Malware analysis Malwarebytes Premium 511106 Crack With Key Download 2024.exe Malicious activity

Add for printing

File name:	Malwarebytes Premium 511106 Crack With Key Download 2024.exe
Full analysis:	https://app.any.run/tasks/757acbd0-81ce-41c4-b8d9-5e25a1de206f
Verdict:	Malicious activity
Analysis date:	July 10, 2024, 23:16:46
OS:	Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	8972EAB8053D5E4266E54120929BBBE0
SHA1:	B86176E5ACAE8253E6D2803C02172005D1134961
SHA256:	2E21F4C0F55F948EA5A86AAD0060A58FDF5744528C62E5EE4F3932234F91F439
SSDEEP:	49152:hdixrq3BdwjSYUJ/163aFrSnIhVha3DzNvSmG5PmaHX5Y7+rAM5QFLY7YphlwNWc:Wrq3Bdw3wUqFroI8fZG5j35s+rTQFnLA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - Malwarebytes Premium 511106 Crack With Key Download 2024.exe (PID: 3624)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.exe (PID: 4556)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
SUSPICIOUS
- Reads security settings of Internet Explorer
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5332)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
- Executable content was dropped or overwritten
  - Malwarebytes Premium 511106 Crack With Key Download 2024.exe (PID: 4556)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.exe (PID: 3624)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
- Reads the date of Windows installation
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5332)
- Reads the Windows owner or organization settings
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
- Checks Windows Trust Settings
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
INFO
- Reads Environment values
  - Malwarebytes Premium 511106 Crack With Key Download 2024.exe (PID: 3624)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.exe (PID: 4556)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5332)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
- Reads the computer name
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5332)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.exe (PID: 4556)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
  - identity_helper.exe (PID: 6444)
- Process checks computer location settings
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5332)
- Checks supported languages
  - Malwarebytes Premium 511106 Crack With Key Download 2024.exe (PID: 3624)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5332)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.exe (PID: 4556)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
  - identity_helper.exe (PID: 6444)
- Create files in a temporary directory
  - Malwarebytes Premium 511106 Crack With Key Download 2024.exe (PID: 3624)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.exe (PID: 4556)
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
- Reads the machine GUID from the registry
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
- Reads the software policy settings
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
- Checks proxy server information
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
- Creates a software uninstall entry
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
- Reads Microsoft Office registry keys
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
  - msedge.exe (PID: 7152)
  - msedge.exe (PID: 7160)
  - msedge.exe (PID: 6820)
- Application launched itself
  - msedge.exe (PID: 6820)
  - msedge.exe (PID: 7160)
  - msedge.exe (PID: 7152)
- Creates files or folders in the user directory
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
- Creates files in the program directory
  - Malwarebytes Premium 511106 Crack With Key Download 2024.tmp (PID: 5452)
- Manual execution by a user
  - msedge.exe (PID: 7160)
- Drops the executable file immediately after the start
  - msedge.exe (PID: 6332)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Inno Setup installer (53.5)
.exe	\|	InstallShield setup (21)
.exe	\|	Win32 EXE PECompact compressed (generic) (20.2)
.exe	\|	Win32 Executable (generic) (2.1)
.exe	\|	Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2024:06:10 14:47:11+00:00
ImageFileCharacteristics:	No relocs, Executable, 32-bit
PEType:	PE32
LinkerVersion:	2.25
CodeSize:	685056
InitializedDataSize:	90112
UninitializedDataSize:	-
EntryPoint:	0xa83bc
OSVersion:	6.1
ImageVersion:	-
SubsystemVersion:	6.1
Subsystem:	Windows GUI
FileVersionNumber:	6.5.0.0
ProductVersionNumber:	6.5.0.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	This installation was built with Inno Setup.
CompanyName:
FileDescription:	Malwarebytes Premium 511106 Crack With Key Download 2024.exe
FileVersion:	6.5.0.0
LegalCopyright:	Malwarebytes Premium 511106 Crack With Key Download 2024.exe
OriginalFileName:
ProductName:	Malwarebytes Premium 511106 Crack With Key Download 2024.exe
ProductVersion:	6.5.0.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

200

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

740

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x264,0x268,0x26c,0x260,0x240,0x7ffd9e0e5fd8,0x7ffd9e0e5fe4,0x7ffd9e0e5ff0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

936

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4320 --field-trial-handle=2356,i,13198984956029359416,8973513398976051551,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1160

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5188 --field-trial-handle=2356,i,13198984956029359416,8973513398976051551,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1436

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2344 --field-trial-handle=2356,i,13198984956029359416,8973513398976051551,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1572

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1712 --field-trial-handle=2356,i,13198984956029359416,8973513398976051551,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1660

