File name:

windowsdesktop-runtime-8.0.12-win-x64.exe

Full analysis: https://app.any.run/tasks/be481d49-301a-40db-9767-18abdf751b6e
Verdict: Malicious activity
Analysis date: January 20, 2025, 16:40:46
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

D34739D43F7495E54DA045362D9550CB

SHA1:

93F3F9EBF121299955656B017FC8D0A2928BC036

SHA256:

CB51B559F343CB56E23CAD2E5AF8C4D1701E221A0A2A4116193A2A9375568814

SSDEEP:

786432:Jq0EZSluOeQDx4kfO7wPkKa5eEnN1vyMjPU8:Jq0EYv7kwsKsnNVyMjPU8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 5788)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)
      • msiexec.exe (PID: 4648)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 5788)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 5788)

    • Reads security settings of Internet Explorer

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • Starts itself from another location

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 4648)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 4648)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 4648)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 4648)

    • Searches for installed software

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

  • INFO

    • Create files in a temporary directory

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 5788)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)

    • Checks supported languages

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 5788)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)
      • msiexec.exe (PID: 4648)
      • msiexec.exe (PID: 1760)
      • msiexec.exe (PID: 5916)
      • msiexec.exe (PID: 3688)
      • msiexec.exe (PID: 5460)

    • The sample compiled with english language support

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 5788)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)
      • msiexec.exe (PID: 4648)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • Process checks computer location settings

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • The process uses the downloaded file

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • Reads the computer name

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)
      • msiexec.exe (PID: 4648)
      • msiexec.exe (PID: 1760)
      • msiexec.exe (PID: 3688)
      • msiexec.exe (PID: 5916)
      • msiexec.exe (PID: 5460)
      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 3808)

    • Creates files in the program directory

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-8.0.12-win-x64.exe (PID: 1296)
      • msiexec.exe (PID: 4648)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 4648)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4648)

    • Reads the software policy settings

      • msiexec.exe (PID: 4648)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4648)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:09:23 22:06:56+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.16
CodeSize: 303104
InitializedDataSize: 162816
UninitializedDataSize: -
EntryPoint: 0x3054b
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 8.0.12.34404
ProductVersionNumber: 8.0.12.34404
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Microsoft Corporation
FileDescription: Microsoft Windows Desktop Runtime - 8.0.12 (x64)
FileVersion: 8.0.12.34404
InternalName: setup
LegalCopyright: Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFileName: windowsdesktop-runtime-8.0.12-win-x64.exe
ProductName: Microsoft Windows Desktop Runtime - 8.0.12 (x64)
ProductVersion: 8.0.12.34404
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
119
Monitored processes
8
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start windowsdesktop-runtime-8.0.12-win-x64.exe windowsdesktop-runtime-8.0.12-win-x64.exe windowsdesktop-runtime-8.0.12-win-x64.exe msiexec.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1296"C:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.be\windowsdesktop-runtime-8.0.12-win-x64.exe" -q -burn.elevated BurnPipe.{F5046DF7-3570-417A-A162-8BC48B6A2D35} {85CD6C73-DCA8-424E-9621-97F1CCF2ACEF} 3808C:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.be\windowsdesktop-runtime-8.0.12-win-x64.exe
windowsdesktop-runtime-8.0.12-win-x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Windows Desktop Runtime - 8.0.12 (x64)
Exit code:
0
Version:
8.0.12.34404
Modules
Images
c:\users\admin\appdata\local\temp\{afe54a5b-3600-45bb-be26-71e468268f3c}\.be\windowsdesktop-runtime-8.0.12-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1760C:\Windows\syswow64\MsiExec.exe -Embedding B6BBF40A71FC7223C9B99F44DC538ED2C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3688C:\Windows\syswow64\MsiExec.exe -Embedding F758FECF802EF1C447B6CD3B498BDFFBC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3808"C:\Users\admin\AppData\Local\Temp\{E9D9DDC1-DAFD-4F72-9E37-F305BAC7BDA7}\.cr\windowsdesktop-runtime-8.0.12-win-x64.exe" -burn.clean.room="C:\Users\admin\Desktop\windowsdesktop-runtime-8.0.12-win-x64.exe" -burn.filehandle.attached=596 -burn.filehandle.self=700 C:\Users\admin\AppData\Local\Temp\{E9D9DDC1-DAFD-4F72-9E37-F305BAC7BDA7}\.cr\windowsdesktop-runtime-8.0.12-win-x64.exe
windowsdesktop-runtime-8.0.12-win-x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Desktop Runtime - 8.0.12 (x64)
Exit code:
0
Version:
8.0.12.34404
Modules
Images
c:\users\admin\appdata\local\temp\{e9d9ddc1-dafd-4f72-9e37-f305bac7bda7}\.cr\windowsdesktop-runtime-8.0.12-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4648C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5460C:\Windows\syswow64\MsiExec.exe -Embedding 0D2EA2E7A4A6EE4416ABD3742D0EA62AC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5788"C:\Users\admin\Desktop\windowsdesktop-runtime-8.0.12-win-x64.exe" C:\Users\admin\Desktop\windowsdesktop-runtime-8.0.12-win-x64.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Desktop Runtime - 8.0.12 (x64)
Exit code:
0
Version:
8.0.12.34404
Modules
Images
c:\users\admin\desktop\windowsdesktop-runtime-8.0.12-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5916C:\Windows\syswow64\MsiExec.exe -Embedding CFBD71FAC0971BB1154290E53BA7E0A2C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
9 928
Read events
9 019
Write events
865
Delete events
44

