File name:

supportdock-free-pc-scan.exe

Full analysis: https://app.any.run/tasks/c777fbcc-a615-4fdb-9b6a-2f2542ffa08d
Verdict: Malicious activity
Analysis date: February 18, 2024, 15:34:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
rogue
fakeav
scareware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

66A3E1C630A129B46B21F2F622D21FFA

SHA1:

7BF8883B4829FF4577043CD35AB35A1051140C75

SHA256:

6E49958B96012ED8A5C8EF83C36E38061BF26BB54509D9FF277047D1C9571455

SSDEEP:

98304:5/RztZygTrtRNJwABd1yMcICTtDHXRRBNzbJ8AEdRBzMJf1hiw:rHw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Actions looks like stealing of personal data

      • supportdock-free-pc-scan.exe (PID: 2472)

  • SUSPICIOUS

    • Reads settings of System Certificates

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Searches for installed software

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Checks Windows Trust Settings

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Accesses Microsoft Outlook profiles

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Reads security settings of Internet Explorer

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Reads the Internet Settings

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Reads Microsoft Outlook installation path

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Reads Internet Explorer settings

      • supportdock-free-pc-scan.exe (PID: 2472)

  • INFO

    • Reads the computer name

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Checks supported languages

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Reads the machine GUID from the registry

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Checks proxy server information

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Creates files in the program directory

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Create files in a temporary directory

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Reads the software policy settings

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Creates files or folders in the user directory

      • supportdock-free-pc-scan.exe (PID: 2472)

    • Application launched itself

      • msedge.exe (PID: 1696)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (46.3)
.exe | Win64 Executable (generic) (41)
.exe | Win32 Executable (generic) (6.6)
.exe | Generic Win/DOS Executable (2.9)
.exe | DOS Executable Generic (2.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2011:08:18 15:47:25+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 512000
InitializedDataSize: 4141056
UninitializedDataSize: -
EntryPoint: 0x55c7f
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 1.0.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: iYogi
FileDescription: Automated PC Tune up
FileVersion: 1.0.0.1
InternalName: SPCScan.exe
LegalCopyright: (c) iYogi. All rights reserved.
OriginalFileName: APCT.exe
ProductName: Automated PC Tune up
ProductVersion: 1.0.0.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
50
Monitored processes
14
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start supportdock-free-pc-scan.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
712"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1424 --field-trial-handle=1368,i,14019379349020717268,9453951369807536030,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1556"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2888 --field-trial-handle=1368,i,14019379349020717268,9453951369807536030,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1696"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.killslow.com/C:\Program Files\Microsoft\Edge\Application\msedge.exe
supportdock-free-pc-scan.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1728"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2444 --field-trial-handle=1368,i,14019379349020717268,9453951369807536030,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1740"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1656 --field-trial-handle=1368,i,14019379349020717268,9453951369807536030,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1860"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2196 --field-trial-handle=1368,i,14019379349020717268,9453951369807536030,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2348"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3704 --field-trial-handle=1368,i,14019379349020717268,9453951369807536030,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2440"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1368,i,14019379349020717268,9453951369807536030,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2472"C:\Users\admin\AppData\Local\Temp\supportdock-free-pc-scan.exe" C:\Users\admin\AppData\Local\Temp\supportdock-free-pc-scan.exe
explorer.exe
User:
admin
Company:
iYogi
Integrity Level:
MEDIUM
Description:
Automated PC Tune up
Exit code:
0
Version:
1.0.0.1
Modules
Images
c:\users\admin\appdata\local\temp\supportdock-free-pc-scan.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2596"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2184 --field-trial-handle=1368,i,14019379349020717268,9453951369807536030,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
12 297
Read events
12 211
Write events
64
Delete events
22

Modification events

(PID) Process:(2472) supportdock-free-pc-scan.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2472) supportdock-free-pc-scan.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
Operation:delete valueName:9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Value:
(PID) Process:(2472) supportdock-free-pc-scan.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2472) supportdock-free-pc-scan.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:delete valueName:File
Value:
(PID) Process:(2472) supportdock-free-pc-scan.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:delete keyName:(default)
Value:
(PID) Process:(2472) supportdock-free-pc-scan.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
1400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D70300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2472) supportdock-free-pc-scan.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
190000000100000010000000BCC80DAA2F98A4692805BFF4CBB372EB0300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2472) supportdock-free-pc-scan.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2472) supportdock-free-pc-scan.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2472) supportdock-free-pc-scan.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
Executable files
1
Suspicious files
50
Text files
75
Unknown types
27

Dropped files

PID
Process
Filename
Type
2472supportdock-free-pc-scan.exeC:\Users\admin\AppData\Local\VirtualStore\Windows\__ir.gifimage
MD5:31CFE829FB68404804D50AA2B612D899
SHA256:E56E31EC997AF13D670FDD9D0F99BF7462B345433C630A0F380255026F6FD273
2472supportdock-free-pc-scan.exeC:\Users\admin\AppData\Local\VirtualStore\Windows\__br.gifimage
MD5:31CFE829FB68404804D50AA2B612D899
SHA256:E56E31EC997AF13D670FDD9D0F99BF7462B345433C630A0F380255026F6FD273
2472supportdock-free-pc-scan.exeC:\Users\admin\AppData\Local\VirtualStore\Windows\__ar.gifimage
MD5:F54448B67D52D27A2855F351B7903AEE
SHA256:B21056DB61C815406078DFCA0A4EB0BEB7E1DFBA94E66E9C28975E2BE5031054
2472supportdock-free-pc-scan.exeC:\Users\admin\AppData\Local\VirtualStore\Windows\__mr.gifimage
MD5:1E6B250FF8FACB722ECDCF28640A2582
SHA256:F7CD0381ED7398A0F4F9D3183AD0B8E9C9CBD564055E9EAEEEBD67201DF16514
2472supportdock-free-pc-scan.exeC:\Users\admin\AppData\Local\VirtualStore\Windows\__pr.gifimage
MD5:53471490A72B98B458653AFA10751A26
SHA256:72FECA126339AA8E0C93AF32ED06B76A95FA0A3E50B4FE0B342583536C7F42CB
2472supportdock-free-pc-scan.exeC:\Users\admin\AppData\Local\Temp\data.htmlhtml
MD5:98DBDE3B1CD9466BA3C8BF6AF31447B5
SHA256:1FE67AA2581445C055FF9647E2364D213B7FDF9AF22FA3FD5106BB5FC6B9F6EC
2472supportdock-free-pc-scan.exeC:\Users\admin\AppData\Local\VirtualStore\Windows\__jr.gifimage
MD5:C711058DB2D30E2006B7C2B6BF571128
SHA256:ADD6B875C8D9E7961A431DE885C05B8D0C94CB3B091C32CECF2A2621B08566FE
2472supportdock-free-pc-scan.exeC:\Users\admin\AppData\Local\VirtualStore\Windows\__rr.gifimage
MD5:E2C9575093DF77C3E961D29CB38AEE23
SHA256:3C4AC92086EDD9930C95C32991CB9BBF4CF7A9A98E0E80A86A05163DA3909200
2472supportdock-free-pc-scan.exeC:\Users\admin\AppData\Local\VirtualStore\Windows\__fr.gifimage
MD5:7A41BC60B533F179C31588FC8F805EEB
SHA256:4F2F2177574871370AAE32F1DC2BBBDED8B009C9C738525876899DBF91CFE07A
2472supportdock-free-pc-scan.exeC:\ProgramData\SmartPCScanHTML\popup_top.gifimage
MD5:755CAC7CA3537AEF39C26D9C7FA5123A
SHA256:82B6263DC11888358972F2F42ABBE9D6AA9520196870F939D631FFC4F14947DC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
61
DNS requests
47
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2472
supportdock-free-pc-scan.exe
GET
301
20.112.250.133:80
http://microsoft.com/
unknown
unknown
2472
supportdock-free-pc-scan.exe
GET
304
184.24.77.202:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f298ca30347c3779
unknown
unknown
2472
supportdock-free-pc-scan.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
binary
471 b
unknown
2440
msedge.exe
GET
301
13.248.169.48:80
http://www.killslow.com/
unknown
unknown
1080
svchost.exe
GET
200
184.24.77.197:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?1b8fee253118cbef
unknown
compressed
65.2 Kb
unknown
1080
svchost.exe
GET
304
184.24.77.197:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0754c686571bd23f
unknown
compressed
65.2 Kb
unknown
2472
supportdock-free-pc-scan.exe
GET
301
74.6.143.26:80
http://yahoo.com/
unknown
text
8 b
unknown
2472
supportdock-free-pc-scan.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
unknown
binary
471 b
unknown
2472
supportdock-free-pc-scan.exe
GET
301
204.79.197.219:80
http://msn.com/
unknown
unknown
2472
supportdock-free-pc-scan.exe
GET
429
172.217.16.132:80
http://www.google.com/sorry/index?continue=http://google.com/&q=EgQtWGF8GL7HyK4GIjAN8rl_MFSctRpOjov_4pcTSCfhEMBJOYK-ylXkOd3ng8ZRSCM86Dv8pFeFj_uwH2EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
unknown
html
2.97 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2472
supportdock-free-pc-scan.exe
20.112.250.133:80
microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2472
supportdock-free-pc-scan.exe
184.30.21.171:443
www.microsoft.com
AKAMAI-AS
DE
unknown
2472
supportdock-free-pc-scan.exe
184.24.77.202:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
2472
supportdock-free-pc-scan.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2440
msedge.exe
13.248.169.48:80
www.killslow.com
AMAZON-02
US
unknown
1696
msedge.exe
239.255.255.250:1900
unknown
2440
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
microsoft.com
  • 20.112.250.133
  • 20.231.239.246
  • 20.76.201.171
  • 20.70.246.20
  • 20.236.44.162
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
ctldl.windowsupdate.com
  • 184.24.77.202
  • 184.24.77.173
  • 184.24.77.192
  • 184.24.77.174
  • 184.24.77.184
  • 184.24.77.197
  • 184.24.77.194
  • 184.24.77.205
  • 184.24.77.187
  • 184.24.77.186
  • 184.24.77.193
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.killslow.com
  • 13.248.169.48
  • 76.223.54.146
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
img1.wsimg.com
  • 95.100.135.66
  • 95.100.135.96
whitelisted
api.afternic.com
  • 104.126.37.138
  • 104.126.37.163
unknown
api.aws.parking.godaddy.com
  • 3.110.19.2
  • 13.232.215.250
whitelisted

Threats

PID
Process
Class
Message
2472
supportdock-free-pc-scan.exe
A Network Trojan was detected
ET HUNTING Terse Unencrypted Request for Google - Likely Connectivity Check
2472
supportdock-free-pc-scan.exe
A Network Trojan was detected
ET HUNTING Terse Unencrypted Request for Google - Likely Connectivity Check
Process
Message
supportdock-free-pc-scan.exe
ANTISPYWARE
supportdock-free-pc-scan.exe
Hello
supportdock-free-pc-scan.exe
SYSTEM RESTORE
supportdock-free-pc-scan.exe
Hello
supportdock-free-pc-scan.exe
MEMORY CHECK
supportdock-free-pc-scan.exe
Hello
supportdock-free-pc-scan.exe
BROWSER CHECK
supportdock-free-pc-scan.exe
Hello
supportdock-free-pc-scan.exe
JUNK FILE CLEANUP
supportdock-free-pc-scan.exe
Hello
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
supportdock-free-pc-scan.exe