analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

UMF.Installer_v0.53.5.zip

Full analysis: https://app.any.run/tasks/c1d12b27-72bf-4a02-9163-2c203e79cef0
Verdict: Malicious activity
Analysis date: January 14, 2022, 19:54:37
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

38F4392D0B6AC2017A456185543E4991

SHA1:

1B017FB608FFA750ED99DB2687ADEA0FF9F240B0

SHA256:

30A8F1AEC09F2CC225EC52C6CBAB9C6B541291525104DB9503450540789A1EF4

SSDEEP:

196608:urNFc+geu7W2k1hA0EjU4eUGyVBhMuiTgX5E/25dJd72D96/uf:Z3euSEjU4eUG4liME/Mrd72pauf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • UMF.Installer.exe (PID: 3568)
      • UMF.Installer.exe (PID: 2268)
      • UMF.Installer.exe (PID: 2944)
      • UMF.Installer.exe (PID: 3612)
      • UMF.Installer.exe (PID: 2800)
      • UMF.Installer.exe (PID: 1972)
      • PCOptimizerProInstaller.exe (PID: 2336)
      • PCOptimizerProInstaller.exe (PID: 1348)
      • PCOptimizerProSetup_STD.exe (PID: 3800)
      • PCOptimizerPro.exe (PID: 1944)
      • StartApps.exe (PID: 3540)
      • PCOptimizerPro.exe (PID: 3836)
      • PCOptimizerPro.exe (PID: 3752)

    • Loads dropped or rewritten executable

      • PCOptimizerProInstaller.exe (PID: 2336)
      • PCOptimizerProSetup_STD.exe (PID: 3800)
      • regsvr32.exe (PID: 3804)

    • Changes settings of System certificates

      • PCOptimizerProSetup_STD.exe (PID: 3800)

    • Registers / Runs the DLL via REGSVR32.EXE

      • PCOptimizerProSetup_STD.exe (PID: 3800)

    • Loads the Task Scheduler DLL interface

      • PCOptimizerPro.exe (PID: 3752)
      • PCOptimizerPro.exe (PID: 1944)

  • SUSPICIOUS

    • Checks supported languages

      • UMF.Installer.exe (PID: 2268)
      • WinRAR.exe (PID: 2396)
      • UMF.Installer.exe (PID: 3612)
      • UMF.Installer.exe (PID: 1972)
      • MSASCui.exe (PID: 1968)
      • PCOptimizerProInstaller.exe (PID: 2336)
      • PCOptimizerProSetup_STD.exe (PID: 3800)
      • StartApps.exe (PID: 3540)
      • PCOptimizerPro.exe (PID: 1944)
      • PCOptimizerPro.exe (PID: 3752)

    • Reads the computer name

      • WinRAR.exe (PID: 2396)
      • UMF.Installer.exe (PID: 2268)
      • UMF.Installer.exe (PID: 3612)
      • UMF.Installer.exe (PID: 1972)
      • PCOptimizerProSetup_STD.exe (PID: 3800)
      • PCOptimizerProInstaller.exe (PID: 2336)
      • StartApps.exe (PID: 3540)
      • PCOptimizerPro.exe (PID: 1944)
      • PCOptimizerPro.exe (PID: 3752)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 2396)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2396)
      • chrome.exe (PID: 3840)
      • chrome.exe (PID: 3648)
      • PCOptimizerProSetup_STD.exe (PID: 3800)
      • PCOptimizerProInstaller.exe (PID: 2336)
      • PCOptimizerPro.exe (PID: 3752)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 3840)

    • Drops a file with too old compile date

      • chrome.exe (PID: 3840)
      • chrome.exe (PID: 3648)
      • PCOptimizerProSetup_STD.exe (PID: 3800)
      • PCOptimizerProInstaller.exe (PID: 2336)

    • Creates a directory in Program Files

      • PCOptimizerProSetup_STD.exe (PID: 3800)

    • Creates files in the program directory

      • PCOptimizerProSetup_STD.exe (PID: 3800)
      • PCOptimizerPro.exe (PID: 1944)
      • PCOptimizerPro.exe (PID: 3752)

    • Creates files in the user directory

      • PCOptimizerProSetup_STD.exe (PID: 3800)

    • Drops a file that was compiled in debug mode

      • PCOptimizerProSetup_STD.exe (PID: 3800)
      • PCOptimizerPro.exe (PID: 3752)

