File name:

ConnectifyInstaller.exe

Full analysis: https://app.any.run/tasks/e4f6751f-0ea3-4cb9-8242-27f39a80684e
Verdict: Malicious activity
Analysis date: November 28, 2023, 19:23:31
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

989B701CFD666960D48F9A3019FE1020

SHA1:

A9F316DD441F586CE7625136EFCB823F0E1DC885

SHA256:

0D7350DAB6CA9F9A575F53238732BAB013AA7912F6F31062BA448E2EF8A42A81

SSDEEP:

196608:jpN8uNvGR2PPBQGD/w4uqY0FCZyoKIJWXiY4Ugk1d7C6Uo26pOziO2jlt:jw5wxJ/wHCboKIJVV4mno2jiht

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ConnectifyInstaller.exe (PID: 564)
      • ConnectifyInstaller.exe (PID: 4028)
      • ConnectifyInstaller.exe (PID: 2428)
      • ConnectifyInstaller.exe (PID: 2536)
      • DriverSwitcher.exe (PID: 3568)
      • snetcfg.exe (PID: 2952)
      • drvinst.exe (PID: 3884)

    • Registers / Runs the DLL via REGSVR32.EXE

      • ConnectifyInstaller.exe (PID: 2536)

    • Uses Task Scheduler to run other applications

      • nsA3B9.tmp (PID: 3728)

    • The DLL Hijacking

      • DismHost.exe (PID: 2316)
      • DismHost.exe (PID: 3408)
      • DismHost.exe (PID: 2332)
      • DismHost.exe (PID: 2948)
      • DismHost.exe (PID: 2108)
      • DismHost.exe (PID: 4012)

    • Creates a writable file in the system directory

      • drvinst.exe (PID: 3884)
      • snetcfg.exe (PID: 2952)

  • SUSPICIOUS

    • Application launched itself

      • ConnectifyInstaller.exe (PID: 564)
      • ConnectifyInstaller.exe (PID: 2428)
      • Analytics.exe (PID: 2452)
      • Analytics.exe (PID: 2404)
      • Analytics.exe (PID: 2496)
      • Analytics.exe (PID: 3732)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • ConnectifyInstaller.exe (PID: 564)
      • ConnectifyInstaller.exe (PID: 4028)
      • ConnectifyInstaller.exe (PID: 2428)
      • ConnectifyInstaller.exe (PID: 2536)

    • The process creates files with name similar to system file names

      • ConnectifyInstaller.exe (PID: 564)
      • ConnectifyInstaller.exe (PID: 4028)
      • ConnectifyInstaller.exe (PID: 2428)
      • ConnectifyInstaller.exe (PID: 2536)
      • Dism.exe (PID: 752)
      • Dism.exe (PID: 2364)
      • Dism.exe (PID: 1452)
      • Dism.exe (PID: 3748)
      • Dism.exe (PID: 1360)
      • Dism.exe (PID: 3428)

    • Reads the Internet Settings

      • ConnectifyInstaller.exe (PID: 4028)
      • Analytics.exe (PID: 2956)
      • ConnectifyInstaller.exe (PID: 2536)
      • Analytics.exe (PID: 2512)
      • Analytics.exe (PID: 3268)
      • Analytics.exe (PID: 1904)
      • Connectify.exe (PID: 3608)
      • Connectify.exe (PID: 1008)
      • Connectify.exe (PID: 1728)
      • Connectify.exe (PID: 1600)
      • Connectify.exe (PID: 2836)
      • Connectify.exe (PID: 2476)
      • Connectify.exe (PID: 824)

    • Starts application with an unusual extension

      • ConnectifyInstaller.exe (PID: 2536)

    • Drops a system driver (possible attempt to evade defenses)

      • DriverSwitcher.exe (PID: 3568)
      • drvinst.exe (PID: 3884)
      • snetcfg.exe (PID: 2952)

    • Process drops legitimate windows executable

      • Dism.exe (PID: 752)
      • Dism.exe (PID: 2364)
      • Dism.exe (PID: 1452)
      • Dism.exe (PID: 3748)
      • Dism.exe (PID: 1360)
      • Dism.exe (PID: 3428)

    • Suspicious use of NETSH.EXE

      • ConnectifyShutdown.exe (PID: 1460)

