Malware analysis FL2000-2.1.34054.0.exe Malicious activity

Add for printing

File name:	FL2000-2.1.34054.0.exe
Full analysis:	https://app.any.run/tasks/e374018c-2f1d-454b-bd6e-010bf6b26df1
Verdict:	Malicious activity
Threats:	Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security. Malware Trends Tracker >>>
Analysis date:	December 11, 2024, 23:12:21
OS:	Windows 10 Professional (build: 19045, 64 bit)
Tags:	adware advancedinstaller
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:	18B0139CA76E7447BC64F9A812F4A9F2
SHA1:	4B1163AC860F88696FFB54759E8DE9A5A581F878
SHA256:	5E0590D6DCCC198B427C7C51CA5CC50448C2D4AAAE275322B1378D78058750E7
SSDEEP:	98304:iXpTTfu5m2GMGSY5A15AfzCweiY5AbGs8i9m6X85yjQO68WjShMfaWNppfIyi7aA:CXTveVHGuyM3+hMfaWXpG7aJiVVCM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 180 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 120 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- ADVANCEDINSTALLER has been detected (SURICATA)
  - FL2000-2.1.34054.0.exe (PID: 6560)
SUSPICIOUS
- Reads security settings of Internet Explorer
  - FL2000-2.1.34054.0.exe (PID: 6560)
- Access to an unwanted program domain was detected
  - FL2000-2.1.34054.0.exe (PID: 6560)
- Process drops legitimate windows executable
  - FL2000-2.1.34054.0.exe (PID: 6560)
- Executable content was dropped or overwritten
  - FL2000-2.1.34054.0.exe (PID: 6560)
INFO
- Reads the computer name
  - FL2000-2.1.34054.0.exe (PID: 6560)
  - msiexec.exe (PID: 6872)
  - msiexec.exe (PID: 6916)
- The sample compiled with english language support
  - FL2000-2.1.34054.0.exe (PID: 6560)
  - msiexec.exe (PID: 6792)
- Checks supported languages
  - FL2000-2.1.34054.0.exe (PID: 6560)
  - msiexec.exe (PID: 6872)
  - msiexec.exe (PID: 6916)
- Reads Environment values
  - FL2000-2.1.34054.0.exe (PID: 6560)
  - msiexec.exe (PID: 6916)
- Create files in a temporary directory
  - FL2000-2.1.34054.0.exe (PID: 6560)
  - msiexec.exe (PID: 6792)
- Creates files or folders in the user directory
  - FL2000-2.1.34054.0.exe (PID: 6560)
  - msiexec.exe (PID: 6792)
- Checks proxy server information
  - FL2000-2.1.34054.0.exe (PID: 6560)
  - msiexec.exe (PID: 6792)
- Reads security settings of Internet Explorer
  - msiexec.exe (PID: 6792)
- Reads the software policy settings
  - msiexec.exe (PID: 6792)
- Executable content was dropped or overwritten
  - msiexec.exe (PID: 6792)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (42.2)
.exe	\|	Win64 Executable (generic) (37.3)
.dll	\|	Win32 Dynamic Link Library (generic) (8.8)
.exe	\|	Win32 Executable (generic) (6)
.exe	\|	Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2016:07:14 15:02:43+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14
CodeSize:	300544
InitializedDataSize:	144384
UninitializedDataSize:	-
EntryPoint:	0x3251d
OSVersion:	5.1
ImageVersion:	-
SubsystemVersion:	5.1
Subsystem:	Windows GUI
FileVersionNumber:	2.1.34054.0
ProductVersionNumber:	2.1.34054.0
FileFlagsMask:	0x003f
FileFlags:	Debug
FileOS:	Win32
ObjectFileType:	Dynamic link library
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Fresco Logic
FileDescription:	This installer database contains the logic and data required to install Fresco Logic USB Display Driver.
FileVersion:	2.1.34054.0
InternalName:	FL2000-2.1.34054.0
LegalCopyright:	Copyright (C) 2017 Fresco Logic
OriginalFileName:	FL2000-2.1.34054.0.exe
ProductName:	Fresco Logic USB Display Driver
ProductVersion:	2.1.34054.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

124

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

6384

"C:\Users\admin\AppData\Local\Temp\FL2000-2.1.34054.0.exe"

C:\Users\admin\AppData\Local\Temp\FL2000-2.1.34054.0.exe

—

explorer.exe

User:

admin

Company:

Fresco Logic

Integrity Level:

MEDIUM

Description:

This installer database contains the logic and data required to install Fresco Logic USB Display Driver.

Exit code:

3221226540

Version:

2.1.34054.0

Modules

Images
c:\users\admin\appdata\local\temp\fl2000-2.1.34054.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll

6560

"C:\Users\admin\AppData\Local\Temp\FL2000-2.1.34054.0.exe"

C:\Users\admin\AppData\Local\Temp\FL2000-2.1.34054.0.exe

explorer.exe

User:

admin

Company:

Fresco Logic

Integrity Level:

HIGH

Description:

This installer database contains the logic and data required to install Fresco Logic USB Display Driver.

Version:

2.1.34054.0

Modules

Images
c:\users\admin\appdata\local\temp\fl2000-2.1.34054.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\psapi.dll

6792

/i "C:\Users\admin\AppData\Roaming\Fresco Logic\Fresco Logic USB Display Driver 2.1.34054.0\install\FL2000.x64.msi" AI_SETUPEXEPATH="C:\Users\admin\AppData\Local\Temp\FL2000-2.1.34054.0.exe" SETUPEXEDIR="C:\Users\admin\AppData\Local\Temp\" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "

C:\Windows\System32\msiexec.exe

FL2000-2.1.34054.0.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows® installer

Version:

5.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll

6872

C:\WINDOWS\system32\msiexec.exe /V

C:\Windows\System32\msiexec.exe

—

services.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Windows® installer

Version:

5.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll

6916

C:\Windows\syswow64\MsiExec.exe -Embedding 1E5823DB8B690868DBCA94A613617DEA C

C:\Windows\SysWOW64\msiexec.exe

—

msiexec.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows® installer

Version:

5.0.19041.3636 (WinBuild.160101.0800)

Modules

Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll

Add for printing

Total events

4 441

Read events

4 440

Write events

Delete events

Modification events


(PID) Process:	(6560) FL2000-2.1.34054.0.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Caphyon\Setups
Operation:	write	Name:	Advinst_33F2BA97D9B641EC8F11D6656BF35545
Value: C:\Users\admin\AppData\Local\Temp\FL2000-2.1.34054.0.exe

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
6560	FL2000-2.1.34054.0.exe	C:\Users\admin\AppData\Roaming\Fresco Logic\Fresco Logic USB Display Driver 2.1.34054.0\install\holder0.aiph		—
		MD5:—	SHA256:—
6560	FL2000-2.1.34054.0.exe	C:\Users\admin\AppData\Local\Temp\tin5C7B.tmp.part		html
		MD5:CF606F24599D8AAE35BA0143551465D3	SHA256:900ED9D8A8423050F55BA22A675B4EA237A953C74588CCB93C7AD4CBC0982722
6560	FL2000-2.1.34054.0.exe	C:\Users\admin\AppData\Local\Temp\upd6268.tmp.part		text
		MD5:54AB87D570346F70EAE42ABAC0CEE76B	SHA256:7FBD8678415BF9F7A462A290F74FA32B148FE05C54B73F9C6FB01B38D919C690
6560	FL2000-2.1.34054.0.exe	C:\Users\admin\AppData\Local\Temp\tin5C7B.tmp		html
		MD5:CF606F24599D8AAE35BA0143551465D3	SHA256:900ED9D8A8423050F55BA22A675B4EA237A953C74588CCB93C7AD4CBC0982722
6560	FL2000-2.1.34054.0.exe	C:\Users\admin\AppData\Local\Temp\upd6268.tmp		text
		MD5:54AB87D570346F70EAE42ABAC0CEE76B	SHA256:7FBD8678415BF9F7A462A290F74FA32B148FE05C54B73F9C6FB01B38D919C690
6792	msiexec.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_F6A0C6C61B9F933FB38C16FB572DDFC8		binary
		MD5:84349EDF740FDE801D46093E84810520	SHA256:322250ACFEB700135BE5D2374A21C26DDECA47CE943D971FA8779D7324A45330
6792	msiexec.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F		binary
		MD5:CA7C1700A40317D32C76CCA501B81780	SHA256:63312AFAE754655EC1F2FAB976AC9C55AABA1B93FA18D7F0FD09C0A7699FE571
6792	msiexec.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A89DFCC31C360BA5CBD616749B1B1C5D		binary
		MD5:DB26B7705203A556AA7A18D12075F29F	SHA256:55C1853995B2313DF042563A7C3714094E2409227617AA3068B9860ED2C32181
6792	msiexec.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F		binary
		MD5:543FF9C4BB3FD6F4D35C0A80BA5533FC	SHA256:40C04D540C3D7D80564F34AF3A512036BDD8E17B4CA74BA3B7E45D6D93466BCD
6792	msiexec.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6		binary
		MD5:5BFA51F3A417B98E7443ECA90FC94703	SHA256:BEBE2853A3485D1C2E5C5BE4249183E0DDAFF9F87DE71652371700A89D937128

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	200	2.16.164.49:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
—	—	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
—	—	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D	unknown	—	—	whitelisted
—	—	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
6560	FL2000-2.1.34054.0.exe	GET	302	142.250.185.132:80	http://www.google.com/	unknown	—	—	whitelisted
6560	FL2000-2.1.34054.0.exe	GET	429	142.250.185.132:80	http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS11q1kGN246LoGIjCU_i8xf_biZvs2VtG-69AZ9A1S8s5y_uyAwj7KJKtR41iTArKqensHsVF15g1CX5AyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	unknown	—	—	whitelisted
6560	FL2000-2.1.34054.0.exe	GET	200	52.218.153.35:80	http://updates.frescologic.com/FL2000/FL2000_Updates.txt	unknown	—	—	unknown
6792	msiexec.exe	GET	200	152.199.19.74:80	http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D	unknown	—	—	whitelisted
6792	msiexec.exe	GET	200	192.229.221.95:80	http://crl.verisign.com/pca3-g5.crl	unknown	—	—	whitelisted
6792	msiexec.exe	GET	200	152.199.19.74:80	http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEAubDR3UJcBFCIVoVo4J2lY%3D	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4712	MoUsoCoreWorker.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
1684	svchost.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
—	—	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
—	—	2.16.164.49:80	crl.microsoft.com	Akamai International B.V.	NL	whitelisted
—	—	95.101.149.131:80	www.microsoft.com	Akamai International B.V.	NL	whitelisted
5064	SearchApp.exe	2.23.209.185:443	www.bing.com	Akamai International B.V.	GB	whitelisted
—	—	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1176	svchost.exe	40.126.32.138:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	51.104.136.2 4.231.128.59 51.124.78.146 20.73.194.208	whitelisted
google.com	142.250.184.238	whitelisted
crl.microsoft.com	2.16.164.49 2.16.164.106	whitelisted
www.microsoft.com	95.101.149.131 184.30.21.171	whitelisted
www.bing.com	2.23.209.185 2.23.209.179 2.23.209.133 2.23.209.189 2.23.209.130 2.23.209.140 2.23.209.182 2.23.209.187 2.23.209.149	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
login.live.com	40.126.32.138 20.190.160.22 40.126.32.68 40.126.32.133 40.126.32.76 40.126.32.136 20.190.160.17 40.126.32.140	whitelisted
www.google.com	142.250.185.132	whitelisted
go.microsoft.com	184.28.89.167 184.30.17.189	whitelisted
updates.frescologic.com	52.218.153.35 52.218.205.75 52.218.154.43 52.92.181.25 52.92.237.137 52.218.237.179 52.92.201.97 52.92.149.137	shared

Threats

Found threats are available for the paid subscriptions

3 ETPRO signatures available at the full report

Add for printing

No debug info

General Info

FL2000-2.1.34054.0.exe

18B0139CA76E7447BC64F9A812F4A9F2

4B1163AC860F88696FFB54759E8DE9A5A581F878

5E0590D6DCCC198B427C7C51CA5CC50448C2D4AAAE275322B1378D78058750E7

98304:iXpTTfu5m2GMGSY5A15AfzCweiY5AbGs8i9m6X85yjQO68WjShMfaWNppfIyi7aA:CXTveVHGuyM3+hMfaWXpG7aJiVVCM

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

ADVANCEDINSTALLER has been detected (SURICATA)

SUSPICIOUS

Reads security settings of Internet Explorer

Access to an unwanted program domain was detected

Process drops legitimate windows executable

Executable content was dropped or overwritten

INFO

Reads the computer name

The sample compiled with english language support

Checks supported languages

Reads Environment values

Create files in a temporary directory

Creates files or folders in the user directory

Checks proxy server information

Reads security settings of Internet Explorer

Reads the software policy settings

Executable content was dropped or overwritten

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings