File name:

33594725.zip

Full analysis: https://app.any.run/tasks/aa065eca-7dd6-4253-990a-4a4f3e39f6e7
Verdict: Malicious activity
Analysis date: November 08, 2023, 09:35:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

79D92DBCF30737B39F784C62E6023F6F

SHA1:

B0D87484F6121A8E00A68A5DCAF00614F1B83E94

SHA256:

39CD6E9EF0E67FCB7A7F7BD3C7C629743C2D375621056B0DFD84C82EACB1EB38

SSDEEP:

98304:DNoG+Zu1fzi2qGWcnbbqD7Hm734vpb5kjhnli41WBQAd77OZ/TDRPynEldy5htXf:VeJCxYIx8ft8VMget0yPWyJznV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • DefenderMouserSetup.exe (PID: 3400)
      • DefenderMouserSetup.exe (PID: 3540)
      • VInputInstall.exe (PID: 3864)
      • drvinst.exe (PID: 3908)
      • drvinst.exe (PID: 1608)
      • DefenderMouserSetup.tmp (PID: 3276)
      • drvinst.exe (PID: 1088)
      • drvinst.exe (PID: 1988)
      • drvinst.exe (PID: 860)

    • Creates a writable file the system directory

      • drvinst.exe (PID: 3908)
      • drvinst.exe (PID: 1608)
      • drvinst.exe (PID: 1988)
      • drvinst.exe (PID: 1088)
      • drvinst.exe (PID: 860)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • DefenderMouserSetup.tmp (PID: 3276)

    • Process drops legitimate windows executable

      • DefenderMouserSetup.tmp (PID: 3276)
      • VInputInstall.exe (PID: 3864)
      • drvinst.exe (PID: 3908)
      • drvinst.exe (PID: 1608)
      • drvinst.exe (PID: 1988)

    • Drops a system driver (possible attempt to evade defenses)

      • DefenderMouserSetup.tmp (PID: 3276)
      • VInputInstall.exe (PID: 3864)
      • drvinst.exe (PID: 3908)
      • drvinst.exe (PID: 1608)
      • drvinst.exe (PID: 1988)
      • drvinst.exe (PID: 1088)
      • drvinst.exe (PID: 860)

    • Creates files in the driver directory

      • drvinst.exe (PID: 3908)
      • drvinst.exe (PID: 1608)
      • drvinst.exe (PID: 1988)
      • drvinst.exe (PID: 1088)
      • drvinst.exe (PID: 860)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 3908)
      • drvinst.exe (PID: 1608)
      • drvinst.exe (PID: 1988)
      • VInputInstall.exe (PID: 3864)
      • drvinst.exe (PID: 1088)
      • drvinst.exe (PID: 860)
      • drvinst.exe (PID: 292)

    • Reads settings of System Certificates

      • rundll32.exe (PID: 3988)
      • rundll32.exe (PID: 1508)
      • rundll32.exe (PID: 2300)
      • VInputInstall.exe (PID: 3864)

    • Executes as Windows Service

      • VSSVC.exe (PID: 3968)

    • Reads security settings of Internet Explorer

      • VInputInstall.exe (PID: 3864)

    • Reads the Internet Settings

      • rundll32.exe (PID: 2252)
      • downloader.exe (PID: 3008)

  • INFO

    • Reads the computer name

      • DefenderMouserSetup.tmp (PID: 3276)
      • DefenderMouserSetup.tmp (PID: 2904)
      • mouse_hardware_id.exe (PID: 3756)
      • mouse_hardware_id.exe (PID: 3852)
      • VInputInstall.exe (PID: 3864)
      • drvinst.exe (PID: 3908)
      • drvinst.exe (PID: 1608)
      • drvinst.exe (PID: 1988)
      • drvinst.exe (PID: 1088)
      • drvinst.exe (PID: 292)
      • drvinst.exe (PID: 860)
      • DefenderGameCenter.exe (PID: 3392)
      • wmpnscfg.exe (PID: 3056)
      • downloader.exe (PID: 3008)

