File name:

Sigmanly_207d4565d00f14a24a00e416681b70ef

Full analysis: https://app.any.run/tasks/129f9a09-b0cb-4b4e-b768-810fec2476ba
Verdict: Malicious activity
Analysis date: April 14, 2025, 12:45:03
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

207D4565D00F14A24A00E416681B70EF

SHA1:

31CD2C3BEF234D832682E6635D87A878EA553ED3

SHA256:

669B7B6DB30E64CE2A949D5E4C65C12F18ED9EE0B37E405B5E22D414A96B5595

SSDEEP:

98304:yxj3MvSrmfN5UUBU0CrKtgq9toeg5PaM1vnvi088AOMe3pLfKmSmIfCcjujWwYaY:MVmdXAvovttR9+w8rtvxpmXeXVwJWMD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.exe (PID: 7456)
      • DBInstaller.exe (PID: 7660)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.exe (PID: 7720)
      • HWiNFO.exe (PID: 7912)
      • SetupHlp.exe (PID: 7940)
      • InstStat.exe (PID: 7948)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.exe (PID: 7456)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.exe (PID: 7568)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7592)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.exe (PID: 7720)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)
      • HWiNFO.exe (PID: 7912)

    • Reads the Windows owner or organization settings

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7592)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)

    • Reads security settings of Internet Explorer

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7476)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7592)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)

    • Process drops legitimate windows executable

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7592)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)

    • Creates files in the driver directory

      • HWiNFO.exe (PID: 7912)

    • Drops a system driver (possible attempt to evade defenses)

      • HWiNFO.exe (PID: 7912)

    • Searches for installed software

      • InstStat.exe (PID: 7948)

  • INFO

    • Create files in a temporary directory

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.exe (PID: 7456)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.exe (PID: 7568)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7592)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.exe (PID: 7720)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)

    • Checks supported languages

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.exe (PID: 7456)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7476)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.exe (PID: 7568)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7592)
      • DBInstaller.exe (PID: 7660)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.exe (PID: 7720)
      • HWiNFO.exe (PID: 7912)
      • InstStat.exe (PID: 7948)
      • SetupHlp.exe (PID: 7940)

    • Reads the computer name

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7476)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7592)
      • DBInstaller.exe (PID: 7660)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)
      • HWiNFO.exe (PID: 7912)
      • InstStat.exe (PID: 7948)
      • SetupHlp.exe (PID: 7940)

    • Process checks computer location settings

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7476)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7592)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)

    • The sample compiled with english language support

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7592)
      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)
      • HWiNFO.exe (PID: 7912)

    • Creates a software uninstall entry

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)

    • Compiled with Borland Delphi (YARA)

      • DBInstaller.exe (PID: 7660)

    • The sample compiled with chinese language support

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)

    • The sample compiled with arabic language support

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)

    • Creates files in the program directory

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)
      • InstStat.exe (PID: 7948)
      • SetupHlp.exe (PID: 7940)

    • Creates files or folders in the user directory

      • Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp (PID: 7744)
      • InstStat.exe (PID: 7948)

    • Reads the software policy settings

      • slui.exe (PID: 6988)

    • Checks proxy server information

      • slui.exe (PID: 6988)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2015:07:16 13:24:20+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 65024
InitializedDataSize: 73728
UninitializedDataSize: -
EntryPoint: 0x113bc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 3.1.0.0
ProductVersionNumber: 3.1.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: IObit
FileDescription: Driver Booster 3 Setup
FileVersion: 3.1.0.0
LegalCopyright: Copyright© 2015 IObit. All Rights Reserved.
ProductName: Driver Booster 3
ProductVersion: 3.1
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
135
Monitored processes
11
Malicious processes
7
Suspicious processes
3

Behavior graph

Click at the process to see the details
start sigmanly_207d4565d00f14a24a00e416681b70ef.exe sigmanly_207d4565d00f14a24a00e416681b70ef.tmp no specs sigmanly_207d4565d00f14a24a00e416681b70ef.exe sigmanly_207d4565d00f14a24a00e416681b70ef.tmp dbinstaller.exe no specs sigmanly_207d4565d00f14a24a00e416681b70ef.exe sigmanly_207d4565d00f14a24a00e416681b70ef.tmp hwinfo.exe setuphlp.exe no specs inststat.exe slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
6988C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7456"C:\Users\admin\Desktop\Sigmanly_207d4565d00f14a24a00e416681b70ef.exe" C:\Users\admin\Desktop\Sigmanly_207d4565d00f14a24a00e416681b70ef.exe
explorer.exe
User:
admin
Company:
IObit
Integrity Level:
MEDIUM
Description:
Driver Booster 3 Setup
Exit code:
1
Version:
3.1.0.0
Modules
Images
c:\users\admin\desktop\sigmanly_207d4565d00f14a24a00e416681b70ef.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
7476"C:\Users\admin\AppData\Local\Temp\is-CKQIM.tmp\Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp" /SL5="$9014C,13200498,139776,C:\Users\admin\Desktop\Sigmanly_207d4565d00f14a24a00e416681b70ef.exe" C:\Users\admin\AppData\Local\Temp\is-CKQIM.tmp\Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpSigmanly_207d4565d00f14a24a00e416681b70ef.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
1
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ckqim.tmp\sigmanly_207d4565d00f14a24a00e416681b70ef.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
7568"C:\Users\admin\Desktop\Sigmanly_207d4565d00f14a24a00e416681b70ef.exe" /SPAWNWND=$30308 /NOTIFYWND=$9014C C:\Users\admin\Desktop\Sigmanly_207d4565d00f14a24a00e416681b70ef.exe
Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Driver Booster 3 Setup
Exit code:
1
Version:
3.1.0.0
Modules
Images
c:\users\admin\desktop\sigmanly_207d4565d00f14a24a00e416681b70ef.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
7592"C:\Users\admin\AppData\Local\Temp\is-M29P2.tmp\Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp" /SL5="$40300,13200498,139776,C:\Users\admin\Desktop\Sigmanly_207d4565d00f14a24a00e416681b70ef.exe" /SPAWNWND=$30308 /NOTIFYWND=$9014C C:\Users\admin\AppData\Local\Temp\is-M29P2.tmp\Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp
Sigmanly_207d4565d00f14a24a00e416681b70ef.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
1
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-m29p2.tmp\sigmanly_207d4565d00f14a24a00e416681b70ef.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
7660"C:\Users\admin\AppData\Local\Temp\is-DHVTL.tmp\DBInstaller.exe" "C:\Users\admin\Desktop\Sigmanly_207d4565d00f14a24a00e416681b70ef.exe" /title="Driver Booster 3.1" /ver=3.1.0.365C:\Users\admin\AppData\Local\Temp\is-DHVTL.tmp\DBInstaller.exeSigmanly_207d4565d00f14a24a00e416681b70ef.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Driver Booster Installer
Version:
3.0.3.0
Modules
Images
c:\users\admin\appdata\local\temp\is-dhvtl.tmp\dbinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
7720"C:\Users\admin\Desktop\Sigmanly_207d4565d00f14a24a00e416681b70ef.exe" /sp- /verysilent /Installer /DIR="C:\Program Files (x86)\IObit\Driver Booster\" /Installer-DeskIcon /Installer-TaskIconC:\Users\admin\Desktop\Sigmanly_207d4565d00f14a24a00e416681b70ef.exe
DBInstaller.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Driver Booster 3 Setup
Exit code:
0
Version:
3.1.0.0
Modules
Images
c:\users\admin\desktop\sigmanly_207d4565d00f14a24a00e416681b70ef.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
7744"C:\Users\admin\AppData\Local\Temp\is-IQ609.tmp\Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp" /SL5="$602B4,13200498,139776,C:\Users\admin\Desktop\Sigmanly_207d4565d00f14a24a00e416681b70ef.exe" /sp- /verysilent /Installer /DIR="C:\Program Files (x86)\IObit\Driver Booster\" /Installer-DeskIcon /Installer-TaskIconC:\Users\admin\AppData\Local\Temp\is-IQ609.tmp\Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp
Sigmanly_207d4565d00f14a24a00e416681b70ef.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-iq609.tmp\sigmanly_207d4565d00f14a24a00e416681b70ef.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
7912"C:\Program Files (x86)\IObit\Driver Booster\HWiNFO\HWiNFO.exe" /brandnameC:\Program Files (x86)\IObit\Driver Booster\HWiNFO\HWiNFO.exe
Sigmanly_207d4565d00f14a24a00e416681b70ef.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Hardware Information
Exit code:
0
Version:
3.0.3.5
Modules
Images
c:\program files (x86)\iobit\driver booster\hwinfo\hwinfo.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
7940"C:\Program Files (x86)\IObit\Driver Booster\SetupHlp.exe" /installC:\Program Files (x86)\IObit\Driver Booster\SetupHlp.exeSigmanly_207d4565d00f14a24a00e416681b70ef.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Driver Booster Setup Helper
Exit code:
0
Version:
3.1.0.17
Modules
Images
c:\program files (x86)\iobit\driver booster\setuphlp.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
Total events
4 676
Read events
4 654
Write events
22
Delete events
0

