File name:

windowsdesktop-runtime-8.0.12-win-x64.exe

Full analysis: https://app.any.run/tasks/be481d49-301a-40db-9767-18abdf751b6e
Verdict: Malicious activity
Analysis date: January 20, 2025, 16:40:46
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

D34739D43F7495E54DA045362D9550CB

SHA1:

93F3F9EBF121299955656B017FC8D0A2928BC036

SHA256:

CB51B559F343CB56E23CAD2E5AF8C4D1701E221A0A2A4116193A2A9375568814

SSDEEP:

786432:Jq0EZSluOeQDx4kfO7wPkKa5eEnN1vyMjPU8:Jq0EYv7kwsKsnNVyMjPU8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 5788)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)
      • msiexec.exe (PID: 4648)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 5788)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 5788)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)

    • Searches for installed software

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • Reads security settings of Internet Explorer

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • Starts itself from another location

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 4648)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 4648)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 4648)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 4648)

  • INFO

    • Create files in a temporary directory

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 5788)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)

    • Reads the computer name

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)
      • msiexec.exe (PID: 4648)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)
      • msiexec.exe (PID: 1760)
      • msiexec.exe (PID: 5460)
      • msiexec.exe (PID: 3688)
      • msiexec.exe (PID: 5916)

    • The sample compiled with english language support

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 5788)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)
      • msiexec.exe (PID: 4648)

    • Checks supported languages

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 5788)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)
      • msiexec.exe (PID: 4648)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)
      • msiexec.exe (PID: 1760)
      • msiexec.exe (PID: 3688)
      • msiexec.exe (PID: 5916)
      • msiexec.exe (PID: 5460)

    • The process uses the downloaded file

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • Process checks computer location settings

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)
      • msiexec.exe (PID: 4648)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 4648)

    • Creates files in the program directory

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)

    • Reads the software policy settings

      • msiexec.exe (PID: 4648)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4648)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4648)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:09:23 22:06:56+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.16
CodeSize: 303104
InitializedDataSize: 162816
UninitializedDataSize: -
EntryPoint: 0x3054b
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 8.0.12.34404
ProductVersionNumber: 8.0.12.34404
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Microsoft Corporation
FileDescription: Microsoft Windows Desktop Runtime - 8.0.12 (x64)
FileVersion: 8.0.12.34404
InternalName: setup
LegalCopyright: Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFileName: windowsdesktop-runtime-8.0.12-win-x64.exe
ProductName: Microsoft Windows Desktop Runtime - 8.0.12 (x64)
ProductVersion: 8.0.12.34404
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
119
Monitored processes
8
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start windowsdesktop-runtime-8.0.12-win-x64.exe windowsdesktop-runtime-8.0.12-win-x64.exe windowsdesktop-runtime-8.0.12-win-x64.exe msiexec.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1296"C:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.be\windowsdesktop-runtime-8.0.12-win-x64.exe" -q -burn.elevated BurnPipe.{F5046DF7-3570-417A-A162-8BC48B6A2D35} {85CD6C73-DCA8-424E-9621-97F1CCF2ACEF} 3808C:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.be\windowsdesktop-runtime-8.0.12-win-x64.exe
windowsdesktop-runtime-8.0.12-win-x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Windows Desktop Runtime - 8.0.12 (x64)
Exit code:
0
Version:
8.0.12.34404
Modules
Images
c:\users\admin\appdata\local\temp\{afe54a5b-3600-45bb-be26-71e468268f3c}\.be\windowsdesktop-runtime-8.0.12-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1760C:\Windows\syswow64\MsiExec.exe -Embedding B6BBF40A71FC7223C9B99F44DC538ED2C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3688C:\Windows\syswow64\MsiExec.exe -Embedding F758FECF802EF1C447B6CD3B498BDFFBC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3808"C:\Users\admin\AppData\Local\Temp\{E9D9DDC1-DAFD-4F72-9E37-F305BAC7BDA7}\.cr\windowsdesktop-runtime-8.0.12-win-x64.exe" -burn.clean.room="C:\Users\admin\Desktop\windowsdesktop-runtime-8.0.12-win-x64.exe" -burn.filehandle.attached=596 -burn.filehandle.self=700 C:\Users\admin\AppData\Local\Temp\{E9D9DDC1-DAFD-4F72-9E37-F305BAC7BDA7}\.cr\windowsdesktop-runtime-8.0.12-win-x64.exe
windowsdesktop-runtime-8.0.12-win-x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Desktop Runtime - 8.0.12 (x64)
Exit code:
0
Version:
8.0.12.34404
Modules
Images
c:\users\admin\appdata\local\temp\{e9d9ddc1-dafd-4f72-9e37-f305bac7bda7}\.cr\windowsdesktop-runtime-8.0.12-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4648C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5460C:\Windows\syswow64\MsiExec.exe -Embedding 0D2EA2E7A4A6EE4416ABD3742D0EA62AC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5788"C:\Users\admin\Desktop\windowsdesktop-runtime-8.0.12-win-x64.exe" C:\Users\admin\Desktop\windowsdesktop-runtime-8.0.12-win-x64.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Desktop Runtime - 8.0.12 (x64)
Exit code:
0
Version:
8.0.12.34404
Modules
Images
c:\users\admin\desktop\windowsdesktop-runtime-8.0.12-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5916C:\Windows\syswow64\MsiExec.exe -Embedding CFBD71FAC0971BB1154290E53BA7E0A2C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
9 928
Read events
9 019
Write events
865
Delete events
44

