File name:

quick-view-plus_6zBb-C1.exe

Full analysis: https://app.any.run/tasks/c83b9c80-4e24-482f-b253-f1a595966269
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: February 16, 2025, 08:45:48
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
adware
innosetup
delphi
inno
installer
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

DEC7ECDC18936AB5812B9775228C533C

SHA1:

0268F7E8F1C73B8F7E4DB06C0CBA34165797D2C5

SHA256:

3EEFC6D97C40705859D703A5D5B1FFE4A6250CDEEBE579A9B5053230FF284901

SSDEEP:

98304:urq3Bdwu/Kiy69v/P4IzQ0eHJI7Ncm3g2irf2J8OQij8jRZukpXMDmdcq465cDC4:AtIp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • INNOSETUP has been detected (SURICATA)

      • quick-view-plus_6zBb-C1.tmp (PID: 6544)

    • Executing a file with an untrusted certificate

      • prereq.exe (PID: 6372)
      • InstallShield Licensing Service.exe (PID: 6792)

    • Changes the autorun value in the registry

      • vcredist_x86.exe (PID: 396)
      • VCREDI~3.EXE (PID: 836)
      • InstallShield Licensing Service.exe (PID: 6792)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • quick-view-plus_6zBb-C1.exe (PID: 6340)
      • quick-view-plus_6zBb-C1.exe (PID: 6520)
      • quick-view-plus_6zBb-C1.tmp (PID: 6544)
      • quick-view-plus.exe (PID: 128)
      • VCREDI~3.EXE (PID: 836)
      • vcredist_x86.exe (PID: 396)
      • TiWorker.exe (PID: 6968)
      • qvp32.exe (PID: 5224)

    • Reads security settings of Internet Explorer

      • quick-view-plus_6zBb-C1.tmp (PID: 6364)
      • quick-view-plus_6zBb-C1.tmp (PID: 6544)

    • Reads the Windows owner or organization settings

      • quick-view-plus_6zBb-C1.tmp (PID: 6544)
      • msiexec.exe (PID: 4400)

    • Access to an unwanted program domain was detected

      • quick-view-plus_6zBb-C1.tmp (PID: 6544)

    • Potential Corporate Privacy Violation

      • quick-view-plus_6zBb-C1.tmp (PID: 6544)

    • Process requests binary or script from the Internet

      • quick-view-plus_6zBb-C1.tmp (PID: 6544)

    • There is functionality for taking screenshot (YARA)

      • quick-view-plus_6zBb-C1.tmp (PID: 6544)
      • quick-view-plus.exe (PID: 128)

    • Searches for installed software

      • quick-view-plus.exe (PID: 128)
      • prereq.exe (PID: 6372)
      • qvp32.exe (PID: 5224)

    • Process drops legitimate windows executable

      • quick-view-plus.exe (PID: 128)
      • vcredist_x86.exe (PID: 396)
      • msiexec.exe (PID: 4400)
      • TiWorker.exe (PID: 6968)

    • Executes application which crashes

      • quick-view-plus_6zBb-C1.tmp (PID: 6544)

    • Starts a Microsoft application from unusual location

      • VCREDI~3.EXE (PID: 836)
      • vcredist_x86.exe (PID: 396)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 4400)
      • TiWorker.exe (PID: 6968)

    • Executes as Windows Service

      • InstallShield Licensing Service.exe (PID: 6792)

    • Reads Internet Explorer settings

      • quick-view-plus.exe (PID: 128)
      • qvp32.exe (PID: 5224)

    • Creates a software uninstall entry

      • quick-view-plus.exe (PID: 128)

    • The process creates files with name similar to system file names

      • quick-view-plus.exe (PID: 128)
      • qvp32.exe (PID: 5224)

    • Creates/Modifies COM task schedule object

      • quick-view-plus.exe (PID: 128)
      • InstallShield Licensing Service.exe (PID: 6792)

    • Starts application with an unusual extension

      • quick-view-plus.exe (PID: 128)
      • qvp32.exe (PID: 5224)

    • The process executes via Task Scheduler

      • PLUGScheduler.exe (PID: 3064)