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1628 --field-trial-handle=2356,i,13198984956029359416,8973513398976051551,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1956

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5236 --field-trial-handle=2356,i,13198984956029359416,8973513398976051551,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2112

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5788 --field-trial-handle=2356,i,13198984956029359416,8973513398976051551,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2268

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5724 --field-trial-handle=2356,i,13198984956029359416,8973513398976051551,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2288

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4872 --field-trial-handle=2404,i,6844396157380199729,4598462822351922465,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

18 633

Read events

18 490

Write events

135

Delete events

Modification events


(PID) Process:	(5452) Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Owner
Value: 4C150000D52253401FD3DA01
(PID) Process:	(5452) Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	SessionHash
Value: 1AA8C9BC31779631D882360B632A8B1435BAE18B54CB4DC8BD7037836201D92F
(PID) Process:	(5452) Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Sequence
Value: 1
(PID) Process:	(5452) Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(5452) Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(5452) Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(5452) Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(5452) Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Premium 511106 Crack With Key Downl~5DFDF6C9_is1
Operation:	write	Name:	Inno Setup: Setup Version
Value: 6.3.1
(PID) Process:	(5452) Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Premium 511106 Crack With Key Downl~5DFDF6C9_is1
Operation:	write	Name:	Inno Setup: App Path
Value: C:\Program Files (x86)\Setup
(PID) Process:	(5452) Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Premium 511106 Crack With Key Downl~5DFDF6C9_is1
Operation:	write	Name:	InstallLocation
Value: C:\Program Files (x86)\Setup\

Add for printing

Executable files

Suspicious files

301

Text files

149

Unknown types

Dropped files

PID	Process	Filename		Type
5452	Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8		binary
		MD5:9AD3C8EA391BC87ACB55210AF37337C2	SHA256:64BE29B2529F02FECBE749E0CF26FAA8445DA4F7859D7CCB6B91D3B14A0F64C1
5452	Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	C:\Program Files (x86)\Setup\unins000.dat		binary
		MD5:05F92FB6C5A191412329B2302EE5EE31	SHA256:C16544EF9F45856E77FBC84BA1879432D4C03721ACA3A087CCD565D0F1CB86C1
3624	Malwarebytes Premium 511106 Crack With Key Download 2024.exe	C:\Users\admin\AppData\Local\Temp\is-DSVFK.tmp\Malwarebytes Premium 511106 Crack With Key Download 2024.tmp		executable
		MD5:074B5F0BB949826E4910E2E4F14DCA0C	SHA256:0A97BECF8506172DCF1BDCD9FE863580A0F1C8E10C8F8D7B0F8DD3B4CE7EF00D
5452	Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	C:\Program Files (x86)\Setup\is-2A0FF.tmp		executable
		MD5:5E297971553FC51C8A796894E003F40C	SHA256:6CC5CD0D1C0895DC0F4ADF6EF3FDA11117053DEB07C121DD5117B347A3766E67
6820	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Version		text
		MD5:C7E2197BAE099B13BBB3ADEB1433487D	SHA256:3460EEAF45D581DD43A6E4E17AF8102DDAFF5AEAA88B10099527CF85211629E9
6820	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State~RF1d26e4.TMP		binary
		MD5:D38E65900351368940616574EEA58831	SHA256:B185F10E1AFDF0EEC98946C2A838EF8A7D95F5C1CD8B43CD82430F908FFF069A
6820	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\0ec43177-19a2-4f85-a3b1-9abba8475a8e.tmp		binary
		MD5:9577DFFA38ABCC3DFD7B1623261DEE73	SHA256:9D60E6B72C4B19286602F77B11A825693418BA8636A46B845ACBB016E0BF92E2
7160	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State~RF1d27be.TMP		binary
		MD5:9577DFFA38ABCC3DFD7B1623261DEE73	SHA256:9D60E6B72C4B19286602F77B11A825693418BA8636A46B845ACBB016E0BF92E2
4556	Malwarebytes Premium 511106 Crack With Key Download 2024.exe	C:\Users\admin\AppData\Local\Temp\is-QJFQJ.tmp\Malwarebytes Premium 511106 Crack With Key Download 2024.tmp		executable
		MD5:074B5F0BB949826E4910E2E4F14DCA0C	SHA256:0A97BECF8506172DCF1BDCD9FE863580A0F1C8E10C8F8D7B0F8DD3B4CE7EF00D
7160	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF1d280c.TMP		—
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