    • Checks supported languages

      • DefenderMouserSetup.exe (PID: 3540)
      • DefenderMouserSetup.exe (PID: 3400)
      • DefenderMouserSetup.tmp (PID: 3276)
      • DefenderMouserSetup.tmp (PID: 2904)
      • mouse_hardware_id.exe (PID: 3756)
      • mouse_hardware_id.exe (PID: 3852)
      • VInputInstall.exe (PID: 3864)
      • drvinst.exe (PID: 3908)
      • drvinst.exe (PID: 1608)
      • drvinst.exe (PID: 1988)
      • drvinst.exe (PID: 1088)
      • drvinst.exe (PID: 292)
      • downloader.exe (PID: 3008)
      • DefenderGameCenter.exe (PID: 3392)
      • wmpnscfg.exe (PID: 3056)
      • DefenderGameCenter.exe (PID: 3224)
      • drvinst.exe (PID: 860)
      • DefenderGameCenter.exe (PID: 1496)
      • DefenderGameCenter.exe (PID: 3508)
      • DefenderGameCenter.exe (PID: 3844)
      • DefenderGameCenter.exe (PID: 3888)
      • DefenderGameCenter.exe (PID: 1376)
      • DefenderGameCenter.exe (PID: 4088)
      • DefenderGameCenter.exe (PID: 3840)
      • DefenderGameCenter.exe (PID: 3252)
      • DefenderGameCenter.exe (PID: 2584)
      • DefenderGameCenter.exe (PID: 3988)
      • DefenderGameCenter.exe (PID: 916)
      • DefenderGameCenter.exe (PID: 3760)
      • DefenderGameCenter.exe (PID: 2068)

    • Create files in a temporary directory

      • DefenderMouserSetup.exe (PID: 3540)
      • DefenderMouserSetup.tmp (PID: 3276)
      • DefenderMouserSetup.exe (PID: 3400)
      • VInputInstall.exe (PID: 3864)
      • downloader.exe (PID: 3008)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3460)

    • Creates files in the program directory

      • DefenderMouserSetup.tmp (PID: 3276)

    • Reads the machine GUID from the registry

      • VInputInstall.exe (PID: 3864)
      • drvinst.exe (PID: 3908)
      • drvinst.exe (PID: 1608)
      • drvinst.exe (PID: 1988)
      • drvinst.exe (PID: 1088)
      • drvinst.exe (PID: 860)
      • downloader.exe (PID: 3008)
      • drvinst.exe (PID: 292)
      • wmpnscfg.exe (PID: 3056)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 3988)
      • rundll32.exe (PID: 1508)
      • rundll32.exe (PID: 2300)

    • Checks proxy server information

      • downloader.exe (PID: 3008)

    • Manual execution by a user

      • DefenderGameCenter.exe (PID: 3392)
      • wmpnscfg.exe (PID: 3056)
      • DefenderGameCenter.exe (PID: 3224)
      • DefenderGameCenter.exe (PID: 1496)
      • DefenderGameCenter.exe (PID: 3508)
      • DefenderGameCenter.exe (PID: 916)
      • DefenderGameCenter.exe (PID: 4088)
      • DefenderGameCenter.exe (PID: 3888)
      • DefenderGameCenter.exe (PID: 2584)
      • DefenderGameCenter.exe (PID: 3840)
      • DefenderGameCenter.exe (PID: 3252)
      • DefenderGameCenter.exe (PID: 3844)
      • DefenderGameCenter.exe (PID: 3988)
      • DefenderGameCenter.exe (PID: 1376)
      • DefenderGameCenter.exe (PID: 2068)
      • DefenderGameCenter.exe (PID: 3760)

    • Creates files or folders in the user directory

      • downloader.exe (PID: 3008)

