URL:

http://player.canalplus.fr/mycanal/prod/downloadManager/myCANAL-setup.exe

Full analysis: https://app.any.run/tasks/4c907936-ab32-4843-a419-2934a3046336
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 11, 2019, 18:44:28
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

FD9AA6EF5478006751F85B8599A5A908

SHA1:

F5728D203A42CA8C7CD456E7EED450076F8B5B9E

SHA256:

008E95214BB87DE80AB489F6CE4D8852F05B2A15ACF5E964CAF996155745B0FC

SSDEEP:

3:N1KOJ1YHgVhyEJ4aKGE38nkA:COJ1YwhyEJhw38nkA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • myCANAL-setup.exe (PID: 1020)
      • myCANAL-setup.exe (PID: 2480)
      • ns11B6.tmp (PID: 2860)
      • Silverlight.exe (PID: 884)
      • ns137C.tmp (PID: 3268)
      • ns1419.tmp (PID: 3812)
      • install.exe (PID: 2692)
      • coregen.exe (PID: 1728)
      • coregen.exe (PID: 3736)
      • coregen.exe (PID: 3248)
      • coregen.exe (PID: 3460)
      • coregen.exe (PID: 2436)
      • coregen.exe (PID: 3912)
      • coregen.exe (PID: 1472)
      • coregen.exe (PID: 3456)
      • coregen.exe (PID: 3104)
      • coregen.exe (PID: 3728)
      • coregen.exe (PID: 3784)
      • coregen.exe (PID: 3372)
      • coregen.exe (PID: 640)
      • coregen.exe (PID: 2736)
      • coregen.exe (PID: 3396)
      • ns8EA9.tmp (PID: 2236)
      • sllauncher.exe (PID: 3084)
      • ns9745.tmp (PID: 2288)
      • sllauncher.exe (PID: 1980)
      • Silverlight.Configuration.exe (PID: 3748)
      • nsAB7E.tmp (PID: 3760)
      • nsAA24.tmp (PID: 4092)
      • nssm.exe (PID: 3720)
      • nssm.exe (PID: 2084)
      • nssm.exe (PID: 3836)
      • nsA1C6.tmp (PID: 3504)
      • nssm.exe (PID: 3388)
      • nsA699.tmp (PID: 3228)
      • nssm.exe (PID: 2060)
      • nsAB00.tmp (PID: 2292)
      • nssm.exe (PID: 3160)
      • myCANAL.Service.exe (PID: 3140)
      • sllauncher.exe (PID: 1412)

    • Starts NET.EXE for service management

      • ns11B6.tmp (PID: 2860)

    • Downloads executable files from the Internet

      • chrome.exe (PID: 2960)

    • Loads dropped or rewritten executable

      • myCANAL-setup.exe (PID: 2480)
      • install.exe (PID: 2692)
      • coregen.exe (PID: 1728)
      • coregen.exe (PID: 3736)
      • coregen.exe (PID: 3248)
      • coregen.exe (PID: 3460)
      • coregen.exe (PID: 3912)
      • coregen.exe (PID: 2436)
      • coregen.exe (PID: 3456)
      • coregen.exe (PID: 1472)
      • coregen.exe (PID: 3104)
      • coregen.exe (PID: 3784)
      • coregen.exe (PID: 3372)
      • coregen.exe (PID: 640)
      • coregen.exe (PID: 3728)
      • coregen.exe (PID: 2736)
      • coregen.exe (PID: 3396)
      • rundll32.exe (PID: 3416)
      • sllauncher.exe (PID: 3084)
      • sllauncher.exe (PID: 1980)
      • explorer.exe (PID: 292)
      • sllauncher.exe (PID: 1412)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2960)
      • chrome.exe (PID: 3224)
      • Silverlight.exe (PID: 884)
      • myCANAL-setup.exe (PID: 2480)
      • coregen.exe (PID: 1728)
      • coregen.exe (PID: 3248)
      • coregen.exe (PID: 3736)
      • msiexec.exe (PID: 2740)
      • coregen.exe (PID: 3912)
      • coregen.exe (PID: 3460)
      • coregen.exe (PID: 2436)
      • coregen.exe (PID: 1472)
      • coregen.exe (PID: 3456)
      • coregen.exe (PID: 3104)
      • coregen.exe (PID: 3728)
      • coregen.exe (PID: 640)
      • coregen.exe (PID: 3372)
      • coregen.exe (PID: 2736)
      • coregen.exe (PID: 3396)