101

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
4392	MoUsoCoreWorker.exe	GET	200	23.48.23.143:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	DE	binary	1.01 Kb	unknown
5452	Malwarebytes Premium 511106 Crack With Key Download 2024.tmp	GET	200	142.250.185.67:80	http://c.pki.goog/r/gsr1.crl	US	binary	1.70 Kb	unknown
6348	svchost.exe	GET	206	23.50.131.24:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/83515e92-fb06-47fc-9eeb-072b3031aa1c?P1=1721170983&P2=404&P3=2&P4=b8%2faCOgnW72Xehih33ud%2fQIDJIjDBJnPFU4GOAqqFF%2fx%2bn5Xh%2fbayT%2bhwBx5%2bJSfWCh7pKU%2bXGkBFazi9jtgoA%3d%3d	DE	binary	3.51 Kb	unknown
5680	SIHClient.exe	GET	200	184.30.21.171:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	DE	binary	408 b	unknown
6348	svchost.exe	GET	206	23.50.131.24:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/83515e92-fb06-47fc-9eeb-072b3031aa1c?P1=1721170983&P2=404&P3=2&P4=b8%2faCOgnW72Xehih33ud%2fQIDJIjDBJnPFU4GOAqqFF%2fx%2bn5Xh%2fbayT%2bhwBx5%2bJSfWCh7pKU%2bXGkBFazi9jtgoA%3d%3d	DE	binary	244 b	unknown
6348	svchost.exe	GET	206	23.50.131.24:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/c106f152-4f83-46f0-b89b-0ba6cde91e54?P1=1721240256&P2=404&P3=2&P4=FUuYE2fJYgkjBQtFKDZYvv6ZyYJgga2zCjyWeJbAG3u03%2bcSu6RS0JMVzU0gs%2bjLuOJ3PykI9gOyBZB99gSQlA%3d%3d	DE	binary	89.1 Kb	unknown
4656	SearchApp.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D	US	binary	313 b	unknown
3040	OfficeClickToRun.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D	US	binary	471 b	unknown
6348	svchost.exe	GET	206	23.50.131.24:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/83515e92-fb06-47fc-9eeb-072b3031aa1c?P1=1721170983&P2=404&P3=2&P4=b8%2faCOgnW72Xehih33ud%2fQIDJIjDBJnPFU4GOAqqFF%2fx%2bn5Xh%2fbayT%2bhwBx5%2bJSfWCh7pKU%2bXGkBFazi9jtgoA%3d%3d	DE	binary	1.09 Kb	unknown
3836	backgroundTaskHost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D	US	binary	471 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4032	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1888	RUXIMICS.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
—	—	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4392	MoUsoCoreWorker.exe	23.48.23.143:80	crl.microsoft.com	Akamai International B.V.	DE	unknown
4392	MoUsoCoreWorker.exe	184.30.21.171:80	www.microsoft.com	AKAMAI-AS	DE	unknown
4656	SearchApp.exe	104.126.37.130:443	www.bing.com	Akamai International B.V.	DE	unknown
3716	svchost.exe	40.126.32.138:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4656	SearchApp.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
3716	svchost.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	51.104.136.2	whitelisted
crl.microsoft.com	23.48.23.143 23.48.23.156	whitelisted
www.microsoft.com	184.30.21.171	whitelisted
google.com	142.250.184.206	whitelisted
www.bing.com	104.126.37.130 104.126.37.155 104.126.37.170 104.126.37.162 104.126.37.176 104.126.37.171 104.126.37.145	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
login.live.com	40.126.32.138 20.190.160.14 40.126.32.72 20.190.160.17 40.126.32.140 40.126.32.68 40.126.32.133 20.190.160.22	whitelisted
go.microsoft.com	184.30.17.189	whitelisted
nexusrules.officeapps.live.com	52.111.236.23	whitelisted
routevan.xyz	188.114.96.3 188.114.97.3	unknown

Threats

No threats detected

Add for printing

No debug info

General Info

Malwarebytes Premium 511106 Crack With Key Download 2024.exe

8972EAB8053D5E4266E54120929BBBE0

B86176E5ACAE8253E6D2803C02172005D1134961

2E21F4C0F55F948EA5A86AAD0060A58FDF5744528C62E5EE4F3932234F91F439

49152:hdixrq3BdwjSYUJ/163aFrSnIhVha3DzNvSmG5PmaHX5Y7+rAM5QFLY7YphlwNWc:Wrq3Bdw3wUqFroI8fZG5j35s+rTQFnLA

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Reads security settings of Internet Explorer

Executable content was dropped or overwritten

Reads the date of Windows installation

Reads the Windows owner or organization settings

Checks Windows Trust Settings

INFO

Reads Environment values

Reads the computer name

Process checks computer location settings

Checks supported languages

Create files in a temporary directory

Reads the machine GUID from the registry

Reads the software policy settings

Checks proxy server information

Creates a software uninstall entry

Reads Microsoft Office registry keys

Application launched itself

Creates files or folders in the user directory

Creates files in the program directory

Manual execution by a user

Drops the executable file immediately after the start

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings