Local\Yandex\Punto Switcher\punto.exe
PuntoSwitcherSetup.exe
User:
admin
Company:
ООО Яндекс
Integrity Level:
MEDIUM
Description:
Punto Switcher
Exit code:
0
Version:
4, 5, 0, 583
Modules
Images
c:\users\admin\appdata\local\yandex\punto switcher\punto.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3524C:\Windows\syswow64\MsiExec.exe -Embedding 1186D17E8B378D7D7F151D7C374A29B2 CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.ru/soft/punto/win/release/C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3736"C:\Users\admin\AppData\Local\Temp\downloader.exe" --partner 129902 --noaction 1C:\Users\admin\AppData\Local\Temp\downloader.exe
PuntoSwitcherSetup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup Downloader
Exit code:
0
Version:
0.1.0.33
Modules
Images
c:\users\admin\appdata\local\temp\downloader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
19 953
Read events
19 772
Write events
177
Delete events
4

Modification events

(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:writeName:C:\Config.Msi\
Value:
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:C:\Config.Msi\137ef8.rbs
Value:
31149554
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:writeName:C:\Config.Msi\137ef8.rbsLow
Value:
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:writeName:C:\Users\admin\AppData\Roaming\Microsoft\Installer\
Value:
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\0EB65B28F746F22489558C97A802F4D5
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Sounds\replace.wav
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\FD1B745C1C44675498CA5319E50C0BC6
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Sounds\switch.wav
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\6F7907EBFB0627C4988652E0A3F37F47
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Sounds\typerus.wav
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\2C6EBDADB44577548B55E175A85296B5
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Sounds\typeeng.wav
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\28B47E67E2E0C5E43BCFB3C12312047F
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Sounds\reverse.wav
(PID) Process:(6600) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1693682860-607145093-2874071422-1001\Components\E3684C7B0124D3C4A88B43FE91FD1B4D
Operation:writeName:FBF237BEA1ABFC64082F71B6B3E7DA37
Value:
C:\Users\admin\AppData\Local\Yandex\Punto Switcher\Sounds\misprint.wav
Executable files
15
Suspicious files
189
Text files
103
Unknown types
11

Dropped files

PID
Process
Filename
Type
6404PuntoSwitcherSetup.exeC:\Users\admin\AppData\Local\Temp\{EB732FBF-BA1A-46CF-80F2-176B3B7EAD73}\PuntoSwitcher.msi
MD5:
SHA256:
6600msiexec.exeC:\Windows\Installer\137ef7.msi
MD5:
SHA256:
6600msiexec.exeC:\Windows\Installer\MSI8205.tmpbinary
MD5:0E28E954489853AF34666DFAB97932CA
SHA256:A1B6FA7FCFD9B694113FD1A1422A021F303A02FC81A462DFD99A257F944BE690
6600msiexec.exeC:\Windows\Temp\~DFAD8B38C4194A95A6.TMPbinary
MD5:4B4B07EB33227AE901BACEF8BC5418FB
SHA256:C2AC5D35EDB1078255400B9FDC692135EF21044FA96FE42B88A7D195C910EC07
6600msiexec.exeC:\Users\admin\AppData\Local\Yandex\Punto Switcher\Data\default-conf.jsonbinary
MD5:6E286DAF14C5655C12AA0749FCBFAA42
SHA256:CFC6728F54A4C41127D018B38275312FE247E1C1A26A72B7672CC5FD7396A0ED
6600msiexec.exeC:\Users\admin\AppData\Local\Yandex\Punto Switcher\Images\bg.pngimage
MD5:871FCD2BDEE49DC403C4EEDD868C1E7B
SHA256:93D042EE114DA44D0703D66808C1B6F91E36D645F4A9F32C1480CA2B5FD83B5B
6600msiexec.exeC:\Users\admin\AppData\Local\Yandex\Punto Switcher\Images\_punto.csstext
MD5:8D59B2A38A6B4DCD9848EE94239B3A0B
SHA256:EE3BC3C864EB85C0D1C61C2544D31FCF0DFB1B214FB62C7F4920468C09575683
6404PuntoSwitcherSetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7der
MD5:031F37671033B68E14B2F2CBA38CD285
SHA256:3AD2197FD97BEBC28A039B71ABBCD84181FD0855800F4D7126417B3B5FCA69FE
6600msiexec.exeC:\Windows\Installer\MSI812A.tmpexecutable
MD5:6F063931E1F0C939722E80D7B0BA03A9
SHA256:B0C8FD21AED6FAEB1168BB8B722E586A52F9E8468B4675B9DD33FCD779DB720B
6600msiexec.exeC:\Users\admin\AppData\Local\Yandex\Punto Switcher\diary.dllexecutable
MD5:997C08AD4F2A6BF309CD5AE7BE17273D
SHA256:3CF3BB98C1401E5E0DA677BB8CB0769E0E5B1AEA37F94667F4E770B2E560D1A2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
104
DNS requests
69
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4764
punto.exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/rootr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHUeP1PjGFkz6V8I7O6tApc%3D
unknown
whitelisted
6468
svchost.exe
HEAD
200
87.250.254.20:80
http://soft.export.yandex.ru/status.xml?yasoft=punto&clid=1551207&ui={D530A3F2-59A5-40AF-BF4E-75F5A476F48E}&ver=4.5.0.583&os=win&stat=install&ga_amg=0&ga_ch=0&ga_edge=0&ga_ff=0&ga_ie=0&ga_op=0&ga_op64=0&ga_opch=0&ga_yb=0&launchesAsAdmin=0&os=win10x64&osver=win10x64&usesAutocorrection=0&usesDiary=0&uv=1.2.0.1831&yb_installed=0&fd=14.12.2024
unknown
whitelisted
GET
200
23.38.73.129:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
151.101.130.133:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
whitelisted
GET
200
151.101.130.133:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDG8SbJzCh95FjOiQ9g%3D%3D
unknown
whitelisted
4764
punto.exe
GET
200
151.101.2.133:80
http://ocsp2.globalsign.com/rootr5/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQiD0S5cIHyfrLTJ1fvAkJWflH%2B2QQUPeYpSJvqB8ohREom3m7e0oPQn1kCDQHuXyKVQkkF%2BQGRqNw%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
2.20.245.138:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6468
svchost.exe
GET
200
87.250.254.20:80
http://soft.export.yandex.ru/status.xml?yasoft=punto&clid=1551207&ui={D530A3F2-59A5-40AF-BF4E-75F5A476F48E}&ver=4.5.0.583&os=win&stat=install&ga_amg=0&ga_ch=0&ga_edge=0&ga_ff=0&ga_ie=0&ga_op=0&ga_op64=0&ga_opch=0&ga_yb=0&launchesAsAdmin=0&os=win10x64&osver=win10x64&usesAutocorrection=0&usesDiary=0&uv=1.2.0.1831&yb_installed=0&fd=14.12.2024
unknown
whitelisted
4764
punto.exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/gseccovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSTMjK03nNiYoQYvu4Izyfn9OJNdAQUWHuOdSr%2BYYCqkEABrtboB0ZuP0gCDFbWRMX7bU28xi73zw%3D%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
2.20.245.138:80
crl.microsoft.com
Akamai International B.V.
SE
whitelisted
23.38.73.129:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2.19.80.89:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
151.101.130.133:80
ocsp.globalsign.com
FASTLY
US
whitelisted
40.126.32.133:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
184.30.17.189:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 20.73.194.208
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 2.20.245.138
  • 2.20.245.137
whitelisted
www.microsoft.com
  • 23.38.73.129
whitelisted
google.com
  • 216.58.206.46
whitelisted
www.bing.com
  • 2.19.80.89
  • 2.19.80.27
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ocsp.globalsign.com
  • 151.101.130.133
  • 151.101.66.133
  • 151.101.194.133
  • 151.101.2.133
whitelisted
login.live.com
  • 40.126.32.133
  • 40.126.32.140
  • 40.126.32.138
  • 40.126.32.68
  • 20.190.160.14
  • 40.126.32.134
  • 40.126.32.136
  • 20.190.160.20
  • 40.126.32.72
  • 20.190.160.22
  • 40.126.32.76
  • 40.126.32.74
  • 20.190.160.17
whitelisted
go.microsoft.com
  • 184.30.17.189
whitelisted
soft.export.yandex.ru
  • 87.250.254.20
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
PuntoSwitcherSetup.exe