Modification events

(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:EstimatedSize
Value:
222242
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:Version
Value:
8.0.12.34404
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:DisplayName
Value:
Microsoft Windows Desktop Runtime - 8.0.12 (x64)
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:Resume
Value:
1
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Operation:writeName:{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Value:
"C:\ProgramData\Package Cache\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}\windowsdesktop-runtime-8.0.12-win-x64.exe" /burn.runonce
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:BundleResumeCommandLine
Value:
/burn.log.append "C:\Users\admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.12_(x64)_20250120164118.log"
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}\Dependents\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:delete valueName:MinVersion
Value:
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}\Dependents\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:delete valueName:MaxVersion
Value:
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:BundleCachePath
Value:
C:\ProgramData\Package Cache\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}\windowsdesktop-runtime-8.0.12-win-x64.exe
(PID) Process:(1296) windowsdesktop-runtime-8.0.12-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{aafaa0cc-b975-4ffa-ba33-8690e64683c4}
Operation:writeName:BundleUpgradeCode
Value:
{7F5F299F-5EB1-6FC0-6D86-FB7931E33C68}
Executable files
485
Suspicious files
73
Text files
29
Unknown types
0

Dropped files

PID
Process
Filename
Type
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\3082\thm.wxlxml
MD5:1474C297B47C24D9E8E937CCBF50C4B2
SHA256:FAB76FA9382A7793309C9B07D5BAAA3EFD8553172D46F8B69E22E30B635BB146
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\thm.wxlxml
MD5:D5070CB3387A0A22B7046AE5AB53F371
SHA256:81A68046B06E09385BE8449373E7CEB9E79F7724C3CF11F0B18A4489A8D4926A
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\wixstdba.dllexecutable
MD5:F1919C6BD85D7A78A70C228A5B227FBE
SHA256:DCEA15F3710822FFC262E62EC04CC7BBBF0F33F5D1A853609FBFB65CB6A45640
5788windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{E9D9DDC1-DAFD-4F72-9E37-F305BAC7BDA7}\.cr\windowsdesktop-runtime-8.0.12-win-x64.exeexecutable
MD5:5555CF5ED6A31586A87C77636F1D5FC1
SHA256:B4B057C09477F0FC9D188DB4D1D057EDA90756BE63FAED3744771D22307F4ABC
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\1028\thm.wxlxml
MD5:B9428C94444693B5E3A392C8D0B95170
SHA256:C0413EDFD13FD27EEAB7B8CE60963668236466C48F4173C29F84093011C281AF
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\bg.pngimage
MD5:9EB0320DFBF2BD541E6A55C01DDC9F20
SHA256:9095BF7B6BAA0107B40A4A6D727215BE077133A190F4CA9BD89A176842141E79
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\dotnet_runtime_8.0.12_win_x64.msi
MD5:
SHA256:
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\1031\thm.wxlxml
MD5:B45249A2238A5568B377E58D4CE89E9A
SHA256:0C4203A81DCD01D53378036AF78CFFCF9E9A5AF7754DFBDD56584AE74C21CC61
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\.ba\thm.xmlxml
MD5:302563A713B142EE41B59E3EEAC53A90
SHA256:83CA096F7BA2C83FC3B3AEB697B8139A788FA35EB8632943E26BB9FFF7C78E63
3808windowsdesktop-runtime-8.0.12-win-x64.exeC:\Users\admin\AppData\Local\Temp\{AFE54A5B-3600-45BB-BE26-71E468268F3C}\windowsdesktop_runtime_8.0.12_win_x64.msi
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
20
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.209.214.100:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4648
msiexec.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
4648
msiexec.exe
GET
200
23.32.238.90:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2.19.122.51:443
Akamai International B.V.
DE
unknown
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
4712
MoUsoCoreWorker.exe
23.209.214.100:80
www.microsoft.com
PT. Telekomunikasi Selular
ID
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4648
msiexec.exe
23.32.238.90:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4648
msiexec.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 2.19.11.120
  • 2.19.11.105
  • 23.32.238.90
  • 2.19.198.57
  • 23.32.238.107
  • 23.32.238.153
  • 23.32.238.112
  • 2.19.198.43
  • 23.32.238.145
  • 23.32.238.115
  • 23.32.238.123
whitelisted
www.microsoft.com
  • 23.209.214.100
  • 2.23.246.101
whitelisted
self.events.data.microsoft.com
  • 51.11.192.48
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
windowsdesktop-runtime-8.0.12-win-x64.exe