    • Creates files in the driver directory

      • drvinst.exe (PID: 3884)
      • snetcfg.exe (PID: 2952)

    • Reads settings of System Certificates

      • rundll32.exe (PID: 3296)
      • snetcfg.exe (PID: 2952)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 3884)
      • snetcfg.exe (PID: 2952)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2528)

    • Reads security settings of Internet Explorer

      • snetcfg.exe (PID: 2952)

  • INFO

    • Checks supported languages

      • ConnectifyInstaller.exe (PID: 564)
      • ConnectifyInstaller.exe (PID: 4028)
      • wmpnscfg.exe (PID: 4004)
      • ConnectifyInstaller.exe (PID: 2428)
      • ConnectifyInstaller.exe (PID: 2536)
      • ns6FE2.tmp (PID: 552)
      • Analytics.exe (PID: 4024)
      • Analytics.exe (PID: 2452)
      • ns9790.tmp (PID: 3256)
      • Analytics.exe (PID: 2956)
      • ns6E7A.tmp (PID: 2696)
      • ConnectifySupportCenter.exe (PID: 2776)
      • ns9BF7.tmp (PID: 3548)
      • Analytics.exe (PID: 2404)
      • Analytics.exe (PID: 2512)
      • ns9D7E.tmp (PID: 3724)
      • ConnectifyShutdown.exe (PID: 1460)
      • GlobalAtomTable.exe (PID: 3860)
      • ns980E.tmp (PID: 1116)
      • DriverSwitcher.exe (PID: 3568)
      • nsAD6E.tmp (PID: 3452)
      • nsA3B9.tmp (PID: 3728)
      • DismHost.exe (PID: 2316)
      • snetcfg.exe (PID: 3112)
      • snetcfg.exe (PID: 3368)
      • DismHost.exe (PID: 3408)
      • DismHost.exe (PID: 2332)
      • snetcfg.exe (PID: 3036)
      • DismHost.exe (PID: 2108)
      • DismHost.exe (PID: 2948)
      • snetcfg.exe (PID: 3032)
      • DismHost.exe (PID: 4012)
      • drvinst.exe (PID: 3884)
      • snetcfg.exe (PID: 2952)
      • Analytics.exe (PID: 2496)
      • ns2290.tmp (PID: 600)
      • Analytics.exe (PID: 3268)
      • GlobalAtomTable.exe (PID: 3168)
      • ns23F8.tmp (PID: 3804)
      • ns25BE.tmp (PID: 2628)
      • wmpnscfg.exe (PID: 3532)
      • wmpnscfg.exe (PID: 3996)
      • Analytics.exe (PID: 3732)
      • ns5635.tmp (PID: 2840)
      • Analytics.exe (PID: 1904)
      • GlobalAtomTable.exe (PID: 1868)
      • wmpnscfg.exe (PID: 3792)
      • Connectify.exe (PID: 3608)
      • GlobalAtomTable.exe (PID: 3776)
      • Connectify.exe (PID: 1008)
      • GlobalAtomTable.exe (PID: 1296)
      • Connectify.exe (PID: 2836)
      • GlobalAtomTable.exe (PID: 2480)
      • Connectify.exe (PID: 1728)
      • GlobalAtomTable.exe (PID: 2232)
      • Connectify.exe (PID: 1600)
      • GlobalAtomTable.exe (PID: 3348)
      • Connectify.exe (PID: 824)
      • GlobalAtomTable.exe (PID: 3152)
      • Connectify.exe (PID: 2476)
      • GlobalAtomTable.exe (PID: 3468)

    • Reads the computer name

      • ConnectifyInstaller.exe (PID: 564)
      • ConnectifyInstaller.exe (PID: 4028)
      • wmpnscfg.exe (PID: 4004)
      • ConnectifyInstaller.exe (PID: 2428)
      • ConnectifyInstaller.exe (PID: 2536)
      • Analytics.exe (PID: 4024)
      • Analytics.exe (PID: 2452)
      • Analytics.exe (PID: 2956)
      • Analytics.exe (PID: 2404)
      • Analytics.exe (PID: 2512)
      • ConnectifyShutdown.exe (PID: 1460)
      • ConnectifySupportCenter.exe (PID: 2776)
      • DriverSwitcher.exe (PID: 3568)
      • DismHost.exe (PID: 2316)
      • DismHost.exe (PID: 3408)
      • DismHost.exe (PID: 2332)
      • DismHost.exe (PID: 2108)
      • DismHost.exe (PID: 2948)
      • snetcfg.exe (PID: 2952)
      • drvinst.exe (PID: 3884)
      • DismHost.exe (PID: 4012)
      • Analytics.exe (PID: 2496)
      • Analytics.exe (PID: 3268)
      • wmpnscfg.exe (PID: 3792)
      • wmpnscfg.exe (PID: 3532)
      • Analytics.exe (PID: 3732)
      • wmpnscfg.exe (PID: 3996)
      • Connectify.exe (PID: 3608)
      • Connectify.exe (PID: 1008)
      • Analytics.exe (PID: 1904)
      • Connectify.exe (PID: 1728)
      • Connectify.exe (PID: 824)
      • Connectify.exe (PID: 2836)
      • Connectify.exe (PID: 1600)
      • Connectify.exe (PID: 2476)

    • Create files in a temporary directory

      • ConnectifyInstaller.exe (PID: 564)
      • ConnectifyInstaller.exe (PID: 4028)
      • ConnectifyInstaller.exe (PID: 2428)
      • ConnectifyInstaller.exe (PID: 2536)
      • DriverSwitcher.exe (PID: 3568)
      • Dism.exe (PID: 752)
      • Dism.exe (PID: 2364)
      • Dism.exe (PID: 1452)
      • Dism.exe (PID: 3748)
      • Dism.exe (PID: 1360)
      • Dism.exe (PID: 3428)
      • snetcfg.exe (PID: 2952)

    • Manual execution by a user

      • msedge.exe (PID: 3812)
      • wmpnscfg.exe (PID: 4004)
      • ConnectifyInstaller.exe (PID: 2428)
      • WinRAR.exe (PID: 3616)
      • explorer.exe (PID: 2084)
      • wmpnscfg.exe (PID: 3996)
      • wmpnscfg.exe (PID: 3792)
      • wmpnscfg.exe (PID: 3532)
      • Connectify.exe (PID: 3608)
      • Connectify.exe (PID: 1008)
      • Connectify.exe (PID: 2836)
      • Connectify.exe (PID: 1728)
      • Connectify.exe (PID: 1600)
      • Connectify.exe (PID: 824)
      • Connectify.exe (PID: 2476)

    • Application launched itself

      • msedge.exe (PID: 2504)
      • msedge.exe (PID: 3812)

    • The process uses the downloaded file

      • msedge.exe (PID: 1700)
      • WinRAR.exe (PID: 3616)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3616)
      • Dism.exe (PID: 752)
      • Dism.exe (PID: 2364)
      • Dism.exe (PID: 1452)
      • Dism.exe (PID: 3748)
      • Dism.exe (PID: 1360)
      • Dism.exe (PID: 3428)

    • Process checks are UAC notifies on

      • ConnectifyInstaller.exe (PID: 2428)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 4004)
      • Analytics.exe (PID: 2452)
      • Analytics.exe (PID: 4024)
      • Analytics.exe (PID: 2956)
      • Analytics.exe (PID: 2404)
      • ConnectifySupportCenter.exe (PID: 2776)
      • Analytics.exe (PID: 2512)
      • ConnectifyInstaller.exe (PID: 2536)
      • DriverSwitcher.exe (PID: 3568)
      • ConnectifyShutdown.exe (PID: 1460)
      • DismHost.exe (PID: 2316)
      • DismHost.exe (PID: 3408)
      • DismHost.exe (PID: 2332)
      • DismHost.exe (PID: 2108)
      • DismHost.exe (PID: 2948)
      • DismHost.exe (PID: 4012)
      • snetcfg.exe (PID: 2952)
      • drvinst.exe (PID: 3884)
      • Analytics.exe (PID: 2496)
      • Analytics.exe (PID: 3268)
      • wmpnscfg.exe (PID: 3792)
      • wmpnscfg.exe (PID: 3532)
      • wmpnscfg.exe (PID: 3996)
      • Analytics.exe (PID: 3732)
      • Analytics.exe (PID: 1904)
      • Connectify.exe (PID: 3608)
      • Connectify.exe (PID: 1008)
      • Connectify.exe (PID: 2836)
      • Connectify.exe (PID: 1728)
      • Connectify.exe (PID: 1600)
      • Connectify.exe (PID: 2476)
      • Connectify.exe (PID: 824)

    • Creates files in the program directory

      • Analytics.exe (PID: 2956)
      • ConnectifyInstaller.exe (PID: 2536)
      • Connectify.exe (PID: 3608)

    • Reads Environment values

      • Analytics.exe (PID: 2956)
      • Analytics.exe (PID: 2512)
      • Analytics.exe (PID: 3268)
      • Analytics.exe (PID: 1904)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 3296)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 23:56:47+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 23.0.1.40175
ProductVersionNumber: 23.0.1.40175
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Connectify
FileDescription: Connectify Hotspot 23
FileVersion: 23.0.1.40175
LegalCopyright: Copyright 2009-2023
ProductName: Connectify Hotspot 23
ProductVersion: 23.0.1.40175
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
214
Monitored processes
122
Malicious processes
24
Suspicious processes
0

Behavior graph

Click at the process to see the details
start connectifyinstaller.exe no specs connectifyinstaller.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs explorer.exe no specs winrar.exe no specs connectifyinstaller.exe no specs connectifyinstaller.exe PhotoViewer.dll no specs ns6e7a.tmp no specs analytics.exe no specs ns6fe2.tmp no specs analytics.exe no specs analytics.exe ns9790.tmp no specs globalatomtable.exe no specs ns980e.tmp no specs connectifysupportcenter.exe no specs ns9bf7.tmp no specs analytics.exe no specs analytics.exe ns9d7e.tmp no specs connectifyshutdown.exe no specs netsh.exe no specs nsa3b9.tmp no specs schtasks.exe no specs regsvr32.exe no specs nsad6e.tmp no specs driverswitcher.exe no specs dism.exe dismhost.exe snetcfg.exe no specs dism.exe dismhost.exe snetcfg.exe no specs dism.exe dismhost.exe snetcfg.exe no specs dism.exe dismhost.exe dism.exe dismhost.exe snetcfg.exe no specs dism.exe dismhost.exe snetcfg.exe no specs drvinst.exe no specs rundll32.exe no specs vssvc.exe no specs ns2290.tmp no specs analytics.exe no specs analytics.exe ns23f8.tmp no specs globalatomtable.exe no specs ns25be.tmp no specs globalatomtable.exe no specs wmpnscfg.exe no specs wmpnscfg.exe no specs wmpnscfg.exe no specs ns5635.tmp no specs analytics.exe no specs analytics.exe connectify.exe no specs globalatomtable.exe no specs connectify.exe no specs globalatomtable.exe no specs connectify.exe no specs globalatomtable.exe no specs connectify.exe no specs globalatomtable.exe no specs connectify.exe no specs globalatomtable.exe no specs connectify.exe no specs globalatomtable.exe no specs connectify.exe no specs globalatomtable.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3572 --field-trial-handle=1328,i,5831195273068478276,11015033146937035303,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
272"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2416 --field-trial-handle=1328,i,5831195273068478276,11015033146937035303,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
284"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3896 --field-trial-handle=1328,i,5831195273068478276,11015033146937035303,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
544"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3632 --field-trial-handle=1328,i,5831195273068478276,11015033146937035303,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
552"C:\Users\admin\AppData\Local\Temp\nsz65ED.tmp\ns6FE2.tmp" "C:\Users\admin\AppData\Local\Temp\Connectify\4\Analytics.exe" daemon navigation Installer Init 7.1.0.29279 NoneC:\Users\admin\AppData\Local\Temp\nsz65ED.tmp\ns6FE2.tmpConnectifyInstaller.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsz65ed.tmp\ns6fe2.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
564"C:\Users\admin\AppData\Local\Temp\ConnectifyInstaller.exe" C:\Users\admin\AppData\Local\Temp\ConnectifyInstaller.exeexplorer.exe
User:
admin
Company:
Connectify
Integrity Level:
MEDIUM
Description:
Connectify Hotspot 23
Exit code:
1223
Version:
23.0.1.40175
Modules
Images
c:\users\admin\appdata\local\temp\connectifyinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
600"C:\Users\admin\AppData\Local\Temp\nsz65ED.tmp\ns2290.tmp" "C:\Users\admin\AppData\Local\Temp\Connectify\4\Analytics.exe" daemon navigation Installer Driver Reboot 7.1.0.29279 NoneC:\Users\admin\AppData\Local\Temp\nsz65ED.tmp\ns2290.tmpConnectifyInstaller.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsz65ed.tmp\ns2290.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
644C:\Windows\system32\schtasks.exe /delete /TN "Connectify.admin" /FC:\Windows\System32\schtasks.exensA3B9.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
752"dism" /online /get-drivers /format:tableC:\Windows\System32\Dism.exe
DriverSwitcher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Dism Image Servicing Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dism.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
824"C:\Program Files\Connectify\Connectify.exe" "connectify://show/"C:\Program Files\Connectify\Connectify.exeexplorer.exe
User:
admin
Company:
Connectify
Integrity Level:
MEDIUM
Description:
Connectify Hotspot
Exit code:
0
Version:
1.0.5057.27198
Modules
Images
c:\program files\connectify\connectify.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
28 087
Read events
27 691
Write events
371
Delete events
25

Modification events

(PID) Process:(2504) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2504) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2504) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2504) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2504) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(2504) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
(PID) Process:(2504) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
8A1A1F2B695E2F00
(PID) Process:(2504) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
(PID) Process:(2504) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:usagestats
Value:
1
(PID) Process:(2504) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:urlstats
Value:
1
Executable files
306
Suspicious files
318
Text files
352
Unknown types
1

Dropped files

PID
Process
Filename
Type
564ConnectifyInstaller.exeC:\Users\admin\AppData\Local\Temp\nsdE703.tmp\modern-wizard.bmpimage
MD5:AE43624C14859150EDFB54B4024AFF46
SHA256:D5B56046F10941E6659277D46FFD4A0D327DB24BE3174D6A8E7AE0660DA874E9
4028ConnectifyInstaller.exeC:\Users\admin\AppData\Local\Temp\nseE926.tmp\modern-header.bmpimage
MD5:F50B6CEE1BE90D50AF582E57528C7000
SHA256:E83DC2CA1239E62D979C02CA8A8B394573BF50C650AAF4D38799E97D618FECA4
4028ConnectifyInstaller.exeC:\Users\admin\AppData\Local\Temp\nsoE915.tmpbinary
MD5:FF41F28FE0B94D54573EB3F3794DBA22
SHA256:3395E47BC46FFFD468D45EB0A3911882A645492C36403EE7F0C909FE7A970960
3832msedge.exe
MD5:
SHA256:
3812msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1c0c2d.TMP
MD5:
SHA256:
3812msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
4028ConnectifyInstaller.exeC:\Users\admin\AppData\Local\Temp\nseE926.tmp\UAC.dllexecutable
MD5:ADB29E6B186DAA765DC750128649B63D
SHA256:2F7F8FC05DC4FD0D5CDA501B47E4433357E887BBFED7292C028D99C73B52DC08
564ConnectifyInstaller.exeC:\Users\admin\AppData\Local\Temp\nsdE703.tmp\modern-header.bmpimage
MD5:F50B6CEE1BE90D50AF582E57528C7000
SHA256:E83DC2CA1239E62D979C02CA8A8B394573BF50C650AAF4D38799E97D618FECA4
564ConnectifyInstaller.exeC:\Users\admin\AppData\Local\Temp\nsdE703.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
4028ConnectifyInstaller.exeC:\Users\admin\AppData\Local\Temp\nseE926.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
118
DNS requests
129
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2988
msedge.exe
GET
204
13.107.6.158:80
http://edge-http.microsoft.com/captiveportal/generate_204
unknown
unknown
2988
msedge.exe
GET
200
172.67.36.143:80
http://support.connectify.me/article/6-what-operating-systems-does-connectify-support
unknown
html
4.11 Kb
unknown
GET
200
52.217.160.8:80
http://s3.amazonaws.com/helpscout.net/docs/assets/544fa67fe4b0c856ff411f65/attachments/5b6313860428631d7a899906/connectify-helpscout-docs-080218.css
unknown
text
1.69 Kb
unknown
2988
msedge.exe
GET
200
18.66.242.126:80
http://d3eto7onm69fcz.cloudfront.net/assets/stylesheets/launch-1701073372288.css
unknown
text
115 Kb
unknown
2988
msedge.exe
GET
200
18.66.242.126:80
http://d3eto7onm69fcz.cloudfront.net/assets/javascripts/app3.min.js
unknown
text
150 Kb
unknown
2988
msedge.exe
GET
200
18.66.242.126:80
http://d3eto7onm69fcz.cloudfront.net/assets/img/bg-content2.png
unknown
image
5.91 Kb
unknown
2988
msedge.exe
GET
200
108.156.253.147:80
http://d33v4339jhl8k0.cloudfront.net/docs/assets/544fa67fe4b0c856ff411f65/images/544faacde4b07fce1b00c955/connectify_header-community.png
unknown
image
3.44 Kb
unknown
2988
msedge.exe
GET
200
172.217.18.14:80
http://www.google-analytics.com/analytics.js
unknown
text
20.5 Kb
unknown
2988
msedge.exe
GET
200
108.156.253.147:80
http://d33v4339jhl8k0.cloudfront.net/docs/assets/544fa67fe4b0c856ff411f65/images/544faa48e4b07fce1b00c952/hotspot-favicon.ico
unknown
image
1.12 Kb
unknown
2956
Analytics.exe
GET
200
142.250.185.142:80
http://www.google-analytics.com/__utm.gif?utmwv=4.4sa&utmn=1253171908&utmhn=connectify.connectify.me&utmp=Installer%2fInit%2f7.1.0.29279%2fNone&utmac=UA-742036-6&utmcc=__utma%3D999.1953585644.999.999.999111111111111.1%3B%2B__utmz%3D999.999.999.999.utmcsr%3Ddispatch_%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3DInstaller%2fInit%2f7.1.0.29279%2fNone%3B&utmul=en&utmdebug=ON
unknown
image
35 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
868
svchost.exe
95.101.148.135:80
Akamai International B.V.
NL
unknown
2988
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3812
msedge.exe
239.255.255.250:1900
whitelisted
2988
msedge.exe
192.0.78.128:443
www.connectify.me
AUTOMATTIC
US
unknown
2988
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2988
msedge.exe
51.104.176.40:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.connectify.me
  • 192.0.78.128
  • 192.0.78.220
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
nav-edge.smartscreen.microsoft.com
  • 51.104.176.40
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
www.bing.com
  • 104.126.37.186
  • 104.126.37.153
  • 104.126.37.139
  • 104.126.37.178
  • 104.126.37.163
  • 104.126.37.130
  • 104.126.37.161
  • 104.126.37.152
  • 104.126.37.179
  • 204.79.197.200
  • 13.107.21.200
whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 8.241.123.124
  • 8.248.117.252
  • 8.248.119.252
whitelisted
armmf.adobe.com
  • 23.218.208.137
whitelisted
self.events.data.microsoft.com
  • 13.89.178.27
whitelisted
aefd.nelreports.net
  • 2.21.20.150
  • 2.21.20.141
whitelisted