  • INFO

    • Checks supported languages

      • quick-view-plus_6zBb-C1.exe (PID: 6520)
      • quick-view-plus_6zBb-C1.exe (PID: 6340)
      • quick-view-plus_6zBb-C1.tmp (PID: 6364)
      • quick-view-plus_6zBb-C1.tmp (PID: 6544)
      • quick-view-plus.exe (PID: 128)
      • ISBEW64.exe (PID: 6816)
      • identity_helper.exe (PID: 6880)
      • prereq.exe (PID: 6372)
      • VCREDI~3.EXE (PID: 836)
      • msiexec.exe (PID: 6544)
      • vcredist_x86.exe (PID: 396)
      • msiexec.exe (PID: 4400)
      • ISASClean.0001 (PID: 1344)
      • InstallShield Licensing Service.exe (PID: 6792)
      • PLUGScheduler.exe (PID: 3064)
      • ISASClean.0001 (PID: 2592)
      • qvp32.exe (PID: 5224)

    • Create files in a temporary directory

      • quick-view-plus_6zBb-C1.exe (PID: 6340)
      • quick-view-plus_6zBb-C1.exe (PID: 6520)
      • quick-view-plus_6zBb-C1.tmp (PID: 6544)
      • quick-view-plus.exe (PID: 128)
      • prereq.exe (PID: 6372)
      • vcredist_x86.exe (PID: 396)
      • VCREDI~3.EXE (PID: 836)
      • qvp32.exe (PID: 5224)

    • Reads the computer name

      • quick-view-plus_6zBb-C1.tmp (PID: 6364)
      • quick-view-plus_6zBb-C1.exe (PID: 6520)
      • quick-view-plus_6zBb-C1.tmp (PID: 6544)
      • quick-view-plus.exe (PID: 128)
      • ISBEW64.exe (PID: 6816)
      • identity_helper.exe (PID: 6880)
      • prereq.exe (PID: 6372)
      • msiexec.exe (PID: 4400)
      • msiexec.exe (PID: 6544)
      • InstallShield Licensing Service.exe (PID: 6792)
      • PLUGScheduler.exe (PID: 3064)
      • qvp32.exe (PID: 5224)

    • Process checks computer location settings

      • quick-view-plus_6zBb-C1.tmp (PID: 6364)
      • quick-view-plus_6zBb-C1.tmp (PID: 6544)

    • Reads the software policy settings

      • quick-view-plus_6zBb-C1.tmp (PID: 6544)
      • WerFault.exe (PID: 6744)

    • The sample compiled with english language support

      • quick-view-plus_6zBb-C1.tmp (PID: 6544)
      • quick-view-plus.exe (PID: 128)
      • vcredist_x86.exe (PID: 396)
      • TiWorker.exe (PID: 6968)
      • msiexec.exe (PID: 4400)
      • qvp32.exe (PID: 5224)

    • Reads the machine GUID from the registry

      • quick-view-plus_6zBb-C1.tmp (PID: 6544)

    • Checks proxy server information

      • quick-view-plus_6zBb-C1.tmp (PID: 6544)
      • WerFault.exe (PID: 6744)

    • Detects InnoSetup installer (YARA)

      • quick-view-plus_6zBb-C1.exe (PID: 6340)
      • quick-view-plus_6zBb-C1.tmp (PID: 6364)
      • quick-view-plus_6zBb-C1.exe (PID: 6520)
      • quick-view-plus_6zBb-C1.tmp (PID: 6544)

    • Compiled with Borland Delphi (YARA)

      • quick-view-plus_6zBb-C1.tmp (PID: 6364)
      • quick-view-plus_6zBb-C1.exe (PID: 6520)
      • quick-view-plus_6zBb-C1.exe (PID: 6340)
      • quick-view-plus_6zBb-C1.tmp (PID: 6544)

    • Application launched itself

      • msedge.exe (PID: 1828)
      • msedge.exe (PID: 6876)

    • Manual execution by a user

      • msedge.exe (PID: 6876)
      • qvp32.exe (PID: 5224)

    • Reads Environment values

      • identity_helper.exe (PID: 6880)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 6744)
      • quick-view-plus.exe (PID: 128)

    • The sample compiled with french language support

      • msiexec.exe (PID: 4400)
      • TiWorker.exe (PID: 6968)