Modification events

(PID) Process:(7744) Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.6 (u)
(PID) Process:(7744) Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\IObit\Driver Booster
(PID) Process:(7744) Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\IObit\Driver Booster\
(PID) Process:(7744) Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Driver Booster 3
(PID) Process:(7744) Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(7744) Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon,taskbaricon
(PID) Process:(7744) Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
(PID) Process:(7744) Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Operation:writeName:Inno Setup: Language
Value:
English
(PID) Process:(7744) Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Operation:writeName:DisplayName
Value:
Driver Booster 3.1
(PID) Process:(7744) Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Executable files
116
Suspicious files
27
Text files
237
Unknown types
0

Dropped files

PID
Process
Filename
Type
7456Sigmanly_207d4565d00f14a24a00e416681b70ef.exeC:\Users\admin\AppData\Local\Temp\is-CKQIM.tmp\Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpexecutable
MD5:2777B07156F1A481FE51CD5CE1DF5F14
SHA256:BF06F3E5529E2A681EDC8010AB3CE0320FDCDDA542FC6BE54C913765A8F05E2C
7592Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpC:\Users\admin\AppData\Local\Temp\is-DHVTL.tmp\DriverBooster.exeexecutable
MD5:516931D7C5BB3B9AD4CA01DD28E862CE
SHA256:68411D1907DC2C15E9D3A0111F0F55E9F8C038E45477475BD90AFA15496AC0AC
7568Sigmanly_207d4565d00f14a24a00e416681b70ef.exeC:\Users\admin\AppData\Local\Temp\is-M29P2.tmp\Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpexecutable
MD5:2777B07156F1A481FE51CD5CE1DF5F14
SHA256:BF06F3E5529E2A681EDC8010AB3CE0320FDCDDA542FC6BE54C913765A8F05E2C
7592Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpC:\Users\admin\AppData\Local\Temp\is-DHVTL.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7744Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpC:\Users\admin\AppData\Local\Temp\is-G5JAK.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7744Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpC:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exeexecutable
MD5:516931D7C5BB3B9AD4CA01DD28E862CE
SHA256:68411D1907DC2C15E9D3A0111F0F55E9F8C038E45477475BD90AFA15496AC0AC
7744Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpC:\Program Files (x86)\IObit\Driver Booster\is-2NMVK.tmpexecutable
MD5:2777B07156F1A481FE51CD5CE1DF5F14
SHA256:BF06F3E5529E2A681EDC8010AB3CE0320FDCDDA542FC6BE54C913765A8F05E2C
7592Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpC:\Users\admin\AppData\Local\Temp\is-DHVTL.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
7744Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpC:\Users\admin\AppData\Local\Temp\is-G5JAK.tmp\RdZone.dllexecutable
MD5:61AD4BFDB2885D3497596DFAD2889C9A
SHA256:4AE86843FBB76C8A9BC3C364F85EC8EC1727556970E7ED5C2D31868E631C3162
7744Sigmanly_207d4565d00f14a24a00e416681b70ef.tmpC:\Program Files (x86)\IObit\Driver Booster\is-HP1TN.tmpexecutable
MD5:C64782E115604BC69F950757DDE8EF48
SHA256:05674595DADAC7FA708234E96B37832996D144232DD420E1A7A8EFFB55BCC855
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
51
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
8012
SIHClient.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
7948
InstStat.exe
GET
200
3.230.91.199:80
http://ascstats.iobit.com/install_v2.php?operate=1&user=1&app=db3&ver=3.1.0.365&pr=iobit&system=100&type=1&lang=en-US
unknown
whitelisted
8012
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
304
52.149.20.212:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
8012
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
8012
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
8012
SIHClient.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
GET
200
40.69.42.241:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
8012
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
8012
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
20.190.160.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6544
svchost.exe
20.190.160.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2112
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 20.190.160.64
  • 20.190.160.67
  • 20.190.160.17
  • 20.190.160.20
  • 40.126.32.134
  • 20.190.160.131
  • 40.126.32.138
  • 40.126.32.74
whitelisted
google.com
  • 142.250.185.174
whitelisted
crl.microsoft.com
  • 23.48.23.166
  • 23.48.23.143
  • 2.16.241.19
  • 2.16.241.12
whitelisted
ascstats.iobit.com
  • 3.230.91.199
  • 3.91.116.216
  • 3.210.176.6
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
www.microsoft.com
  • 23.52.120.96
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Sigmanly_207d4565d00f14a24a00e416681b70ef