Malware analysis Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe Malicious activity

Add for printing

File name:	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe
Full analysis:	https://app.any.run/tasks/3c0ebeb7-ba20-4c60-bb39-375b3e1dbbfc
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	May 28, 2025, 04:01:47
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	teamviewer rmm-tool loader
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:	83EFA224A3F063FF0532A75C8629DA8E
SHA1:	1C6CB2CC01411A0510901AE8458B81EA20D89A9C
SHA256:	BADA7FBB7BDDDD65858E9491674B9608133EBE7F429F1144794284A3A865B7F8
SSDEEP:	12288:XLVP603RQX2pyf+cnci2N9pKKfyeo+pW1KKRyzE/:bVP60BM2pMUN9keo+c+zE/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Reads security settings of Internet Explorer
  - Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe (PID: 7256)
  - Ninite.exe (PID: 7616)
  - Ninite.exe (PID: 7804)
- Executable content was dropped or overwritten
  - Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe (PID: 7256)
  - Ninite.exe (PID: 7804)
- Application launched itself
  - Ninite.exe (PID: 7616)
- Searches for installed software
  - Ninite.exe (PID: 7804)
- Drops 7-zip archiver for unpacking
  - Ninite.exe (PID: 7804)
- Reads the Windows owner or organization settings
  - msiexec.exe (PID: 2096)
- Process requests binary or script from the Internet
  - Ninite.exe (PID: 7804)
- Potential Corporate Privacy Violation
  - Ninite.exe (PID: 7804)
INFO
- Checks supported languages
  - Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe (PID: 7256)
  - Ninite.exe (PID: 7616)
  - Ninite.exe (PID: 7804)
  - msiexec.exe (PID: 2096)
  - msiexec.exe (PID: 5124)
- Checks proxy server information
  - Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe (PID: 7256)
  - Ninite.exe (PID: 7804)
- The sample compiled with english language support
  - Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe (PID: 7256)
  - Ninite.exe (PID: 7804)
  - msiexec.exe (PID: 2096)
- Reads the computer name
  - Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe (PID: 7256)
  - Ninite.exe (PID: 7616)
  - Ninite.exe (PID: 7804)
  - msiexec.exe (PID: 2096)
  - msiexec.exe (PID: 5124)
- Creates files or folders in the user directory
  - Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe (PID: 7256)
  - Ninite.exe (PID: 7804)
  - msiexec.exe (PID: 2096)
- Reads the machine GUID from the registry
  - Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe (PID: 7256)
  - Ninite.exe (PID: 7804)
  - msiexec.exe (PID: 2096)
- Create files in a temporary directory
  - Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe (PID: 7256)
  - Ninite.exe (PID: 7804)
  - msiexec.exe (PID: 3896)
- Reads the software policy settings
  - Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe (PID: 7256)
  - msiexec.exe (PID: 2096)
  - Ninite.exe (PID: 7804)
- Process checks computer location settings
  - Ninite.exe (PID: 7616)
- TEAMVIEWER has been detected
  - Ninite.exe (PID: 7804)
- Executable content was dropped or overwritten
  - msiexec.exe (PID: 2096)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (76.4)
.exe	\|	Win32 Executable (generic) (12.4)
.exe	\|	Generic Win/DOS Executable (5.5)
.exe	\|	DOS Executable Generic (5.5)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2017:04:12 00:19:47+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14
CodeSize:	233472
InitializedDataSize:	182272
UninitializedDataSize:	-
EntryPoint:	0x1a53a
OSVersion:	5.1
ImageVersion:	-
SubsystemVersion:	5.1
Subsystem:	Windows GUI
FileVersionNumber:	0.1.1.1183
ProductVersionNumber:	0.1.1.1183
FileFlagsMask:	0x0017
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Secure By Design Inc.
FileDescription:	Ninite
FileVersion:	0,1,1,1183
InternalName:	Ninite
LegalCopyright:	Copyright (C) 2009 Secure By Design Inc
OriginalFileName:	-
ProductName:	Ninite
ProductVersion:	0,1,1,1183

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

139

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

2096

C:\WINDOWS\system32\msiexec.exe /V

C:\Windows\System32\msiexec.exe

services.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Windows® installer

Version:

5.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll

3896

msiexec.exe /i "C:\Users\admin\AppData\Local\Temp\81448E~1\GoogleChromeStandaloneEnterprise64.msi" /qn /norestart REBOOT=ReallySuppress ALLUSERS=1 NOGOOGLEUPDATEPING=1 /Le "C:\Users\admin\AppData\Local\Temp\81448E~1\msi_log.txt"

C:\Windows\SysWOW64\msiexec.exe

—

Ninite.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows® installer

Version:

5.0.19041.3636 (WinBuild.160101.0800)

Modules

Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll

5124

C:\Windows\syswow64\MsiExec.exe -Embedding 51D83807D6464455737FE183744252A2

C:\Windows\SysWOW64\msiexec.exe

—

msiexec.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows® installer

Version:

5.0.19041.3636 (WinBuild.160101.0800)

Modules

Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll

7256

"C:\Users\admin\AppData\Local\Temp\Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe"

C:\Users\admin\AppData\Local\Temp\Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe

explorer.exe

User:

admin

Company:

Secure By Design Inc.

Integrity Level:

MEDIUM

Description:

Ninite

Version:

0,1,1,1183

Modules

Images
c:\users\admin\appdata\local\temp\ninite 7zip chrome foxit reader teamviewer 15 vlc installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll

7512

C:\WINDOWS\system32\SppExtComObj.exe -Embedding

C:\Windows\System32\SppExtComObj.Exe

—

svchost.exe

User:

NETWORK SERVICE

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

KMS Connection Broker

Version:

10.0.19041.3996 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll

7544

"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent

C:\Windows\System32\slui.exe

—

SppExtComObj.Exe

User:

NETWORK SERVICE

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Windows Activation Client

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

7616

Ninite.exe "fef7fb5bdda29696208ac2d412679812dff8d7d1" /fullpath "C:\Users\admin\AppData\Local\Temp\Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe"

C:\Users\admin\AppData\Local\Temp\7d114559-3b78-11f0-b4ed-18f7786f96ee\Ninite.exe

—

Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe

User:

admin

Company:

Secure By Design Inc.

Integrity Level:

MEDIUM

Description:

Ninite

Version:

0,1,1,1486

Modules

Images
c:\users\admin\appdata\local\temp\7d114559-3b78-11f0-b4ed-18f7786f96ee\ninite.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll

7804

"C:\Users\admin\AppData\Local\Temp\7d114559-3b78-11f0-b4ed-18f7786f96ee\Ninite.exe" "fef7fb5bdda29696208ac2d412679812dff8d7d1" /fullpath "C:\Users\admin\AppData\Local\Temp\Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe" /relaunch

C:\Users\admin\AppData\Local\Temp\7d114559-3b78-11f0-b4ed-18f7786f96ee\Ninite.exe

Ninite.exe

User:

admin

Company:

Secure By Design Inc.

Integrity Level:

HIGH

Description:

Ninite

Version:

0,1,1,1486

Modules

Images
c:\users\admin\appdata\local\temp\7d114559-3b78-11f0-b4ed-18f7786f96ee\ninite.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll

Add for printing

Total events

12 201

Read events

12 089

Write events

Delete events

Modification events


(PID) Process:	(2096) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Owner
Value: 3008000009AD905685CFDB01
(PID) Process:	(2096) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	SessionHash
Value: 01025B0AB5A2143996385C948E212AD1A57EBF4FE58B0DC887CA0BE7F043DEE6
(PID) Process:	(2096) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Sequence
Value: 1
(PID) Process:	(2096) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:	write	Name:	Owner
Value: 3008000009AD905685CFDB01
(PID) Process:	(2096) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:	write	Name:	SessionHash
Value: 1EB9A8FEAD35521B6FB33A780CF7C1C3067F9E61539A3083143387AB365CBC94
(PID) Process:	(2096) msiexec.exe	Key:	HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:	write	Name:	Sequence
Value: 1
(PID) Process:	(2096) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CC25D338FFEA3FD3EA8273C2B51C0588\InstallProperties
Operation:	delete value	Name:	AuthorizedCDFPrefix
Value:
(PID) Process:	(2096) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CC25D338FFEA3FD3EA8273C2B51C0588\InstallProperties
Operation:	delete value	Name:	Comments
Value:
(PID) Process:	(2096) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CC25D338FFEA3FD3EA8273C2B51C0588\InstallProperties
Operation:	delete value	Name:	Contact
Value:
(PID) Process:	(2096) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CC25D338FFEA3FD3EA8273C2B51C0588\InstallProperties
Operation:	delete value	Name:	DisplayVersion
Value: 122.0.6261.70

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
7804	Ninite.exe	C:\Users\admin\AppData\Local\Temp\81448eea-3b78-11f0-b4ed-18f7786f96ee\GoogleChromeStandaloneEnterprise64.msi_81448eec-3b78-11f0-b4ed-18f7786f96ee		—
		MD5:—	SHA256:—
7804	Ninite.exe	C:\Users\admin\AppData\Local\Temp\81448eea-3b78-11f0-b4ed-18f7786f96ee\GoogleChromeStandaloneEnterprise64.msi		—
		MD5:—	SHA256:—
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517		binary
		MD5:D085FF17C424C62F8CEF26521549D7C1	SHA256:B38B192CA7C76E76A91020A4011EBEB429CFACC0CEC7A62B90B9FBA1687428C9
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41C		binary
		MD5:9FB7AEC4B0B984ADD30DF5A95A8D3739	SHA256:319DB5DBD9BE5CD598E355A0F18B2B3E4B566997D3CCF1E7D430D8BC29521322
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164		binary
		MD5:148878750A25361324EEA3BA42377ED0	SHA256:9F8C361C6C88DC71344BC90D9D2C1C4AE7B8CE23AAD8C59A30751C3E8410054D
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41C		binary
		MD5:3130F6EA6321903064C15C2869FD9439	SHA256:7A706800110954F7244039A61DA4AC9C354536ED62546B57D36DAE4AA1B6D7E3
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1D627669EFC8CD4F21BCF387D97F9B5_BCCFCBC66B448214318C9391CA0E275F		binary
		MD5:A25803D553A5C5F96580F32091F5ECD1	SHA256:96E0216552B88EF1F2AA4EF351295091A059D485C69D7B894779C71FF9691E20
7804	Ninite.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12		binary
		MD5:A89039782848D38C20C6A94CE5C49A2C	SHA256:17317A048DA110C4678EA239092F13166A50A1C5853AC4A7F70F92D39BC496FE
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1D627669EFC8CD4F21BCF387D97F9B5_BCCFCBC66B448214318C9391CA0E275F		binary
		MD5:8CB7150EA8ABACCD648E0969B49B187B	SHA256:2A9D6BE2DEB208769D79E0D216CED51BDB13F49BCD431684D22EFA2810BC0BAC
7804	Ninite.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12		binary
		MD5:4A90329071AE30B759D279CCA342B0A6	SHA256:4F544379EDA8E2653F71472AB968AEFD6B5D1F4B3CE28A5EDB14196184ED3B60

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
5496	MoUsoCoreWorker.exe	GET	200	2.20.245.139:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
5496	MoUsoCoreWorker.exe	GET	200	2.23.246.101:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	GET	200	18.245.38.41:80	http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkzUBtJnwJkc3SmanzgxeYU%3D	unknown	—	—	whitelisted
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	GET	200	104.18.21.226:80	http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgOhtwj4VKsGchDZBEc%3D	unknown	—	—	whitelisted
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	GET	200	104.18.21.226:80	http://ocsp.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHgDGEJFcIpBz28BuO60qVQ%3D	unknown	—	—	whitelisted
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	GET	200	104.18.21.226:80	http://ocsp.globalsign.com/gsgccr45codesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLuA3ygnKW%2F7xuSx%2F09F%2BhHVuEUQQU2rONwCSQo2t30wygWd0hZ2R2C3gCDGPUxoqhhiZifL455A%3D%3D	unknown	—	—	whitelisted
7804	Ninite.exe	GET	200	142.250.185.99:80	http://c.pki.goog/r/gsr1.crl	unknown	—	—	whitelisted
6544	svchost.exe	GET	200	2.23.77.188:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
7804	Ninite.exe	GET	200	142.250.185.99:80	http://c.pki.goog/r/r4.crl	unknown	—	—	whitelisted
7804	Ninite.exe	GET	200	216.58.212.163:80	http://o.pki.goog/we2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTuMJxAT2trYla0jia%2F5EUSmLrk3QQUdb7Ed66J9kQ3fc%2BxaB8dGuvcNFkCEGXWjqQNO7dNEog5tJx4f5A%3D	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
6488	RUXIMICS.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
—	—	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
5496	MoUsoCoreWorker.exe	2.20.245.139:80	crl.microsoft.com	Akamai International B.V.	SE	whitelisted
5496	MoUsoCoreWorker.exe	2.23.246.101:80	www.microsoft.com	Ooredoo Q.S.C.	QA	whitelisted
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	52.222.214.66:443	ninite.com	AMAZON-02	US	whitelisted
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	18.245.38.41:80	ocsp.rootca1.amazontrust.com	—	US	whitelisted
3216	svchost.exe	172.211.123.249:443	client.wns.windows.com	MICROSOFT-CORP-MSN-AS-BLOCK	FR	whitelisted
7256	Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe	104.18.21.226:80	ocsp.globalsign.com	CLOUDFLARENET	—	whitelisted
6544	svchost.exe	20.190.160.128:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	40.127.240.158 51.104.136.2	whitelisted
crl.microsoft.com	2.20.245.139 2.20.245.137	whitelisted
www.microsoft.com	2.23.246.101	whitelisted
google.com	142.250.185.78	whitelisted
ninite.com	52.222.214.66 52.222.214.55 52.222.214.108 52.222.214.61	whitelisted
ocsp.rootca1.amazontrust.com	18.245.38.41	whitelisted
client.wns.windows.com	172.211.123.249	whitelisted
ocsp.globalsign.com	104.18.21.226 104.18.20.226	whitelisted
login.live.com	20.190.160.128 20.190.160.130 40.126.32.136 40.126.32.74 20.190.160.4 20.190.160.131 40.126.32.68 20.190.160.22	whitelisted
ocsp.digicert.com	2.23.77.188 2.17.190.73	whitelisted

Threats

PID	Process	Class	Message
7804	Ninite.exe	Potential Corporate Privacy Violation	ET INFO PE EXE or DLL Windows file download HTTP
7804	Ninite.exe	Potential Corporate Privacy Violation	ET INFO PE EXE or DLL Windows file download HTTP

Add for printing

No debug info

General Info

Ninite 7Zip Chrome Foxit Reader TeamViewer 15 VLC Installer.exe

83EFA224A3F063FF0532A75C8629DA8E

1C6CB2CC01411A0510901AE8458B81EA20D89A9C

BADA7FBB7BDDDD65858E9491674B9608133EBE7F429F1144794284A3A865B7F8

12288:XLVP603RQX2pyf+cnci2N9pKKfyeo+pW1KKRyzE/:bVP60BM2pMUN9keo+c+zE/

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Reads security settings of Internet Explorer

Executable content was dropped or overwritten

Application launched itself

Searches for installed software

Drops 7-zip archiver for unpacking

Reads the Windows owner or organization settings

Process requests binary or script from the Internet

Potential Corporate Privacy Violation

INFO

Checks supported languages

Checks proxy server information

The sample compiled with english language support

Reads the computer name

Creates files or folders in the user directory

Reads the machine GUID from the registry

Create files in a temporary directory

Reads the software policy settings

Process checks computer location settings

TEAMVIEWER has been detected

Executable content was dropped or overwritten

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings