File name:

AUTOINSTALL.exe

Full analysis: https://app.any.run/tasks/da106c6f-ed3e-422a-ac52-f947879406a4
Verdict: Malicious activity
Analysis date: February 01, 2024, 18:51:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

242869EA917B9755F010B434FCCB2EE5

SHA1:

37E84FFA1EDCF7E1E0C65DC416F6B3EC0C21C720

SHA256:

5A028192E29395938C7BE5C1EC3396F5DFE4C5A5D393DDEE3B4B8E5B96F8BBBE

SSDEEP:

98304:9qpgAKWsSwgJdT7yFef9T5qvdauv1BFAsKSU1E5Lt6fH/vUBlPf4N/n11nmFy0D4:tHejVSMmTI9c62YeBnT0h

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • AUTOINSTALL.exe (PID: 1392)
      • AUTOINSTALL.exe (PID: 2032)
      • AUTOINSTALL.tmp (PID: 3768)
      • WifiAutoInstallDriver.exe (PID: 1028)
      • drvinst.exe (PID: 3052)

    • Creates a writable file in the system directory

      • drvinst.exe (PID: 3052)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • AUTOINSTALL.exe (PID: 1392)
      • AUTOINSTALL.exe (PID: 2032)
      • AUTOINSTALL.tmp (PID: 3768)
      • WifiAutoInstallDriver.exe (PID: 1028)
      • drvinst.exe (PID: 3052)

    • Reads the Windows owner or organization settings

      • AUTOINSTALL.tmp (PID: 3768)

    • Drops a system driver (possible attempt to evade defenses)

      • AUTOINSTALL.tmp (PID: 3768)
      • WifiAutoInstallDriver.exe (PID: 1028)
      • drvinst.exe (PID: 3052)

    • Process drops legitimate windows executable

      • AUTOINSTALL.tmp (PID: 3768)

    • Executes as Windows Service

      • WifiAutoInstallSrv.exe (PID: 3096)

    • Reads settings of System Certificates

      • rundll32.exe (PID: 1932)

    • Creates files in the driver directory

      • drvinst.exe (PID: 3052)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 3052)

  • INFO

    • Reads the computer name

      • AUTOINSTALL.tmp (PID: 1504)
      • AUTOINSTALL.tmp (PID: 3768)
      • WifiAutoInstallSrv.exe (PID: 3416)
      • WifiAutoInstallSrv.exe (PID: 3096)
      • WifiAutoInstallDriver.exe (PID: 1028)
      • drvinst.exe (PID: 3052)

    • Checks supported languages

      • AUTOINSTALL.exe (PID: 1392)
      • AUTOINSTALL.tmp (PID: 1504)
      • AUTOINSTALL.exe (PID: 2032)
      • AUTOINSTALL.tmp (PID: 3768)
      • WifiAutoInstallSrv.exe (PID: 3416)
      • WifiAutoInstallSrv.exe (PID: 3096)
      • WifiAutoInstallDriver.exe (PID: 1028)
      • drvinst.exe (PID: 3052)

    • Create files in a temporary directory

      • AUTOINSTALL.exe (PID: 1392)
      • AUTOINSTALL.exe (PID: 2032)
      • WifiAutoInstallDriver.exe (PID: 1028)

    • Creates files in the program directory

      • AUTOINSTALL.tmp (PID: 3768)
      • WifiAutoInstallSrv.exe (PID: 3416)

    • Reads the machine GUID from the registry

      • WifiAutoInstallDriver.exe (PID: 1028)
      • drvinst.exe (PID: 3052)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 1932)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:20 00:22:17+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 41984
InitializedDataSize: 17920
UninitializedDataSize: -
EntryPoint: 0xaad0
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.0.1.4
ProductVersionNumber: 2.0.1.4
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Realtek, Inc.
FileDescription: WifiAutoInstallSetup
FileVersion: 2.0.1.4
LegalCopyright: Copyright © 2004-2022 Realtek Semiconductor Corp. All rights reserved.
ProductName: WifiAutoInstall
ProductVersion: 2.0.1.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
49
Monitored processes
9
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start autoinstall.exe autoinstall.tmp no specs autoinstall.exe autoinstall.tmp wifiautoinstallsrv.exe wifiautoinstallsrv.exe wifiautoinstalldriver.exe drvinst.exe rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1028"C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallDriver.exe" /iC:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallDriver.exe
AUTOINSTALL.tmp
User:
admin
Company:
Realtek
Integrity Level:
HIGH
Description:
WifiAutoInstall
Exit code:
1
Version:
2.0.1.0
Modules
Images
c:\program files\realtek\wifiautoinstall\wifiautoinstalldriver.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\difxapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1392"C:\Users\admin\AppData\Local\Temp\AUTOINSTALL.exe" C:\Users\admin\AppData\Local\Temp\AUTOINSTALL.exe
explorer.exe
User:
admin
Company:
Realtek, Inc.
Integrity Level:
MEDIUM
Description:
WifiAutoInstallSetup
Exit code:
0
Version:
2.0.1.4
Modules
Images
c:\users\admin\appdata\local\temp\autoinstall.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1504"C:\Users\admin\AppData\Local\Temp\is-K6D0T.tmp\AUTOINSTALL.tmp" /SL5="$F0184,10111175,58368,C:\Users\admin\AppData\Local\Temp\AUTOINSTALL.exe" C:\Users\admin\AppData\Local\Temp\is-K6D0T.tmp\AUTOINSTALL.tmpAUTOINSTALL.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-k6d0t.tmp\autoinstall.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1932rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{02ab2351-db95-7b6c-2829-7536e6292a77} Global\{2a34f5f3-13fc-19e3-5f3d-d902410c5d51} C:\Windows\System32\DriverStore\Temp\{6098b686-3227-2aff-25ce-cc3bac471538}\netrtwlanu.inf C:\Windows\System32\DriverStore\Temp\{6098b686-3227-2aff-25ce-cc3bac471538}\netrtwlanu.catC:\Windows\System32\rundll32.exedrvinst.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
2032"C:\Users\admin\AppData\Local\Temp\AUTOINSTALL.exe" /SPAWNWND=$100166 /NOTIFYWND=$F0184 C:\Users\admin\AppData\Local\Temp\AUTOINSTALL.exe
AUTOINSTALL.tmp
User:
admin
Company:
Realtek, Inc.
Integrity Level:
HIGH
Description:
WifiAutoInstallSetup
Exit code:
0
Version:
2.0.1.4
Modules
Images
c:\users\admin\appdata\local\temp\autoinstall.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
3052DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{5c1d78f8-48aa-3f44-a900-c008e0f37f62}\netrtwlanu.inf" "0" "664285e1b" "000005C0" "WinSta0\Default" "000004BC" "208" "C:\Program Files\Realtek\WifiAutoInstall\Driver\Win7X86"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
3096"C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe"C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe
services.exe
User:
SYSTEM
Company:
Realtek
Integrity Level:
SYSTEM
Description:
WifiAutoInstall
Exit code:
0
Version:
2.0.1.4
Modules
Images
c:\program files\realtek\wifiautoinstall\wifiautoinstallsrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
3416"C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe" /iC:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe
AUTOINSTALL.tmp
User:
admin
Company:
Realtek
Integrity Level:
HIGH
Description:
WifiAutoInstall
Exit code:
1
Version:
2.0.1.4
Modules
Images
c:\program files\realtek\wifiautoinstall\wifiautoinstallsrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
3768"C:\Users\admin\AppData\Local\Temp\is-RUHQU.tmp\AUTOINSTALL.tmp" /SL5="$1101B4,10111175,58368,C:\Users\admin\AppData\Local\Temp\AUTOINSTALL.exe" /SPAWNWND=$100166 /NOTIFYWND=$F0184 C:\Users\admin\AppData\Local\Temp\is-RUHQU.tmp\AUTOINSTALL.tmp
AUTOINSTALL.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ruhqu.tmp\autoinstall.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
Total events
8 986
Read events
8 910
Write events
70
Delete events
6

Modification events

(PID) Process:(1028) WifiAutoInstallDriver.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3052) drvinst.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3052) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(3052) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(3052) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
1400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D70300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB60F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D8200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(1932) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3052) drvinst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
40000000000000003811FC442B2FDA01740A0000480C0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3052) drvinst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
40000000000000003811FC442B2FDA01740A0000480C0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3052) drvinst.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
74
(PID) Process:(3052) drvinst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
400000000000000086834F452B2FDA01740A0000480C0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
97
Suspicious files
60
Text files
16
Unknown types
0