    • Starts SC.EXE for service management

      • ns137C.tmp (PID: 3268)

    • Creates files in the program directory

      • myCANAL-setup.exe (PID: 2480)
      • coregen.exe (PID: 1728)
      • coregen.exe (PID: 3248)
      • coregen.exe (PID: 3736)
      • coregen.exe (PID: 3460)
      • coregen.exe (PID: 3912)
      • coregen.exe (PID: 2436)
      • coregen.exe (PID: 1472)
      • coregen.exe (PID: 3456)
      • coregen.exe (PID: 3728)
      • coregen.exe (PID: 3104)
      • coregen.exe (PID: 3784)
      • coregen.exe (PID: 3372)
      • coregen.exe (PID: 640)
      • coregen.exe (PID: 2736)
      • coregen.exe (PID: 3396)

    • Starts application with an unusual extension

      • myCANAL-setup.exe (PID: 2480)

    • Uses RUNDLL32.EXE to load library

      • install.exe (PID: 2692)

    • Changes IE settings (feature browser emulation)

      • msiexec.exe (PID: 2740)

    • Modifies the open verb of a shell class

      • myCANAL-setup.exe (PID: 2480)

    • Creates COM task schedule object

      • msiexec.exe (PID: 2740)

    • Creates files in the user directory

      • Silverlight.Configuration.exe (PID: 3748)

    • Creates a software uninstall entry

      • Silverlight.Configuration.exe (PID: 3748)
      • myCANAL-setup.exe (PID: 2480)

    • Executed as Windows Service

      • nssm.exe (PID: 3160)

    • Reads internet explorer settings

      • sllauncher.exe (PID: 1412)

    • Reads Internet Cache Settings

      • sllauncher.exe (PID: 1412)
      • explorer.exe (PID: 292)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 3224)
      • msiexec.exe (PID: 2740)

    • Reads Internet Cache Settings

      • chrome.exe (PID: 3224)

    • Creates files in the user directory

      • chrome.exe (PID: 3224)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2740)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 2740)

    • Application was dropped or rewritten from another process

      • MSI3A12.tmp (PID: 3196)

    • Creates files in the program directory

      • msiexec.exe (PID: 2740)

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 3468)

    • Reads settings of System Certificates

      • sllauncher.exe (PID: 1412)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
124
Monitored processes
60
Malicious processes
25
Suspicious processes
7

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs mycanal-setup.exe no specs mycanal-setup.exe ns11b6.tmp no specs chrome.exe no specs net.exe no specs net1.exe no specs ns137c.tmp no specs sc.exe no specs ns1419.tmp no specs silverlight.exe install.exe no specs msiexec.exe msi2455.tmp no specs msi3a12.tmp no specs coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe coregen.exe no specs coregen.exe coregen.exe coregen.exe coregen.exe msiexec.exe no specs chrome.exe no specs rundll32.exe no specs ns8ea9.tmp no specs sllauncher.exe no specs ns9745.tmp no specs sllauncher.exe no specs explorer.exe no specs silverlight.configuration.exe no specs nsa1c6.tmp no specs nssm.exe no specs nsa699.tmp no specs nssm.exe no specs nsaa24.tmp no specs nssm.exe no specs nsab00.tmp no specs nssm.exe no specs nsab7e.tmp no specs nssm.exe no specs nssm.exe no specs mycanal.service.exe no specs chrome.exe no specs sllauncher.exe