    • Reads Microsoft Office registry keys

      • WinRAR.exe (PID: 3460)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2022:08:23 16:32:28
ZipCRC: 0xe7cb243c
ZipCompressedSize: 3242346
ZipUncompressedSize: 3271168
ZipFileName: DefenderMouser/Defender GameCenter Software Manual ENG.docx
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
86
Monitored processes
39
Malicious processes
14
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs defendermousersetup.exe no specs defendermousersetup.tmp no specs defendermousersetup.exe defendermousersetup.tmp no specs mouse_hardware_id.exe no specs mouse_hardware_id.exe no specs vinputinstall.exe no specs drvinst.exe no specs rundll32.exe no specs vssvc.exe no specs drvinst.exe no specs rundll32.exe no specs drvinst.exe no specs rundll32.exe no specs drvinst.exe drvinst.exe rundll32.exe no specs dinotify.exe no specs drvinst.exe downloader.exe defendergamecenter.exe no specs wmpnscfg.exe no specs defendergamecenter.exe no specs defendergamecenter.exe no specs winword.exe no specs winword.exe no specs defendergamecenter.exe no specs defendergamecenter.exe no specs defendergamecenter.exe no specs defendergamecenter.exe no specs defendergamecenter.exe no specs defendergamecenter.exe no specs defendergamecenter.exe no specs defendergamecenter.exe no specs defendergamecenter.exe no specs defendergamecenter.exe no specs defendergamecenter.exe no specs defendergamecenter.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
292DrvInst.exe "1" "200" "VINPUT\MOUSE\1&79f5d87&0" "" "" "652d2674f" "00000000" "000005DC" "000005F0"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
824"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Rar$DIa3460.24179\Defender GameCenter Software Manual RUS-1.doc"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Exit code:
0
Version:
14.0.6024.1000
Modules
Images
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
860DrvInst.exe "1" "200" "VINPUT\KEYBOARD\1&79f5d87&0" "" "" "67758afa3" "00000000" "0000062C" "00000628"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
916"C:\Program Files\Defender\DefenderMouser\DefenderGameCenter.exe" GameMouseOnlyC:\Program Files\Defender\DefenderMouser\DefenderGameCenter.exeexplorer.exe
User:
admin
Company:
Defender
Integrity Level:
MEDIUM
Exit code:
0
Version:
0.0.3.144
Modules
Images
c:\program files\defender\defendermouser\defendergamecenter.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1088DrvInst.exe "2" "201" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem2.inf" "vinputbus.inf:Standard.NTx86:VInputBus_Device:6.1.7600.16385:root\vinputbus" "6ca16dc37" "0000054C" "000005DC" "000005E0"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1248"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Rar$DIa3460.25959\Defender GameCenter Software Manual ENG.docx"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Exit code:
0
Version:
14.0.6024.1000
Modules
Images
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
1376"C:\Program Files\Defender\DefenderMouser\DefenderGameCenter.exe" OfficeMouseOnlyC:\Program Files\Defender\DefenderMouser\DefenderGameCenter.exeexplorer.exe
User:
admin
Company:
Defender
Integrity Level:
MEDIUM
Exit code:
0
Version:
0.0.3.144
Modules
Images
c:\program files\defender\defendermouser\defendergamecenter.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1496"C:\Program Files\Defender\DefenderMouser\DefenderGameCenter.exe" GameMouseOnlyC:\Program Files\Defender\DefenderMouser\DefenderGameCenter.exeexplorer.exe
User:
admin
Company:
Defender
Integrity Level:
MEDIUM
Exit code:
0
Version:
0.0.3.144
Modules
Images
c:\program files\defender\defendermouser\defendergamecenter.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1508rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{4db60523-a818-6cc0-3ff3-1d74aa07f06f} Global\{5a742e04-a125-53bf-b03e-a9404f0bd16b} C:\Windows\System32\DriverStore\Temp\{6e04f06b-a4df-255a-e8cf-f2696b33af35}\VInputMouse.inf C:\Windows\System32\DriverStore\Temp\{6e04f06b-a4df-255a-e8cf-f2696b33af35}\VInput.catC:\Windows\System32\rundll32.exedrvinst.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
1608DrvInst.exe "4" "20" "C:\Users\admin\AppData\Local\Temp\{3eb03a91-ad61-37b2-42c0-1f24d34fa850}\VInputMouse.inf" "0" "6c7418f7b" "00000388" "WinSta0\Default" "0000054C" "208" "C:\Program Files\Defender\DefenderMouser\Vinput\WinXP\x86chk\VInput"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
46 046
Read events
44 984
Write events
812
Delete events
250

Modification events

(PID) Process:(3460) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3460) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3460) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3460) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3460) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3460) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3460) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3460) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3460) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3460) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
99
Suspicious files
99
Text files
576
Unknown types
0