    • Creates a software uninstall entry

      • PCOptimizerProSetup_STD.exe (PID: 3800)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 3804)

    • Adds / modifies Windows certificates

      • PCOptimizerProSetup_STD.exe (PID: 3800)

    • Reads CPU info

      • PCOptimizerPro.exe (PID: 1944)
      • PCOptimizerPro.exe (PID: 3752)

    • Creates files in the Windows directory

      • PCOptimizerPro.exe (PID: 3752)

    • Searches for installed software

      • PCOptimizerPro.exe (PID: 3752)
      • PCOptimizerPro.exe (PID: 1944)

  • INFO

    • Manual execution by user

      • UMF.Installer.exe (PID: 2800)
      • UMF.Installer.exe (PID: 1972)
      • MSASCui.exe (PID: 1968)
      • explorer.exe (PID: 2236)
      • chrome.exe (PID: 3840)
      • PCOptimizerProInstaller.exe (PID: 2336)
      • PCOptimizerProInstaller.exe (PID: 1348)
      • PCOptimizerPro.exe (PID: 3836)
      • PCOptimizerPro.exe (PID: 3752)

    • Checks supported languages

      • chrome.exe (PID: 2084)
      • chrome.exe (PID: 3840)
      • explorer.exe (PID: 2236)
      • chrome.exe (PID: 2564)
      • chrome.exe (PID: 3648)
      • chrome.exe (PID: 1460)
      • chrome.exe (PID: 2288)
      • chrome.exe (PID: 3248)
      • chrome.exe (PID: 3316)
      • chrome.exe (PID: 3276)
      • chrome.exe (PID: 2316)
      • chrome.exe (PID: 3676)
      • chrome.exe (PID: 2420)
      • chrome.exe (PID: 2108)
      • chrome.exe (PID: 576)
      • chrome.exe (PID: 3664)
      • chrome.exe (PID: 3024)
      • chrome.exe (PID: 2216)
      • chrome.exe (PID: 3512)
      • chrome.exe (PID: 3172)
      • chrome.exe (PID: 1292)
      • chrome.exe (PID: 3212)
      • chrome.exe (PID: 2080)
      • chrome.exe (PID: 2516)
      • chrome.exe (PID: 1656)
      • chrome.exe (PID: 2692)
      • chrome.exe (PID: 3284)
      • chrome.exe (PID: 3476)
      • chrome.exe (PID: 460)
      • chrome.exe (PID: 2108)
      • chrome.exe (PID: 3368)
      • chrome.exe (PID: 3516)
      • chrome.exe (PID: 2852)
      • chrome.exe (PID: 1780)
      • chrome.exe (PID: 3048)
      • chrome.exe (PID: 2916)
      • chrome.exe (PID: 3044)
      • chrome.exe (PID: 3576)
      • chrome.exe (PID: 3568)
      • chrome.exe (PID: 3664)
      • chrome.exe (PID: 3308)
      • chrome.exe (PID: 1004)
      • chrome.exe (PID: 1668)
      • chrome.exe (PID: 576)
      • chrome.exe (PID: 932)
      • chrome.exe (PID: 392)
      • chrome.exe (PID: 3304)
      • chrome.exe (PID: 3236)
      • chrome.exe (PID: 2364)
      • chrome.exe (PID: 3672)
      • chrome.exe (PID: 796)
      • chrome.exe (PID: 2512)
      • chrome.exe (PID: 2792)
      • regsvr32.exe (PID: 3804)
      • chrome.exe (PID: 1292)
      • chrome.exe (PID: 2132)
      • chrome.exe (PID: 2696)
      • chrome.exe (PID: 1656)

    • Reads the computer name

      • explorer.exe (PID: 2236)
      • chrome.exe (PID: 3840)
      • chrome.exe (PID: 3648)
      • chrome.exe (PID: 2316)
      • chrome.exe (PID: 2564)
      • chrome.exe (PID: 2420)
      • chrome.exe (PID: 1656)
      • chrome.exe (PID: 1004)
      • chrome.exe (PID: 3576)
      • chrome.exe (PID: 1668)
      • chrome.exe (PID: 3672)
      • chrome.exe (PID: 2364)
      • chrome.exe (PID: 3304)

    • Reads the hosts file

      • chrome.exe (PID: 3840)
      • chrome.exe (PID: 3648)

    • Application launched itself

      • chrome.exe (PID: 3840)

    • Reads settings of System Certificates

      • chrome.exe (PID: 3648)
      • chrome.exe (PID: 3840)
      • PCOptimizerProSetup_STD.exe (PID: 3800)
      • PCOptimizerPro.exe (PID: 3752)
      • PCOptimizerPro.exe (PID: 1944)

    • Reads the date of Windows installation

      • chrome.exe (PID: 1668)

    • Checks Windows Trust Settings

      • chrome.exe (PID: 3840)
      • PCOptimizerProSetup_STD.exe (PID: 3800)
      • PCOptimizerPro.exe (PID: 1944)
      • PCOptimizerPro.exe (PID: 3752)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2021:12:26 02:45:16
ZipCRC: 0x7d65cb12
ZipCompressedSize: 9118188
ZipUncompressedSize: 10467840
ZipFileName: UMF.Installer.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
137
Monitored processes
73
Malicious processes
10
Suspicious processes
2

Behavior graph

Click at the process to see the details
drop and start drop and start drop and start drop and start start drop and start drop and start winrar.exe umf.installer.exe no specs umf.installer.exe umf.installer.exe no specs umf.installer.exe umf.installer.exe no specs umf.installer.exe msascui.exe no specs explorer.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs pcoptimizerproinstaller.exe no specs pcoptimizerproinstaller.exe pcoptimizerprosetup_std.exe regsvr32.exe chrome.exe no specs startapps.exe no specs pcoptimizerpro.exe pcoptimizerpro.exe no specs pcoptimizerpro.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2396"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\UMF.Installer_v0.53.5.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
3568"C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.24771\UMF.Installer.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.24771\UMF.Installer.exeWinRAR.exe
User:
admin
Company:
umodframework.com
Integrity Level:
MEDIUM
Description:
uMod Framework Installer
Exit code:
3221226540
Version:
0.53.5
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\rar$exa2396.24771\umf.installer.exe
2268"C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.24771\UMF.Installer.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.24771\UMF.Installer.exe
WinRAR.exe
User:
admin
Company:
umodframework.com
Integrity Level:
HIGH
Description:
uMod Framework Installer
Exit code:
3762504530
Version:
0.53.5
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2396.24771\umf.installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2944"C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.26296\UMF.Installer.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.26296\UMF.Installer.exeWinRAR.exe
User:
admin
Company:
umodframework.com
Integrity Level:
MEDIUM
Description:
uMod Framework Installer
Exit code:
3221226540
Version:
0.53.5
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\rar$exa2396.26296\umf.installer.exe
3612"C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.26296\UMF.Installer.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2396.26296\UMF.Installer.exe
WinRAR.exe
User:
admin
Company:
umodframework.com
Integrity Level:
HIGH
Description:
uMod Framework Installer
Exit code:
3762504530
Version:
0.53.5
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2396.26296\umf.installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2800"C:\Users\admin\Desktop\UMF.Installer.exe" C:\Users\admin\Desktop\UMF.Installer.exeExplorer.EXE
User:
admin
Company:
umodframework.com
Integrity Level:
MEDIUM
Description:
uMod Framework Installer
Exit code:
3221226540
Version:
0.53.5
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\desktop\umf.installer.exe
1972"C:\Users\admin\Desktop\UMF.Installer.exe" C:\Users\admin\Desktop\UMF.Installer.exe
Explorer.EXE
User:
admin
Company:
umodframework.com
Integrity Level:
HIGH
Description:
uMod Framework Installer
Exit code:
3762504530
Version:
0.53.5
Modules
Images
c:\users\admin\desktop\umf.installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1968"C:\Program Files\Windows Defender\MSASCui.exe" C:\Program Files\Windows Defender\MSASCui.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Defender User Interface
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows defender\msascui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\program files\windows defender\mpclient.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
2236"C:\Windows\explorer.exe" C:\Windows\explorer.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3840"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
Total events
38 447
Read events
37 846
Write events
0
Delete events
0