Modification events

(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:EstimatedSize
Value:
222242
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:Version
Value:
8.0.12.34404
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:DisplayName
Value:
Microsoft Windows Desktop Runtime - 8.0.12 (x64)
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:Resume
Value:
1
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Value:
"C:\ProgramData\Package Cache\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}\windowsdesktop-runtime-8.0.12-win-x64.exe" /burn.runonce
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:BundleResumeCommandLine
Value:
/burn.log.append "C:\Users\admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.12_(x64)_20250120164118.log"
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}\Dependents\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:delete valueName:MinVersion
Value:
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}\Dependents\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:delete valueName:MaxVersion
Value:
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:BundleCachePath
Value:
C:\ProgramData\Package Cache\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}\windowsdesktop-runtime-8.0.12-win-x64.exe
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:BundleUpgradeCode
Value:
{7F5F299F-5EB1-6FC0-6D86-FB7931E33C68}
Executable files
485
Suspicious files
73
Text files
29
Unknown types
0

Dropped files

PID
Process
Filename
Type
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\bg.pngimage
MD5:9EB0320DFBF2BD541E6A55C01DDC9F20
SHA256:9095BF7B6BAA0107B40A4A6D727215BE077133A190F4CA9BD89A176842141E79
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\1031\thm.wxlxml
MD5:B45249A2238A5568B377E58D4CE89E9A
SHA256:0C4203A81DCD01D53378036AF78CFFCF9E9A5AF7754DFBDD56584AE74C21CC61
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\1046\thm.wxlxml
MD5:88CB193F0B0C15023D789E0F8FCE3E03
SHA256:4D6A2D306ABE77E7DBDB2609F6198B4CF99B3F9DC15B9DC72951592AD2F64384
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\1045\thm.wxlxml
MD5:8CFBEE02F1C88567CD9AA747FF27182E
SHA256:D92B3838DE7A1685CCBD04FC9C123704FBD198BFD284D8FAECE4A3663494E75A
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\1049\thm.wxlxml
MD5:1D628F2E1DBAA25BDD8CF2D7F2A9CAF2
SHA256:C7CC8E0BDD4F82DA33984F553B576412DF69C5E1E5B8479542D024CB6B41D050
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\1055\thm.wxlxml
MD5:2897BAEC061B9A89661744685FE3C217
SHA256:285E32E649EB71A68F29BCA7321A6CADE50D79F94DD89E50ECE1197DD70E7633
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\dotnet_runtime_8.0.12_win_x64.msi
MD5:
SHA256:
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\2052\thm.wxlxml
MD5:ED946A363E47DCC77017EC10B1032C54
SHA256:3BB9CE59BA1C4B76FA6B35F544E2B04C85387053EDD8B25D8C8D4FE637FB0A85
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\3082\thm.wxlxml
MD5:1474C297B47C24D9E8E937CCBF50C4B2
SHA256:FAB76FA9382A7793309C9B07D5BAAA3EFD8553172D46F8B69E22E30B635BB146
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\windowsdesktop_runtime_8.0.12_win_x64.msi
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
20
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4648
msiexec.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
QA
binary
1.05 Kb
whitelisted
4648
msiexec.exe
GET
200
23.32.238.90:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
1.01 Kb
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
1.01 Kb
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.209.214.100:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
ID
binary
973 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2.19.122.51:443
Akamai International B.V.
DE
unknown
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
4712
MoUsoCoreWorker.exe
23.209.214.100:80
www.microsoft.com
PT. Telekomunikasi Selular
ID
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4648
msiexec.exe
23.32.238.90:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4648
msiexec.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 2.19.11.120
  • 2.19.11.105
  • 23.32.238.90
  • 2.19.198.57
  • 23.32.238.107
  • 23.32.238.153
  • 23.32.238.112
  • 2.19.198.43
  • 23.32.238.145
  • 23.32.238.115
  • 23.32.238.123
whitelisted
www.microsoft.com
  • 23.209.214.100
  • 2.23.246.101
whitelisted
self.events.data.microsoft.com
  • 51.11.192.48
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
windowsdesktop-runtime-8.0.12-win-x64.exe