Dropped files

PID
Process
Filename
Type
3460WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3460.13889\DefenderMouser\Defender GameCenter Software Manual RUS-1.docdocument
MD5:1283C2DA3D0162EEA068773ECD907257
SHA256:14FAE8174D35A57BDEEDF6DB3B02A9A2E0BF4324ACCD4723FA8B2E4F1D8594DC
3460WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3460.13889\DefenderMouser\Defender GameCenter Software Manual ENG.docxdocument
MD5:84E64275F2E50DBB91C9175F76DA6707
SHA256:CF88EF7EBEDFA9F9A0CF0545D413B287C5456F90A58AD0F49875D99D140B37F5
3276DefenderMouserSetup.tmpC:\ProgramData\Defender\DefenderMouser\Profiles\is-P87QH.tmptext
MD5:F723EBA5A6EA2DECF1398CF4907EE333
SHA256:07FCB34399C5A80447E034A1E4EA23A882D763F4BB35D5DE9E5B7CE204E6AC35
3460WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3460.13889\DefenderMouser\DefenderMouserSetup.exeexecutable
MD5:FDB8FD927EEE03E163B40BEA9069D1C0
SHA256:BBF77120F3F72F49C887620D7EAEECF0ECDC9EEFB25A8CCB9FC6304D3D5E1AA0
3276DefenderMouserSetup.tmpC:\Program Files\Defender\DefenderMouser\is-95322.tmpexecutable
MD5:AFA2CBC7C54E8A2777CC778A2C83EE19
SHA256:9FE0348A6B14E12E5BAE080ECD2531B07E181F549012CD998EC8FAE2C529DC1F
3400DefenderMouserSetup.exeC:\Users\admin\AppData\Local\Temp\is-3FS73.tmp\DefenderMouserSetup.tmpexecutable
MD5:60F296313E15B4DE307FE024786825BA
SHA256:618C1EAF3867BBDC7673AA4C8C88DDBE73B73CA38ECD3DEB0F975E5C4F6AC63C
3276DefenderMouserSetup.tmpC:\ProgramData\Defender\DefenderMouser\Macros\is-7BMEN.tmptext
MD5:1E4554AE174B0DF215F2A49895962E38
SHA256:31BF5644F9B28CE0007FC7D9AB5CA812E7725745EC32F011DC57A0C67820A957
3276DefenderMouserSetup.tmpC:\Program Files\Defender\DefenderMouser\is-1R4LQ.tmpimage
MD5:3005168A82C7034BBA3D2FDB461DC63A
SHA256:C4DA409558AB6596B8B7982E5E211B0D15398A088B322824C40B5A4AD35C69E7
3276DefenderMouserSetup.tmpC:\Program Files\Defender\DefenderMouser\is-O3JEC.tmpexecutable
MD5:0FAF24DD324B470C2D3E9DF55BD78EE3
SHA256:6E0AD3613C1771F39C7CCCC908A7BF08210EFF361070049F7E1AD2EE6E201753
3276DefenderMouserSetup.tmpC:\Program Files\Defender\DefenderMouser\Office.icoimage
MD5:3005168A82C7034BBA3D2FDB461DC63A
SHA256:C4DA409558AB6596B8B7982E5E211B0D15398A088B322824C40B5A4AD35C69E7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
8
DNS requests
4
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3008
downloader.exe
GET
302
5.45.205.245:80
http://downloader.yandex.net/yandex-pack/downloader/info.rss
unknown
unknown
3008
downloader.exe
GET
302
5.45.205.245:80
http://downloader.yandex.net/yandex-pack/8971/YandexPackSetup.exe
unknown
unknown
3008
downloader.exe
GET
149.5.241.43:80
http://ext-cachev2-cogent03.cdn.yandex.net/downloader.yandex.net/yandex-pack/8971/YandexPackSetup.exe?lid=1503
unknown
unknown
3008
downloader.exe
GET
200
185.70.202.14:80
http://ext-cachev2-itt02.cdn.yandex.net/downloader.yandex.net/yandex-pack/downloader/info.rss?lid=1529
unknown
xml
267 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3008
downloader.exe
5.45.205.245:80
downloader.yandex.net
YANDEX LLC
RU
unknown
3008
downloader.exe
185.70.202.14:80
ext-cachev2-itt02.cdn.yandex.net
TELECOM ITALIA SPARKLE S.p.A.
IT
unknown
3008
downloader.exe
149.5.241.43:80
ext-cachev2-cogent03.cdn.yandex.net
COGENT-174
FR
unknown

DNS requests

Domain
IP
Reputation
downloader.yandex.net
  • 5.45.205.245
  • 5.45.205.241
  • 5.45.205.242
  • 5.45.205.243
  • 5.45.205.244
whitelisted
ext-cachev2-itt02.cdn.yandex.net
  • 185.70.202.14
whitelisted
ext-cachev2-cogent03.cdn.yandex.net
  • 149.5.241.43
whitelisted

Threats

PID
Process
Class
Message
3008
downloader.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
drvinst.exe
WdfCoInstaller: [11/08/2023 09:37.00.311] DIF_INSTALLDEVICE: Pre-Processing
drvinst.exe
WdfCoInstaller: [11/08/2023 09:37.00.327] ReadComponents: WdfSection for Driver Service VInputBus using KMDF lib version Major 0x1, minor 0x9
drvinst.exe
WdfCoInstaller: [11/08/2023 09:37.04.092] DIF_INSTALLDEVICE: Post-Processing
drvinst.exe
WdfCoInstaller: [11/08/2023 09:37.05.432] DIF_INSTALLDEVICE: Pre-Processing
drvinst.exe
WdfCoInstaller: [11/08/2023 09:37.05.479] ReadComponents: WdfSection for Driver Service VInputFunc using KMDF lib version Major 0x1, minor 0x9
drvinst.exe
WdfCoInstaller: [11/08/2023 09:37.05.620] DIF_INSTALLDEVICE: Post-Processing
drvinst.exe
WdfCoInstaller: [11/08/2023 09:37.06.010] DIF_INSTALLDEVICE: Pre-Processing
drvinst.exe
WdfCoInstaller: [11/08/2023 09:37.06.015] ReadComponents: WdfSection for Driver Service VInputFunc using KMDF lib version Major 0x1, minor 0x9
drvinst.exe
WdfCoInstaller: [11/08/2023 09:37.06.114] DIF_INSTALLDEVICE: Post-Processing
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
33594725.zip