Modification events

No data
Executable files
25
Suspicious files
239
Text files
196
Unknown types
18

Dropped files

PID
Process
Filename
Type
3840chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61E1D555-F00.pma
MD5:
SHA256:
2396WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2396.26296\UMF.Installer.exeexecutable
MD5:DA9F91FDC1B32EB81364B00A8935BFCB
SHA256:9BDBB68C8E4F067A66A899B2F5811484C4F06268A14E3BF9C570AEC5C9873327
3840chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferencestext
MD5:08FF8B79FFDA0181B140239BA5D9ACBF
SHA256:6EF9D660996C97414261FE43AB37603FC2B956D9155774AE631959C36B36CF81
3840chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a626a656-d2e9-454d-9c60-01aa6f5649b2.tmptext
MD5:08FF8B79FFDA0181B140239BA5D9ACBF
SHA256:6EF9D660996C97414261FE43AB37603FC2B956D9155774AE631959C36B36CF81
2396WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2396.26732\UMF.Installer.exeexecutable
MD5:DA9F91FDC1B32EB81364B00A8935BFCB
SHA256:9BDBB68C8E4F067A66A899B2F5811484C4F06268A14E3BF9C570AEC5C9873327
2396WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2396.24771\UMF.Installer.exeexecutable
MD5:DA9F91FDC1B32EB81364B00A8935BFCB
SHA256:9BDBB68C8E4F067A66A899B2F5811484C4F06268A14E3BF9C570AEC5C9873327
3840chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.oldtext
MD5:995C92837E4775CAFFE387D51ADBA520
SHA256:51247C3464FD988B72670002D01A57FBFF1348704D325DC8FF8817ED2459D0D9
3840chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
3840chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldtext
MD5:7721CDA9F5B73CE8A135471EB53B4E0E
SHA256:DD730C576766A46FFC84E682123248ECE1FF1887EC0ACAB22A5CE93A450F4500
3840chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:00046F773EFDD3C8F8F6D0F87A2B93DC
SHA256:593EDE11D17AF7F016828068BCA2E93CF240417563FB06DC8A579110AEF81731
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
59
TCP/UDP connections
94
DNS requests
69
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
860
svchost.exe
HEAD
302
142.250.185.110:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
whitelisted
860
svchost.exe
HEAD
403
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
whitelisted
860
svchost.exe
HEAD
200
173.194.5.234:80
http://r5---sn-aigzrn7l.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=185.192.69.73&mm=28&mn=sn-aigzrn7l&ms=nvh&mt=1642189949&mv=m&mvi=5&pl=25&rmhost=r3---sn-aigzrn7l.gvt1.com&shardbypass=yes&smhost=r3---sn-aigzrn7e.gvt1.com
US
whitelisted
860
svchost.exe
GET
206
173.194.5.234:80
http://r5---sn-aigzrn7l.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=185.192.69.73&mm=28&mn=sn-aigzrn7l&ms=nvh&mt=1642189949&mv=m&mvi=5&pl=25&rmhost=r3---sn-aigzrn7l.gvt1.com&shardbypass=yes&smhost=r3---sn-aigzrn7e.gvt1.com
US
binary
9.46 Kb
whitelisted
860
svchost.exe
GET
206
173.194.5.234:80
http://r5---sn-aigzrn7l.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=185.192.69.73&mm=28&mn=sn-aigzrn7l&ms=nvh&mt=1642189949&mv=m&mvi=5&pl=25&rmhost=r3---sn-aigzrn7l.gvt1.com&shardbypass=yes&smhost=r3---sn-aigzrn7e.gvt1.com
US
binary
43.2 Kb
whitelisted
860
svchost.exe
GET
302
142.250.185.110:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
html
614 b
whitelisted
3648
chrome.exe
GET
302
142.250.185.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
593 b
whitelisted
860
svchost.exe
GET
206
173.194.5.234:80
http://r5---sn-aigzrn7l.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=185.192.69.73&mm=28&mn=sn-aigzrn7l&ms=nvh&mt=1642189949&mv=m&mvi=5&pl=25&rmhost=r3---sn-aigzrn7l.gvt1.com&shardbypass=yes&smhost=r3---sn-aigzrn7e.gvt1.com
US
binary
20.7 Kb
whitelisted
860
svchost.exe
GET
206
173.194.5.234:80
http://r5---sn-aigzrn7l.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3?cms_redirect=yes&mh=8t&mip=185.192.69.73&mm=28&mn=sn-aigzrn7l&ms=nvh&mt=1642189949&mv=m&mvi=5&pl=25&rmhost=r3---sn-aigzrn7l.gvt1.com&shardbypass=yes&smhost=r3---sn-aigzrn7e.gvt1.com
US
binary
9.44 Kb
whitelisted
860
svchost.exe
GET
302
142.250.185.110:80
http://redirector.gvt1.com/edgedl/release2/chrome_component/adys6mm2sd23z36ns7e4hcs4hrqq_1.3.36.111/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.111_win_ac5lwr5427en7czu7myxmee6c7xq.crx3
US
html
614 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3648
chrome.exe
142.250.185.74:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3648
chrome.exe
142.250.186.163:443
fonts.gstatic.com
Google Inc.
US
whitelisted
3648
chrome.exe
142.250.186.174:443
apis.google.com
Google Inc.
US
whitelisted
3648
chrome.exe
142.250.181.227:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3648
chrome.exe
34.104.35.123:80
edgedl.me.gvt1.com
US
whitelisted
3648
chrome.exe
142.250.185.68:443
www.google.com
Google Inc.
US
whitelisted
3648
chrome.exe
142.250.185.238:443
clients2.google.com
Google Inc.
US
whitelisted
3124
WerFault.exe
52.168.117.172:443
watson.microsoft.com
Microsoft Corporation
US
suspicious
3648
chrome.exe
172.217.16.131:443
update.googleapis.com
Google Inc.
US
whitelisted
3648
chrome.exe
142.250.185.227:443
www.gstatic.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
watson.microsoft.com
  • 52.168.117.172
whitelisted
clients2.google.com
  • 142.250.185.238
whitelisted
accounts.google.com
  • 142.250.185.205
shared
www.google.com
  • 142.250.185.68
  • 142.250.185.228
whitelisted
fonts.googleapis.com
  • 142.250.185.74
whitelisted
www.gstatic.com
  • 142.250.185.227
whitelisted
fonts.gstatic.com
  • 142.250.186.163
whitelisted
apis.google.com
  • 142.250.186.174
whitelisted
clientservices.googleapis.com
  • 142.250.181.227
whitelisted
update.googleapis.com
  • 172.217.16.131
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query for .to TLD
Potentially Bad Traffic
ET DNS Query for .to TLD
Potentially Bad Traffic
ET DNS Query for .to TLD
3648
chrome.exe
Potentially Bad Traffic
ET INFO Observed ZeroSSL SSL/TLS Certificate
3648
chrome.exe
Potentially Bad Traffic
ET INFO Observed ZeroSSL SSL/TLS Certificate
3648
chrome.exe
Potentially Bad Traffic
ET INFO Observed ZeroSSL SSL/TLS Certificate
3648
chrome.exe
Potentially Bad Traffic
ET INFO Observed ZeroSSL SSL/TLS Certificate
3800
PCOptimizerProSetup_STD.exe
A Network Trojan was detected
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
3800
PCOptimizerProSetup_STD.exe
Potentially Bad Traffic
ET INFO Observed ZeroSSL SSL/TLS Certificate
3800
PCOptimizerProSetup_STD.exe
Potentially Bad Traffic
ET INFO Observed ZeroSSL SSL/TLS Certificate
Process
Message
regsvr32.exe
HKCR { NoRemove CLSID { ForceRemove {203ABD21-41F1-4F1B-BAE3-D6A89A90D239} = s 'PCProCtxMenu Class' { InprocServer32 = s 'C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll' { val ThreadingModel = s 'Apartment' } } } NoRemove * { NoRemove ShellEx { NoRemove ContextMenuHandlers { ForceRemove PCProCtxMenu = s '{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}' } } } NoRemove lnkfile { NoRemove ShellEx { NoRemove ContextMenuHandlers { ForceRemove PCProCtxMenu = s '{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}' } } } }
regsvr32.exe
HKCR { NoRemove CLSID { ForceRemove {203ABD21-41F1-4F1B-BAE3-D6A89A90D239} = s 'PCProCtxMenu Class' { InprocServer32 = s 'C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll' { val ThreadingModel = s 'Apartment' } } } NoRemove * { NoRemove ShellEx { NoRemove ContextMenuHandlers { ForceRemove PCProCtxMenu = s '{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}' } } } NoRemove lnkfile { NoRemove ShellEx { NoRemove ContextMenuHandlers { ForceRemove PCProCtxMenu = s '{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}' } } } }
PCOptimizerProSetup_STD.exe
strData:8044520824
PCOptimizerProSetup_STD.exe
Initial:aH77qbHab7
PCOptimizerProSetup_STD.exe
Target:9hVTp
PCOptimizerProSetup_STD.exe
Target:aH77qbHab79hVTp
PCOptimizerPro.exe
:N Need Help? Dial Toll Free: 1-866-364-6553:
PCOptimizerPro.exe
:N Need Help? Dial Toll Free: 1-866-364-6553:
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
UMF.Installer_v0.53.5.zip