Process information

PID
CMD
Path
Indicators
Parent process
292C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
640"C:\Program Files\Microsoft Silverlight\5.1.41212.0\coregen.exe" System.ServiceModel.dllC:\Program Files\Microsoft Silverlight\5.1.41212.0\coregen.exe
MSI3A12.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Common Language Runtime native compiler
Exit code:
0
Version:
5.1.41212.0 built by: SL_V5_SVC
Modules
Images
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
884C:\ProgramData\myCANAL\Silverlight.exe /q /doNotRequireDRMPromptC:\ProgramData\myCANAL\Silverlight.exe
ns1419.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Self-Extracting Cabinet
Exit code:
0
Version:
5.1.41212.0
Modules
Images
c:\programdata\mycanal\silverlight.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1020"C:\Users\admin\Downloads\myCANAL-setup.exe" C:\Users\admin\Downloads\myCANAL-setup.exechrome.exe
User:
admin
Company:
UCAYA
Integrity Level:
MEDIUM
Description:
myCANAL
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\downloads\mycanal-setup.exe
c:\systemroot\system32\ntdll.dll
1412"C:\Program Files\Microsoft Silverlight\sllauncher.exe" 1777301608.player.canalplus.frC:\Program Files\Microsoft Silverlight\sllauncher.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Silverlight Out-of-Browser Launcher
Exit code:
0
Version:
5.1.41212.0
Modules
Images
c:\program files\microsoft silverlight\sllauncher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1440"C:\Windows\Installer\MSI2455.tmp" flatC:\Windows\Installer\MSI2455.tmpmsiexec.exe
User:
admin
Integrity Level:
HIGH
Exit code:
202
Modules
Images
c:\windows\installer\msi2455.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
1472"C:\Program Files\Microsoft Silverlight\5.1.41212.0\coregen.exe" System.ServiceModel.Web.dllC:\Program Files\Microsoft Silverlight\5.1.41212.0\coregen.exe
MSI3A12.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Common Language Runtime native compiler
Exit code:
0
Version:
5.1.41212.0 built by: SL_V5_SVC
Modules
Images
c:\program files\microsoft silverlight\5.1.41212.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.41212.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1728"C:\Program Files\Microsoft Silverlight\5.1.41212.0\coregen.exe" mscorlib.dllC:\Program Files\Microsoft Silverlight\5.1.41212.0\coregen.exe
MSI3A12.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Common Language Runtime native compiler
Exit code:
0
Version:
5.1.41212.0 built by: SL_V5_SVC
Modules
Images
c:\program files\microsoft silverlight\5.1.41212.0\coregen.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft silverlight\5.1.41212.0\coreclr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1768"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,17417941468302138703,7174163416768970117,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=367565556307454590 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1836sc delete "myCANAL Server"C:\Windows\system32\sc.exens137C.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
A tool to aid in developing services for WindowsNT
Exit code:
1060
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
7 472
Read events
4 564
Write events
2 849
Delete events
59

Modification events

(PID) Process:(3224) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3224) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3224) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3224) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3224) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3188) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:3224-13207344284347500
Value:
259
(PID) Process:(3224) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(3224) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(3224) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:1512-13197841398593750
Value:
0
(PID) Process:(3224) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
Executable files
231
Suspicious files
26
Text files
110
Unknown types
5

Dropped files

PID
Process
Filename
Type
3224chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\6777be46-fda8-4019-8c53-3a66ddc2f182.tmp
MD5:
SHA256:
3224chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
MD5:
SHA256:
3224chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:
SHA256:
3224chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldtext
MD5:
SHA256:
3224chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
3224chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
3224chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RFcd8d1.TMPtext
MD5:
SHA256:
3224chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
MD5:
SHA256:
3224chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
MD5:
SHA256:
3224chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
19
DNS requests
13
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1412
sllauncher.exe
HEAD
200
2.16.106.65:80
http://player.canalplus.fr/mycanal/prod/downloadManager/configuration.xml
unknown
whitelisted
1412
sllauncher.exe
GET
302
66.117.29.228:80
http://cplusglobalprod.112.2o7.net/b/ss/cplusglobalprod,cplusmycanalpreprod/0/CS-1.1-SL2/s04242581638620?AQB=1&ndh=1&t=11%2F6%2F2019%2019%3A46%3A8%20Thursday%20-60&ce=UTF-8&pageName=MyCWeb%20-%20Widget%20-%20Bibliotheque%20-%20Accueil&ch=MyCWeb&events=event3&c4=MyCWeb%20-%20Widget&c5=MyCWeb%20-%20Widget%20-%20Bibliotheque&c6=MyCWeb%20-%20Widget%20-%20Bibliotheque%20-%20Accueil&c33=MYCANAL&c40=11%2F07%2F2019%2019%3A46%3A08.452&AQE=1
US
whitelisted
1412
sllauncher.exe
GET
200
2.16.106.65:80
http://player.canalplus.fr/mycanal/prod/downloadManager/configuration.xml
unknown
xml
20.4 Kb
whitelisted
1412
sllauncher.exe
GET
200
2.16.106.65:80
http://player.canalplus.fr/mycanal/prod/downloadManager/version.txt?t=636984675680105859
unknown
text
7 b
whitelisted
1412
sllauncher.exe
GET
200
72.247.185.65:80
http://www.msftncsi.com/ncsi.txt?t=636984711680076563
NL
text
14 b
whitelisted
1412
sllauncher.exe
POST
405
172.217.18.99:80
http://google.fr/
US
html
1.55 Kb
whitelisted
1412
sllauncher.exe
GET
302
66.117.29.228:80
http://cplusglobalprod.112.2o7.net/b/ss/cplusglobalprod,cplusmycanalpreprod/0/CS-1.1-SL2/s03370529577774?AQB=1&ndh=1&t=11%2F6%2F2019%2019%3A46%3A8%20Thursday%20-60&ce=UTF-8&pageName=MyCWeb%20-%20Widget%20-%20S%20identifier&ch=MyCWeb&events=event3&c4=MyCWeb%20-%20Widget&c5=MyCWeb%20-%20Widget%20-%20S%20identifier&c33=MYCANAL&c40=11%2F07%2F2019%2019%3A46%3A08.525&AQE=1
US
binary
1 b
whitelisted
1412
sllauncher.exe
GET
200
66.117.29.228:80
http://cplusglobalprod.112.2o7.net/b/ss/cplusglobalprod,cplusmycanalpreprod/0/CS-1.1-SL2/s04242581638620?AQB=1&pccr=true&&ndh=1&t=11%2F6%2F2019%2019%3A46%3A8%20Thursday%20-60&ce=UTF-8&pageName=MyCWeb%20-%20Widget%20-%20Bibliotheque%20-%20Accueil&ch=MyCWeb&events=event3&c4=MyCWeb%20-%20Widget&c5=MyCWeb%20-%20Widget%20-%20Bibliotheque&c6=MyCWeb%20-%20Widget%20-%20Bibliotheque%20-%20Accueil&c33=MYCANAL&c40=11%2F07%2F2019%2019%3A46%3A08.452&AQE=1
US
binary
1 b
whitelisted
1412
sllauncher.exe
GET
200
72.247.185.65:80
http://www.msftncsi.com/ncsi.txt?id=41700f31-e059-4d72-aad8-9a31554a820d
NL
text
14 b
whitelisted
1412
sllauncher.exe
GET
200
72.247.185.65:80
http://www.msftncsi.com/ncsi.txt?id=076ca4a8-48c7-46cf-b710-fc02070eeea8
NL
text
14 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2960
chrome.exe
172.217.23.163:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2960
chrome.exe
2.16.106.65:80
player.canalplus.fr
Akamai International B.V.
whitelisted
2.16.106.65:80
player.canalplus.fr
Akamai International B.V.
whitelisted
2960
chrome.exe
172.217.21.228:443
www.google.com
Google Inc.
US
whitelisted
2960
chrome.exe
216.58.207.78:443
sb-ssl.google.com
Google Inc.
US
whitelisted
2960
chrome.exe
172.217.16.131:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2960
chrome.exe
172.217.16.163:443
www.gstatic.com
Google Inc.
US
whitelisted
2960
chrome.exe
172.217.18.13:443
accounts.google.com
Google Inc.
US
whitelisted
1412
sllauncher.exe
2.16.106.65:80
player.canalplus.fr
Akamai International B.V.
whitelisted
1412
sllauncher.exe
66.117.29.228:80
cplusglobalprod.112.2o7.net
Adobe Systems Inc.
US
unknown

DNS requests

Domain
IP
Reputation
player.canalplus.fr
  • 2.16.106.65
  • 2.16.106.115
whitelisted
clientservices.googleapis.com
  • 172.217.23.163
whitelisted
accounts.google.com
  • 172.217.18.13
shared
www.google.com
  • 172.217.21.228
malicious
sb-ssl.google.com
  • 216.58.207.78
whitelisted
ssl.gstatic.com
  • 172.217.16.131
whitelisted
www.gstatic.com
  • 172.217.16.163
whitelisted
www.msftncsi.com
  • 72.247.185.65
  • 95.100.39.10
whitelisted
cplusglobalprod.112.2o7.net
  • 66.117.29.228
unknown
google.fr
  • 172.217.18.99
whitelisted

Threats

PID
Process
Class
Message
2960
chrome.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://player.canalplus.fr/mycanal/prod/downloadManager/myCANAL-setup.exe