Threats

PID
Process
Class
Message
2988
msedge.exe
Potential Corporate Privacy Violation
POLICY [ANY.RUN] Downloading from a file sharing service is observed
Process
Message
Dism.exe
PID=752 Loading Provider from location C:\Windows\System32\Dism\LogProvider.dll - CDISMProviderStore::Internal_GetProvider
Dism.exe
PID=752 Instantiating the Provider Store. - CDISMImageSession::get_ProviderStore
Dism.exe
PID=752 Initializing a provider store for the LOCAL session type. - CDISMProviderStore::Final_OnConnect
Dism.exe
PID=752 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
Dism.exe
PID=752 Attempting to initialize the logger from the Image Session. - CDISMProviderStore::Final_OnConnect
Dism.exe
PID=752 The requested provider was not found in the Provider Store. - CDISMProviderStore::Internal_GetProvider(hr:0x80004005)
Dism.exe
PID=752 Failed to get an OSServices provider. Must be running in local store. Falling back to checking alongside the log provider for wdscore.dll. - CDISMLogger::FindWdsCore(hr:0x80004005)
Dism.exe
PID=752 Connecting to the provider located at C:\Windows\System32\Dism\LogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
Dism.exe
PID=752 Getting Provider OSServices - CDISMProviderStore::GetProvider
DismHost.exe
PID=2316 Encountered a loaded provider DISMLogger. - CDISMProviderStore::Internal_DisconnectProvider
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ConnectifyInstaller.exe