Dropped files

PID
Process
Filename
Type
3768AUTOINSTALL.tmpC:\Program Files\Realtek\WifiAutoInstall\is-UQL03.tmpexecutable
MD5:18230BA8342E9137FB37415B3C1ADE36
SHA256:B56FAD27D0A37CFF60E57B8019010548535F3ABBC14554F212205B22715B360B
3768AUTOINSTALL.tmpC:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstall.initext
MD5:E335CAE1EB86213C1E6DEB748968F49E
SHA256:C02B8E4CCF2182F3E6D381A2BFA39FD4012C91195C74AF573927CE1456C8B029
3768AUTOINSTALL.tmpC:\Program Files\Realtek\WifiAutoInstall\Driver\Win10X64\is-11PNK.tmpbinary
MD5:D1E5AEB1D5AFF95695F54C497B1CA0C6
SHA256:DBFCF701B70D26C6F5F65A9B2263241E4A06B8F42987BC9656E99C2669D55526
3768AUTOINSTALL.tmpC:\Program Files\Realtek\WifiAutoInstall\unins000.exeexecutable
MD5:18230BA8342E9137FB37415B3C1ADE36
SHA256:B56FAD27D0A37CFF60E57B8019010548535F3ABBC14554F212205B22715B360B
3768AUTOINSTALL.tmpC:\Program Files\Realtek\WifiAutoInstall\Driver\Win10X64\is-1TVMT.tmpbinary
MD5:F7B16A448848844217A3E8B993CCBAB0
SHA256:4A97C058D3CEB1FAC17F01CB754B8B4CEDE43897402855D815E58B097BA03491
2032AUTOINSTALL.exeC:\Users\admin\AppData\Local\Temp\is-RUHQU.tmp\AUTOINSTALL.tmpexecutable
MD5:1AFBD25DB5C9A90FE05309F7C4FBCF09
SHA256:3BB0EE5569FE5453C6B3FA25AA517B925D4F8D1F7BA3475E58FA09C46290658C
3768AUTOINSTALL.tmpC:\Program Files\Realtek\WifiAutoInstall\is-IEVTS.tmpexecutable
MD5:0B05F3A2D3541C38D7C6EFA89A0EB573
SHA256:86DEFB293AF4F0E3934819B1C64C2F9F07DACF8E0C50AEF7F7BA21A8D9FB016E
3768AUTOINSTALL.tmpC:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exeexecutable
MD5:0B05F3A2D3541C38D7C6EFA89A0EB573
SHA256:86DEFB293AF4F0E3934819B1C64C2F9F07DACF8E0C50AEF7F7BA21A8D9FB016E
3768AUTOINSTALL.tmpC:\Program Files\Realtek\WifiAutoInstall\Driver\Win10X64\netrtwlanu.infbinary
MD5:50417B36F86898792F68FE7BDF2F534D
SHA256:24E2CC8BCF7BCD59375F2FBE4CD1917C25B04863DA7564F695B85C9F09EC58CC
3768AUTOINSTALL.tmpC:\Program Files\Realtek\WifiAutoInstall\Driver\Win10X64\netrtwlanu.catbinary
MD5:D1E5AEB1D5AFF95695F54C497B1CA0C6
SHA256:DBFCF701B70D26C6F5F65A9B2263241E4A06B8F42987BC9656E99C2669D55526
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

No data

Threats

No threats detected
Process
Message
WifiAutoInstallSrv.exe
_tmain() Option = i
WifiAutoInstallSrv.exe
_tmain() Option = i SubOption
WifiAutoInstallSrv.exe
_tmain() SubOption =
WifiAutoInstallSrv.exe
SvcInstall Service Create OK
WifiAutoInstallSrv.exe
startService
WifiAutoInstallSrv.exe
SetupDiEnumDeviceInterfaces error: 259
WifiAutoInstallSrv.exe
Service start pending...
WifiAutoInstallSrv.exe
_tmain() Option =
WifiAutoInstallSrv.exe
WifiAutoInstallSrv SvcMain()
WifiAutoInstallSrv.exe
MediaEnumandDetection: Enter
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AUTOINSTALL.exe