File name:

vipre-advanced-security.exe

Full analysis: https://app.any.run/tasks/3fac8316-d9cd-4365-9eb6-ca6bf665c4de
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 16, 2024, 23:17:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

77A9DBD31ED5EBE490011FFA139AFE03

SHA1:

DBC93E29C78398640D21D00345DA4BA0D7258AFD

SHA256:

326E7A5158637E6CCF59535FBE73D6C69DDC36E2EAD7993308AD77C7F30C7A34

SSDEEP:

98304:vgHiOMgrqnZO70gzg/hwEqifa8P8rpZqDyErShPtBWxF03MqUvGSBg3v6ya523br:IKSY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • rundll32.exe (PID: 3672)
      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)
      • SBVIPRE_FW_PRO_EN.11.0.5.203.exe (PID: 1336)
      • SBAMSvc.exe (PID: 2052)
      • VipreEdgeProtection.exe (PID: 3560)

    • Creates a writable file in the system directory

      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)
      • SBVIPRE_FW_PRO_EN.11.0.5.203.exe (PID: 1336)
      • SBAMSvc.exe (PID: 2052)
      • VipreEdgeProtection.exe (PID: 3560)

    • Reads Microsoft Outlook installation path

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Reads the Internet Settings

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Reads security settings of Internet Explorer

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Reads Internet Explorer settings

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Process requests binary or script from the Internet

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Checks Windows Trust Settings

      • vipre-advanced-security.exe (PID: 2908)

    • Reads settings of System Certificates

      • vipre-advanced-security.exe (PID: 2908)

    • Creates/Modifies COM task schedule object

      • vipre-advanced-security.exe (PID: 2908)

    • Drops a system driver (possible attempt to evade defenses)

      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)
      • SBAMSvc.exe (PID: 2052)
      • VipreEdgeProtection.exe (PID: 3560)

    • Creates files in the driver directory

      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Searches for installed software

      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Starts itself from another location

      • SBVIPRE_FW_PRO_EN.11.0.5.203.exe (PID: 2488)

    • The process verifies whether the antivirus software is installed

      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Executes as Windows Service

      • VipreEdgeProtection.exe (PID: 3560)
      • SBAMSvc.exe (PID: 2052)

  • INFO

    • Checks supported languages

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Manual execution by a user

      • explorer.exe (PID: 3536)
      • vipre-advanced-security.exe (PID: 2908)
      • taskmgr.exe (PID: 2976)

    • Reads the computer name

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Reads the machine GUID from the registry

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Create files in a temporary directory

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Creates files or folders in the user directory

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Checks proxy server information

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Reads product name

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Reads Environment values

      • vipre-advanced-security.exe (PID: 2908)
      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)

    • Reads the software policy settings

      • vipre-advanced-security.exe (PID: 2908)

    • Creates files in the program directory

      • Setup-VAS-en-US-11.0.6.22.exe (PID: 1888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.ax | DirectShow filter (53.2)
.odttf | Obfuscated subsetted Font (13.7)
.exe | Win32 Executable (generic) (1.1)
.exe | Generic Win/DOS Executable (0.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:05:09 17:28:43+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.11
CodeSize: 2428928
InitializedDataSize: 3485184
UninitializedDataSize: -
EntryPoint: 0x1fec21
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 10.3.4.2
ProductVersionNumber: 10.3.4.2
FileFlagsMask: 0x003f
FileFlags: Pre-release
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: VIPRE Security
FileDescription: VIPRE Setup
FileVersion: 10.3.4.2
InternalName: InstallVIPRE.exe
LegalCopyright: Copyright © 2018 VIPRE Security
ProductName: VIPRE Advanced Security
ProductVersion: 10.3.4.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
152
Monitored processes
18
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start rundll32.exe no specs explorer.exe no specs vipre-advanced-security.exe setup-vas-en-us-11.0.6.22.exe sbvipre_fw_pro_en.11.0.5.203.exe no specs sbvipre_fw_pro_en.11.0.5.203.exe msiexec.exe no specs runonce.exe no specs grpconv.exe no specs runonce.exe no specs grpconv.exe no specs vipreedgeprotection.exe sbamsvc.exe sbamtray.exe no specs taskmgr.exe no specs perfmon.exe perfmon.exe devicedisplayobjectprovider.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
668"C:\Windows\System32\grpconv.exe" -oC:\Windows\System32\grpconv.exerunonce.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Progman Group Converter
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1072"C:\Program Files\VIPRE\SBAMTray.exe"C:\Program Files\VIPRE\SBAMTray.exeSBAMSvc.exe
User:
admin
Company:
ThreatTrack Security, Inc.
Integrity Level:
MEDIUM
Description:
SBAMTray Application
Exit code:
0
Version:
11.0.5.203
1336C:\Users\admin\AppData\Local\Temp\{49B1AF2B-47A9-4B25-9604-6413C2BD4790}\SBVIPRE_FW_PRO_EN.11.0.5.203.exe /q"C:\Users\admin\AppData\Local\VIPRE\Setup\SBVIPRE_FW_PRO_EN.11.0.5.203.exe" /tempdisk1folder"C:\Users\admin\AppData\Local\Temp\{49B1AF2B-47A9-4B25-9604-6413C2BD4790}" -s -v"INSTALLDIR=\"C:\Program Files\VIPRE\" /qn /norestart /L*v C:\Users\admin\AppData\Local\Temp\VIPREINSTALL_20240216_231958.log" /clone_wait /IS_tempC:\Users\admin\AppData\Local\Temp\{49B1AF2B-47A9-4B25-9604-6413C2BD4790}\SBVIPRE_FW_PRO_EN.11.0.5.203.exe
SBVIPRE_FW_PRO_EN.11.0.5.203.exe
User:
admin
Company:
ThreatTrack Security, Inc.
Integrity Level:
HIGH
Description:
VIPRE Advanced Security
Exit code:
0
Version:
11.0.5.203
1888"C:\Users\admin\AppData\Local\VIPRE\Setup\Setup-VAS-en-US-11.0.6.22.exe" /PAGE 0 /SKIPCHECK /SVEN Sunbelt /SVER 10.3.0.0C:\Users\admin\AppData\Local\VIPRE\Setup\Setup-VAS-en-US-11.0.6.22.exe
vipre-advanced-security.exe
User:
admin
Company:
VIPRE Security
Integrity Level:
HIGH
Description:
VIPRE Setup
Exit code:
0
Version:
11.0.6.22
Modules
Images
c:\users\admin\appdata\local\vipre\setup\setup-vas-en-us-11.0.6.22.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2028"C:\Windows\system32\runonce.exe" -rC:\Windows\System32\runonce.exesbsetupdrivers.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Run Once Wrapper
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2052"C:\Program Files\VIPRE\SBAMSvc.exe"C:\Program Files\VIPRE\SBAMSvc.exe
services.exe
User:
SYSTEM
Company:
ThreatTrack Security, Inc.
Integrity Level:
SYSTEM
Description:
Anti Malware Service
Exit code:
0
Version:
11.0.5.203
2488SBVIPRE_FW_PRO_EN.11.0.5.203.exe -s -v"INSTALLDIR=\"C:\Program Files\VIPRE\" /qn /norestart /L*v C:\Users\admin\AppData\Local\Temp\VIPREINSTALL_20240216_231958.log" /clone_waitC:\Users\admin\AppData\Local\VIPRE\Setup\SBVIPRE_FW_PRO_EN.11.0.5.203.exeSetup-VAS-en-US-11.0.6.22.exe
User:
admin
Company:
ThreatTrack Security, Inc.
Integrity Level:
HIGH
Description:
VIPRE Advanced Security
Exit code:
0
Version:
11.0.5.203
2592"C:\Windows\system32\MSIEXEC.EXE" /i "C:\ProgramData\Downloaded Installations\{2AA218C6-7766-49C7-8C8D-0263DFA72DD5}\{C4EF74D2-9EF0-4B3C-ABF9-BF68149808C1}\VIPRE Advanced Security.msi" /l*v C:\Users\admin\AppData\Local\Temp\VIPREInternetSecurityProInstaller.log INSTALLDIR="C:\Program Files\VIPRE" /qn /norestart /L*v C:\Users\admin\AppData\Local\Temp\VIPREINSTALL_20240216_231958.log SETUPEXEDIR="C:\Users\admin\AppData\Local\VIPRE\Setup" SETUPEXENAME="SBVIPRE_FW_PRO_EN.11.0.5.203.exe"C:\Windows\System32\msiexec.exeSBVIPRE_FW_PRO_EN.11.0.5.203.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
2740"C:\Windows\system32\runonce.exe" -rC:\Windows\System32\runonce.exesbsetupdrivers.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Run Once Wrapper
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2908"C:\Users\admin\AppData\Local\Temp\vipre-advanced-security.exe" C:\Users\admin\AppData\Local\Temp\vipre-advanced-security.exe
explorer.exe
User:
admin
Company:
VIPRE Security
Integrity Level:
HIGH
Description:
VIPRE Setup
Exit code:
1
Version:
10.3.4.2
Modules
Images
c:\users\admin\appdata\local\temp\vipre-advanced-security.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
331 376
Read events
331 297
Write events
65
Delete events
14

Modification events

(PID) Process:(2908) vipre-advanced-security.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\SBAMSvc
Operation:writeName:InstallerOrigin
Value:
0
(PID) Process:(2908) vipre-advanced-security.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2908) vipre-advanced-security.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(2908) vipre-advanced-security.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(2908) vipre-advanced-security.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(2908) vipre-advanced-security.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(2908) vipre-advanced-security.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2908) vipre-advanced-security.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2908) vipre-advanced-security.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2908) vipre-advanced-security.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
Executable files
88
Suspicious files
864
Text files
60
Unknown types
34

Dropped files

PID
Process
Filename
Type
2908vipre-advanced-security.exeC:\Users\admin\AppData\Local\Temp\VIPRE\Telemetry\202421623190886.xmlxml
MD5:8B62CB1C1D13CAAFF27EBE9EFD9A3143
SHA256:7FA4B044E04D171AA5A967C92EB88DF0CF7ACEBCD913AEF7D9EDFC5F23D69ACE
1888Setup-VAS-en-US-11.0.6.22.exeC:\Users\admin\AppData\Local\Temp\VIPRE\Telemetry\202421623199183.xmlxml
MD5:8B62CB1C1D13CAAFF27EBE9EFD9A3143
SHA256:7FA4B044E04D171AA5A967C92EB88DF0CF7ACEBCD913AEF7D9EDFC5F23D69ACE
2908vipre-advanced-security.exeC:\Users\admin\AppData\Local\VIPRE\Setup\Setup-VAS-en-US-11.0.6.22.exeexecutable
MD5:D591083145DEA02BC426137D2929E31D
SHA256:94DCFDC5D4687BD658C841F20AD7C4429517E007030EEFB296E23E9BFEF374DA
2908vipre-advanced-security.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:AC05D27423A85ADC1622C714F2CB6184
SHA256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D
1888Setup-VAS-en-US-11.0.6.22.exeC:\Users\admin\AppData\Local\VIPRE\Setup\SBVIPRE_FW_PRO_EN.11.0.5.203.exe
MD5:
SHA256:
2488SBVIPRE_FW_PRO_EN.11.0.5.203.exeC:\Users\admin\AppData\Local\Temp\{49B1AF2B-47A9-4B25-9604-6413C2BD4790}\SBVIPRE_FW_PRO_EN.11.0.5.203.exe
MD5:
SHA256:
2908vipre-advanced-security.exeC:\Users\admin\AppData\Local\Temp\Tar1F56.tmpbinary
MD5:9C0C641C06238516F27941AA1166D427
SHA256:4276AF3669A141A59388BC56A87F6614D9A9BDDDF560636C264219A7EB11256F
2908vipre-advanced-security.exeC:\Users\admin\AppData\Local\VIPRE\Setup\XceedZip.dllexecutable
MD5:D878A2BC11737EB718E984F78A3C5479
SHA256:D8B3D2795D55E3E7F42C4950CFC3267824F4071B1BAD6335A2FA421C727CA534
2908vipre-advanced-security.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:30B3CAFBA86A250F2021D57296D2EECE
SHA256:C3CE31AF06F6326A6AE8113C422A9EF623E811E23E1990FA819A20F2EF20F94D
2908vipre-advanced-security.exeC:\Users\admin\AppData\Local\Temp\Cab1F55.tmpcompressed
MD5:AC05D27423A85ADC1622C714F2CB6184
SHA256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
477
TCP/UDP connections
32
DNS requests
19
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2908
vipre-advanced-security.exe
GET
200
172.64.147.110:80
http://updates.sunbeltsoftware.com/SPURS/spurs.aspx?product=422&package=SoftwareInstaller&stage=0&vendor=Sunbelt&language=EN&userkey=&appversion=10.3.4.2&requestorpackageversion=0&siteid=000&status=5&OS=&SP=&getmanifest=1
unknown
xml
479 b
unknown
2908
vipre-advanced-security.exe
GET
200
172.64.147.110:80
http://updates.sunbeltsoftware.com/SPURS/spurs.aspx?product=422&package=SoftwareInstaller&stage=0&vendor=Sunbelt&language=EN&userkey=&appversion=11.0.6.2&requestorpackageversion=11.0.6.2&siteid=000&agentsiteguid=NOT_AN_AGENT&status=5&OS=Windows%207%20Professional&SP=1&getmanifest=1
unknown
xml
902 b
unknown
2908
vipre-advanced-security.exe
GET
200
104.124.11.58:80
http://bdefs.threattrack.com/updates/SpursEditFiles/Updates/SoftwareInstaller/Setup-VAS-en-US-11.0.6.22.exe
unknown
executable
6.11 Mb
unknown
2908
vipre-advanced-security.exe
GET
200
173.222.108.226:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6838fae63b9d0d3c
unknown
compressed
65.2 Kb
unknown
2908
vipre-advanced-security.exe
POST
404
52.5.17.133:80
http://threatnet.threattrack.com/ThreatNetRestService/SendFileService.svc/ThreatNetTransferFile?
unknown
html
1.22 Kb
unknown
1888
Setup-VAS-en-US-11.0.6.22.exe
GET
200
172.64.147.110:80
http://updates.sunbeltsoftware.com/SPURS/spurs.aspx?product=422&package=CARTSDK&stage=0&vendor=Sunbelt&language=EN&userkey=&appversion=10.3.0.0&requestorpackageversion=0&siteid=000&status=5&OS=&SP=&getmanifest=1
unknown
xml
414 b
unknown
1888
Setup-VAS-en-US-11.0.6.22.exe
GET
200
172.64.147.110:80
http://updates.sunbeltsoftware.com/SPURS/spurs.aspx?product=422&package=CARTDefXML&stage=0&vendor=Sunbelt&language=EN&userkey=&appversion=10.3.0.0&requestorpackageversion=0&siteid=000&status=5&OS=&SP=&getmanifest=1
unknown
xml
393 b
unknown
1888
Setup-VAS-en-US-11.0.6.22.exe
GET
200
172.64.147.110:80
http://updates.sunbeltsoftware.com/SPURS/spurs.aspx?product=422&package=CARTSDK&stage=0&vendor=Sunbelt&language=EN&userkey=&appversion=10.3.0.0&requestorpackageversion=0&siteid=000&agentsiteguid=NOT_AN_AGENT&status=5&OS=Windows%207%20Professional&SP=1&getmanifest=1
unknown
xml
414 b
unknown
1888
Setup-VAS-en-US-11.0.6.22.exe
GET
200
104.124.11.58:80
http://bdefs.threattrack.com/updates/SpursEditFiles/Updates/CART/CARTSDK/CARTSDK-EN-53.zip
unknown
compressed
638 Kb
unknown
1888
Setup-VAS-en-US-11.0.6.22.exe
GET
200
172.64.147.110:80
http://updates.sunbeltsoftware.com/SPURS/spurs.aspx?product=422&package=CARTDefXML&stage=0&vendor=Sunbelt&language=EN&userkey=&appversion=10.3.0.0&requestorpackageversion=0&siteid=000&agentsiteguid=NOT_AN_AGENT&status=5&OS=Windows%207%20Professional&SP=1&getmanifest=1
unknown
xml
393 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2908
vipre-advanced-security.exe
172.64.147.110:80
updates.sunbeltsoftware.com
CLOUDFLARENET
US
unknown
2908
vipre-advanced-security.exe
104.124.11.58:80
bdefs.threattrack.com
Akamai International B.V.
DE
unknown
2908
vipre-advanced-security.exe
173.222.108.226:80
ctldl.windowsupdate.com
Akamai International B.V.
CH
unknown
2908
vipre-advanced-security.exe
52.5.17.133:80
threatnet.threattrack.com
AMAZON-AES
US
unknown
1888
Setup-VAS-en-US-11.0.6.22.exe
172.64.147.110:80
updates.sunbeltsoftware.com
CLOUDFLARENET
US
unknown
1888
Setup-VAS-en-US-11.0.6.22.exe
104.124.11.58:80
bdefs.threattrack.com
Akamai International B.V.
DE
unknown
1888
Setup-VAS-en-US-11.0.6.22.exe
104.124.11.42:80
ec.threattrack.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
updates.sunbeltsoftware.com
  • 172.64.147.110
  • 104.18.40.146
unknown
bdefs.threattrack.com
  • 104.124.11.58
  • 104.124.11.40
  • 23.50.131.30
  • 23.50.131.28
unknown
ctldl.windowsupdate.com
  • 173.222.108.226
  • 173.222.108.210
whitelisted
threatnet.threattrack.com
  • 52.5.17.133
  • 100.26.39.156
  • 3.228.79.217
  • 35.153.64.141
  • 44.208.154.63
  • 3.214.53.186
unknown
ec.threattrack.com
  • 104.124.11.42
  • 104.124.11.41
unknown
www.sunbeltsoftware.com
  • 172.64.147.110
  • 104.18.40.146
unknown
nimbus.bitdefender.net
  • 34.120.68.241
unknown
mclb-gcp.nimbus.bitdefender.net
  • 34.149.211.227
unknown
eu.nimbus.bitdefender.net
  • 34.120.68.241
unknown
elb-lon-gcp.nimbus.bitdefender.net
  • 34.120.67.236
unknown

Threats

PID
Process
Class
Message
2908
vipre-advanced-security.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
2908
vipre-advanced-security.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1888
Setup-VAS-en-US-11.0.6.22.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
1888
Setup-VAS-en-US-11.0.6.22.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
vipre-advanced-security.exe