    • The sample compiled with Italian language support

      • msiexec.exe (PID: 4400)
      • TiWorker.exe (PID: 6968)

    • The sample compiled with japanese language support

      • msiexec.exe (PID: 4400)
      • TiWorker.exe (PID: 6968)

    • The sample compiled with korean language support

      • msiexec.exe (PID: 4400)
      • TiWorker.exe (PID: 6968)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4400)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4400)

    • The sample compiled with chinese language support

      • TiWorker.exe (PID: 6968)
      • msiexec.exe (PID: 4400)

    • The sample compiled with spanish language support

      • TiWorker.exe (PID: 6968)
      • msiexec.exe (PID: 4400)

    • Creates files in the program directory

      • quick-view-plus.exe (PID: 128)
      • InstallShield Licensing Service.exe (PID: 6792)
      • PLUGScheduler.exe (PID: 3064)

    • Reads security settings of Internet Explorer

      • splwow64.exe (PID: 5444)
      • splwow64.exe (PID: 5008)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:07:12 07:26:53+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 685056
InitializedDataSize: 159744
UninitializedDataSize: -
EntryPoint: 0xa83bc
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 2.4.0.9134
ProductVersionNumber: 2.4.0.9134
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: IMDownloader Installer
FileVersion: 2.4.0.9134
LegalCopyright:
OriginalFileName:
ProductName: IMDownloader
ProductVersion: 2.4.0.9134
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
345
Monitored processes
60
Malicious processes
10
Suspicious processes
2

Behavior graph

Click at the process to see the details
start quick-view-plus_6zbb-c1.exe quick-view-plus_6zbb-c1.tmp no specs quick-view-plus_6zbb-c1.exe #INNOSETUP quick-view-plus_6zbb-c1.tmp quick-view-plus.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs werfault.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs isbew64.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs prereq.exe no specs vcredist_x86.exe vcredi~3.exe msiexec.exe no specs msiexec.exe msiexec.exe no specs tiworker.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs installshield licensing service.exe isasclean.0001 no specs msedge.exe no specs msedge.exe no specs splwow64.exe no specs msedge.exe no specs plugscheduler.exe no specs qvp32.exe isasclean.0001 no specs splwow64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
8"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7076 --field-trial-handle=2460,i,8062080003850420052,3109320966110965293,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
128"C:\Users\admin\Downloads\quick-view-plus.exe" C:\Users\admin\Downloads\quick-view-plus.exe
quick-view-plus_6zBb-C1.tmp
User:
admin
Company:
Avantstar
Integrity Level:
HIGH
Description:
InstallScript Setup Launcher
Exit code:
1073807364
Version:
13.0.0
Modules
Images
c:\users\admin\downloads\quick-view-plus.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
396"C:\Users\admin\AppData\Local\Temp\{3F4E9AB8-4266-416C-A2CA-8F29C3FCB37A}\{56E78A0A-C795-4A62-B0A1-B7DCDE1519A5}\vcredist_x86.exe" /q:a /c:"VCREDI~3.EXE /q:a /c:""msiexec /i vcredist.msi /qn"" "C:\Users\admin\AppData\Local\Temp\{3F4E9AB8-4266-416C-A2CA-8F29C3FCB37A}\{56E78A0A-C795-4A62-B0A1-B7DCDE1519A5}\vcredist_x86.exe
prereq.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Win32 Cabinet Self-Extractor
Exit code:
0
Version:
6.00.3790.0 (srv03_rtm.030324-2048)
Modules
Images
c:\users\admin\appdata\local\temp\{3f4e9ab8-4266-416c-a2ca-8f29c3fcb37a}\{56e78a0a-c795-4a62-b0a1-b7dcde1519a5}\vcredist_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
540"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3752 --field-trial-handle=2460,i,8062080003850420052,3109320966110965293,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
836C:\Users\admin\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE /q:a /c:"msiexec /i vcredist.msi /qn"C:\Users\admin\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE
vcredist_x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
IExpress Setup
Exit code:
0
Version:
2.0.50727.762
Modules
Images
c:\users\admin\appdata\local\temp\ixp000.tmp\vcredi~3.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
936"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3492 --field-trial-handle=2460,i,8062080003850420052,3109320966110965293,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5848 --field-trial-handle=2460,i,8062080003850420052,3109320966110965293,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1156"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4316 --field-trial-handle=2460,i,8062080003850420052,3109320966110965293,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1344"C:\Users\admin\AppData\Local\Temp\ISASClean.0001" 128 "C:\Users\admin\AppData\Local\Temp\""ISASClean.0001.dir.0000"C:\Users\admin\AppData\Local\Temp\ISASClean.0001quick-view-plus.exe
User:
admin
Company:
Macrovision Europe Ltd.
Integrity Level:
HIGH
Description:
Cleanup
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\isasclean.0001
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1400"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6268 --field-trial-handle=2460,i,8062080003850420052,3109320966110965293,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
16 815
Read events
15 403
Write events
1 309
Delete events
103

Modification events

(PID) Process:(6544) quick-view-plus_6zBb-C1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(6544) quick-view-plus_6zBb-C1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6544) quick-view-plus_6zBb-C1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6544) quick-view-plus_6zBb-C1.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1828) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1828) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1828) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1828) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6876) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6876) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
Executable files
594
Suspicious files
485
Text files
211
Unknown types
4

Dropped files

PID
Process
Filename
Type
128quick-view-plus.exeC:\Users\admin\AppData\Local\Temp\{272AE848-26E2-4B05-8C2E-61872ABF3E93}\Disk1\data1.cab
MD5:
SHA256:
6544quick-view-plus_6zBb-C1.tmpC:\Users\admin\AppData\Local\Temp\is-EV3FQ.tmp\is-0L40E.tmpbinary
MD5:1FA106851AA9B2EC85CEB8A3101B701E
SHA256:E667A708D2EC418E86BAE8BD11DBB720BA8617FFBF0E25CF4E16D7B8B81A656A
6544quick-view-plus_6zBb-C1.tmpC:\Users\admin\AppData\Local\Temp\is-EV3FQ.tmp\finish.pngimage
MD5:ACD67FADC51D3FCCBFD203FC3E1014C0
SHA256:2F957C214D817241B0AE02FE87C658CFA2BF641FDD77B39810BA7CA7A82F9366
6544quick-view-plus_6zBb-C1.tmpC:\Users\admin\AppData\Local\Temp\is-EV3FQ.tmp\loader.gifimage
MD5:12D7FD91A06CEE2D0E76ABE0485036EE
SHA256:A6192B9A3FA5DB9917AEF72D651B7AD8FD8CCB9B53F3AD99D7C46701D00C78CB
6544quick-view-plus_6zBb-C1.tmpC:\Users\admin\AppData\Local\Temp\is-EV3FQ.tmp\is-DB51R.tmpimage
MD5:DB6C259CD7B58F2F7A3CCA0C38834D0E
SHA256:494169CDD9C79EB4668378F770BFA55D4B140F23A682FF424441427DFAB0CED2
6340quick-view-plus_6zBb-C1.exeC:\Users\admin\AppData\Local\Temp\is-39ABL.tmp\quick-view-plus_6zBb-C1.tmpexecutable
MD5:DE4E6F20A126C887E4D1882CE07EF3AD
SHA256:8B9B174873ABE205D93FC90FA37C3DBE7C70C1C6F4357CBF227F580800FA7AAF
6544quick-view-plus_6zBb-C1.tmpC:\Users\admin\AppData\Local\Temp\is-EV3FQ.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
6544quick-view-plus_6zBb-C1.tmpC:\Users\admin\AppData\Local\Temp\is-EV3FQ.tmp\Helper.dllexecutable
MD5:4EB0347E66FA465F602E52C03E5C0B4B
SHA256:C73E53CBB7B98FEAFE27CC7DE8FDAD51DF438E2235E91891461C5123888F73CC
6544quick-view-plus_6zBb-C1.tmpC:\Users\admin\AppData\Local\Temp\is-EV3FQ.tmp\WebAdvisor.pngimage
MD5:DB6C259CD7B58F2F7A3CCA0C38834D0E
SHA256:494169CDD9C79EB4668378F770BFA55D4B140F23A682FF424441427DFAB0CED2
6544quick-view-plus_6zBb-C1.tmpC:\Users\admin\AppData\Local\Temp\is-EV3FQ.tmp\error.pngimage
MD5:6229A2BAFFED4578DD5DDC1530A93711
SHA256:04C8CADFCC46532CB1011693ADEF864201DBD9DEFFECA834D791F66E690D9F99
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
135
DNS requests
110
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5568
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1176
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6544
quick-view-plus_6zBb-C1.tmp
GET
200
104.26.3.86:80
http://dlams.jalecdn.com/US/quick-view-plus.exe
unknown
unknown
5568
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6616
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
6744
WerFault.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6744
WerFault.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6680
svchost.exe
HEAD
200
23.48.23.8:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1739985685&P2=404&P3=2&P4=J9EZNAy9SGSx2%2b9Lu%2bFaRTkahIGMObFn%2fdf7H5G%2fK69mmZXgm4QDu%2fj9PJzty8DCxxYbBed5aGLwsGJUYopLZA%3d%3d
unknown
whitelisted
6680
svchost.exe
GET
206
23.48.23.8:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1739985685&P2=404&P3=2&P4=J9EZNAy9SGSx2%2b9Lu%2bFaRTkahIGMObFn%2fdf7H5G%2fK69mmZXgm4QDu%2fj9PJzty8DCxxYbBed5aGLwsGJUYopLZA%3d%3d
unknown
whitelisted
6680
svchost.exe
GET
206
23.48.23.8:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1739985685&P2=404&P3=2&P4=J9EZNAy9SGSx2%2b9Lu%2bFaRTkahIGMObFn%2fdf7H5G%2fK69mmZXgm4QDu%2fj9PJzty8DCxxYbBed5aGLwsGJUYopLZA%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2.19.122.29:443
Akamai International B.V.
DE
unknown
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
quick-view-plus_6zBb-C1.tmp
143.204.205.227:443
d26eyevpqyunb6.cloudfront.net
AMAZON-02
US
whitelisted
1076
svchost.exe
2.19.106.8:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
20.190.160.20:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5064
SearchApp.exe
2.23.227.215:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted
1176
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
6544
quick-view-plus_6zBb-C1.tmp
104.22.57.224:443
static.download.it
CLOUDFLARENET
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

Domain
IP
Reputation
d26eyevpqyunb6.cloudfront.net
  • 143.204.205.227
  • 143.204.205.70
  • 143.204.205.176
  • 143.204.205.100
whitelisted
go.microsoft.com
  • 2.19.106.8
whitelisted
login.live.com
  • 20.190.160.20
  • 40.126.32.68
  • 40.126.32.76
  • 40.126.32.138
  • 40.126.32.74
  • 20.190.160.3
  • 20.190.160.65
  • 20.190.160.5
  • 20.190.159.2
  • 20.190.159.71
  • 20.190.159.23
  • 40.126.31.131
  • 20.190.159.130
  • 20.190.159.131
  • 20.190.159.128
  • 40.126.31.0
whitelisted
www.bing.com
  • 2.23.227.215
  • 2.23.227.208
  • 104.126.37.130
  • 104.126.37.131
  • 104.126.37.185
  • 104.126.37.186
  • 104.126.37.139
  • 104.126.37.178
  • 104.126.37.123
  • 104.126.37.144
  • 104.126.37.153
  • 104.126.37.179
  • 104.126.37.138
  • 104.126.37.184
  • 104.126.37.128
  • 104.126.37.171
  • 104.126.37.162
  • 2.19.96.120
  • 2.19.96.128
whitelisted
ocsp.digicert.com
  • 2.23.77.188
  • 184.30.131.245
whitelisted
static.download.it
  • 104.22.57.224
  • 172.67.26.92
  • 104.22.56.224
unknown
dlams.jalecdn.com
  • 104.26.3.86
  • 104.26.2.86
  • 172.67.68.44
unknown
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted

Threats

PID
Process
Class
Message
6544
quick-view-plus_6zBb-C1.tmp
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
6544
quick-view-plus_6zBb-C1.tmp
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] InnoSetup Installer
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
quick-view-plus_6zBb-C1.exe