File name:

com.tencent.mm_2702800024_installer (1).exe

Full analysis: https://app.any.run/tasks/f275f66a-5ef8-41d7-a132-79571a48c61a
Verdict: Malicious activity
Analysis date: November 14, 2024, 17:06:33
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
MD5:

E15301232DC862AC9187AC260C8D9AF2

SHA1:

C322B754207861B7A3877B9F52DD9498A14AF93A

SHA256:

7ABAE59DBBB19A6C55D35CCEED2C974C26D3F4FF7150014875F53AABD7250EE9

SSDEEP:

98304:Yk1IHSU6dVlgh18dNZngNRoqrK7GeSu41A49B+T3/45rFBttTggVtpX5Z4+QiwRO:Fgqc/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • Setup.exe (PID: 6196)

  • SUSPICIOUS

    • The process verifies whether the antivirus software is installed

      • com.tencent.mm_2702800024_installer (1).exe (PID: 6296)

    • Process drops legitimate windows executable

      • com.tencent.mm_2702800024_installer (1).exe (PID: 6296)
      • Setup.exe (PID: 6196)
      • Setup.exe (PID: 1048)
      • AndrowsStore.exe (PID: 4432)

    • Drops 7-zip archiver for unpacking

      • com.tencent.mm_2702800024_installer (1).exe (PID: 6296)
      • Setup.exe (PID: 6196)

    • Executable content was dropped or overwritten

      • Setup.exe (PID: 6196)
      • com.tencent.mm_2702800024_installer (1).exe (PID: 6296)
      • AndrowsStore.exe (PID: 4432)
      • Setup.exe (PID: 1048)

    • The process drops C-runtime libraries

      • com.tencent.mm_2702800024_installer (1).exe (PID: 6296)
      • Setup.exe (PID: 6196)
      • AndrowsStore.exe (PID: 4432)

    • Executes as Windows Service

      • AndrowsSvr.exe (PID: 1172)

    • Drops a system driver (possible attempt to evade defenses)

      • Setup.exe (PID: 6196)
      • com.tencent.mm_2702800024_installer (1).exe (PID: 6296)

    • Starts CMD.EXE for commands execution

      • Setup.exe (PID: 6196)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 6276)

    • Uses WMIC.EXE to obtain data on the base board management (motherboard or system board)

      • AndrowsStore.exe (PID: 4432)

  • INFO

    • Reads the computer name

      • com.tencent.mm_2702800024_installer (1).exe (PID: 6296)

    • Creates files or folders in the user directory

      • com.tencent.mm_2702800024_installer (1).exe (PID: 6296)

    • Checks supported languages

      • com.tencent.mm_2702800024_installer (1).exe (PID: 6296)

    • Creates files in the program directory

      • com.tencent.mm_2702800024_installer (1).exe (PID: 6296)

    • Create files in a temporary directory

      • com.tencent.mm_2702800024_installer (1).exe (PID: 6296)

    • Reads the machine GUID from the registry

      • com.tencent.mm_2702800024_installer (1).exe (PID: 6296)

    • Manual execution by a user

      • AndrowsLauncher.exe (PID: 7844)
      • firefox.exe (PID: 7532)

    • Application launched itself

      • firefox.exe (PID: 7532)
      • firefox.exe (PID: 6436)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:11:08 08:12:06+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.29
CodeSize: 3930624
InitializedDataSize: 3546112
UninitializedDataSize: -
EntryPoint: 0x36ca34
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Tencent
FileDescription: 腾讯应用宝
FileVersion: 1.0.0.0
LegalCopyright: Copyright (C) 2022 Tencent. All Rights Reserved.
InternalName: Androws
ProductName: Androws
ProductVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
202
Monitored processes
64
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start com.tencent.mm_2702800024_installer (1).exe sppextcomobj.exe no specs slui.exe no specs setup.exe crashpad_handler.exe androwsassistant.exe no specs androwsassistant.exe no specs androwssvr.exe dokanctl.exe no specs conhost.exe no specs crashpad_handler.exe cmd.exe no specs conhost.exe no specs regsvr32.exe no specs sc.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs androwsstore.exe crashpad_handler.exe no specs opengl_checker.exe no specs conhost.exe no specs androwsdlsvr.exe no specs conhost.exe no specs androwslauncher.exe no specs crashpad_handler.exe no specs androwsassistant.exe no specs crashpad_handler.exe no specs wmic.exe no specs conhost.exe no specs cefrendererprocess.exe no specs cefrendererprocess.exe no specs cefrendererprocess.exe no specs androwslauncher.exe no specs crashpad_handler.exe no specs slui.exe no specs androwsassistant.exe no specs crashpad_handler.exe no specs androwsassistant.exe no specs crashpad_handler.exe no specs androwslauncher.exe no specs crashpad_handler.exe no specs setup.exe crashpad_handler.exe no specs firefox.exe no specs firefox.exe no specs androwslauncher.exe no specs androwslauncher.exe no specs crashpad_handler.exe no specs crashpad_handler.exe no specs androwsassistant.exe no specs androwsassistant.exe no specs crashpad_handler.exe no specs crashpad_handler.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs com.tencent.mm_2702800024_installer (1).exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1048"C:\AndrowsData\Component\89890008ed3785c2f367472dbdcc2799_3.0.3.109_bae20431fc814d77294e3f2b9a8053ce\Setup.exe" --install C:\AndrowsData\Component\89890008ed3785c2f367472dbdcc2799_3.0.3.109_bae20431fc814d77294e3f2b9a8053ce\Setup.exe
AndrowsStore.exe
User:
admin
Company:
Tencent
Integrity Level:
HIGH
Description:
腾讯应用宝
Exit code:
0
Version:
1.0.0.0
1172"C:\Program Files\Tencent\Androws\Application\3.0.4076.0\AndrowsSvr.exe"C:\Program Files\Tencent\Androws\Application\3.0.4076.0\AndrowsSvr.exe
services.exe
User:
SYSTEM
Company:
Tencent
Integrity Level:
SYSTEM
Description:
腾讯应用宝
Version:
3.0.4076.0
Modules
Images
c:\program files\tencent\androws\application\3.0.4076.0\androwssvr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1196"C:\Program Files\Tencent\Androws\Application\3.0.4076.0\CefRendererProcess" --lang=en-US --locales-dir-path="C:\Program Files\Tencent\Androws\Application\3.0.4076.0\resources\locales" --log-items=pid,tid,timestamp --log-severity=disable --no-sandbox --resources-dir-path="C:\Program Files\Tencent\Androws\Application\3.0.4076.0\resources" --service-sandbox-type=none --type=utility --use-angle=swiftshader-webgl --use-gl=angle --user-agent-product="Chrome/126.0.0 CefView/1.0 (Windows; en-us) YYBAppClient/3.0.4076.0" --user-data-dir="C:\Users\admin\AppData\Roaming\Tencent\Androws\cef\CEF_AndrowsStore" --utility-sub-type=network.mojom.NetworkService --in-process-gpu --windows-job-name=CefView-Job-{f0a3c1e3-ff89-4581-8a45-f0bfd74c4bb0}-4432 --disable-extensions --disable-pdf-extension --disable-site-isolation-trials=1 --bridge-obj-name=CallBridge --field-trial-handle=4272,i,1525164830435038437,17072697168747508923,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=4260C:\Program Files\Tencent\Androws\Application\3.0.4076.0\CefRendererProcess.exeAndrowsStore.exe
User:
admin
Integrity Level:
HIGH
1204C:\AndrowsData\Component\Androws\crashpad_handler.exe --no-rate-limit --database=C:\Users\admin\AppData\Local\Temp\Tencent\Androws\ --metrics-dir=C:\Users\admin\AppData\Local\Temp\Tencent\Androws\ --annotation=app_id=7ebaf51295 --annotation=app_key=3595ca0a-0ac2-42e7-988b-bb08e6767e24 --annotation=app_version=1.0.0.0 "--annotation=build_id= 3.0.4076 .0" --annotation=bundle_id=com.tencent.androws --annotation=database=7ebaf51295 --annotation=format=minidump --annotation=is_need_attach_info=true --annotation=is_need_upload=true --annotation=is_pop_dialog=true --annotation=is_server_process=false --annotation=process_display_name=AndrowsSetup --annotation=process_name=AndrowsSetup --annotation=product=7ebaf51295 --annotation=version=1.0.0.0 --initial-client-data=0x3e8,0x3ec,0x3f0,0x378,0x3f8,0x7ffbc93560b8,0x7ffbc9356078,0x7ffbc9356088C:\AndrowsData\Component\Androws\crashpad_handler.exe
Setup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\androwsdata\component\androws\crashpad_handler.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1588"C:\Program Files\Tencent\Androws\Application\AndrowsLauncher.exe" --launch-proc-name "AndrowsAssistant.exe" --rid-long "CPTelt2yMhABGgVwY3l5YiIDMzU1KhFwY3l5Yl90aXBzX3JlY192MjIgN2I5ZGJkZjUwYjk1YzhkY2I0ZjFkZjEyMWU4NGZkNGQ6CDQ4MTY0MzI5Qh0wYjA2ZjE0Y2U5NzYzNzZjLTgyMmUzNjY3LTM1NUoFEgOgjQZSBzgyMjUwMTRYEWIwCQAAAAAAAElAEiUKI2NoYW5uZWxfbWFubmVyLnJlcXVlc3RfY29udGV4dF9hcHBzankJdYtKAAECSUASEAoFYWxwaGERAAAAAACAgEASDwoEYmV0YREAAAAAQFbgQBILCglpc19leHBvc2USEwoIcHJpb3JpdHkRAAAAAAAASUASEwoIY2xpY2tfcHYRAAAAAABwgEASFAoJZXhwb3NlX3B2EQAAAACAWeBAcgB6MgowCgQyOTQ2IhszMmVlODdmNWE4ZTRiOTU5LTgyMmUzNjY3IzAqC2VycF9yYW5raW5n" --show-tips "{\"BusinessId\":\"b_inner_notify\",\"Content\":\"{\\\"rid\\\":\\\"27de3f715a4febbd\\\",\\\"schema_url\\\":\\\"androws://tips/gotoDetail?pkgname=com.tencent.pcgame.tmgp.tlbbgl&raw_tips_type=1&raw_tips_task_id=8225014&rid=27de3f715a4febbd&trace_id=0b9807db-a2ab-11ef-be94-52540034240b\\\",\\\"show_interval\\\":1800,\\\"system_notify\\\":{\\\"action\\\":[\\\"\\\"],\\\"action_schema\\\":{\\\"\\\":\\\"androws://tips/gotoDetail?pkgname=com.tencent.pcgame.tmgp.tlbbgl&raw_tips_type=1&raw_tips_task_id=8225014\\\"},\\\"avatar_url\\\":\\\"\\\",\\\"content\\\":\\\"\\\",\\\"inline_image_url\\\":\\\"https://static.pc.yyb.qq.com/wupload/xy/yyb_management_system/LCESxKHY.png\\\",\\\"title\\\":\\\"\\\"},\\\"timeout\\\":0,\\\"trace_id\\\":\\\"0b9807db-a2ab-11ef-be94-52540034240b\\\"}\",\"EndTime\":1731715199,\"TaskId\":\"8225014_assistant_tips\",\"Type\":3001}" C:\Program Files\Tencent\Androws\Application\AndrowsLauncher.exeAndrowsSvr.exe
User:
admin
Company:
Tencent
Integrity Level:
HIGH
Description:
腾讯应用宝
Exit code:
0
Version:
3.0.4076.0
1752"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4632 -childID 2 -isForBrowser -prefsHandle 2788 -prefMapHandle 2616 -prefsLen 36339 -prefMapSize 244343 -jsInitHandle 1540 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0dc9374-b82e-4d25-a005-7da3c3e919a2} 6436 "\\.\pipe\gecko-crash-server-pipe.6436" 1b0f8754bd0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
1788"C:\Program Files\Tencent\Androws\Application\3.0.4076.0\crashpad_handler.exe" --no-rate-limit --database=C:\Users\admin\AppData\Local\Temp\Tencent\Androws\ --metrics-dir=C:\Users\admin\AppData\Local\Temp\Tencent\Androws\ --annotation=app_id=7ebaf51295 --annotation=app_key=3595ca0a-0ac2-42e7-988b-bb08e6767e24 --annotation=app_version=3.0.53.01 --annotation=build_id=3.0.4076.0 --annotation=bundle_id=com.tencent.androws --annotation=database=7ebaf51295 --annotation=format=minidump --annotation=is_need_attach_info=true --annotation=is_need_upload=true --annotation=is_pop_dialog=false --annotation=is_server_process=false --annotation=process_display_name=AndrowsAssistant --annotation=process_name=AndrowsAssistant --annotation=product=7ebaf51295 --annotation=version=3.0.53.01 --initial-client-data=0x3f8,0x3fc,0x314,0x3d4,0x404,0x7ffbc77a60b8,0x7ffbc77a6078,0x7ffbc77a6088C:\Program Files\Tencent\Androws\Application\3.0.4076.0\crashpad_handler.exeAndrowsAssistant.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
2360C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
2652\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
3508"C:\Program Files\Tencent\Androws\Application\3.0.4076.0\crashpad_handler.exe" --no-rate-limit --database=C:\Users\admin\AppData\Local\Temp\Tencent\Androws\ --metrics-dir=C:\Users\admin\AppData\Local\Temp\Tencent\Androws\ --annotation=app_id=7ebaf51295 --annotation=app_key=3595ca0a-0ac2-42e7-988b-bb08e6767e24 --annotation=app_version=3.0.53.01 --annotation=build_id=3.0.4076.0 --annotation=bundle_id=com.tencent.androws --annotation=database=7ebaf51295 --annotation=format=minidump --annotation=is_need_attach_info=true --annotation=is_need_upload=true --annotation=is_pop_dialog=false --annotation=is_server_process=false --annotation=process_display_name=AndrowsLauncher --annotation=process_name=AndrowsLauncher --annotation=product=7ebaf51295 --annotation=version=3.0.53.01 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x1fc,0x7ffbc77a60b8,0x7ffbc77a6078,0x7ffbc77a6088C:\Program Files\Tencent\Androws\Application\3.0.4076.0\crashpad_handler.exeAndrowsLauncher.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Total events
4 810
Read events
4 771
Write events
39
Delete events
0

Modification events

(PID) Process:(6296) com.tencent.mm_2702800024_installer (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:ChannelId
Value:
987419A100000000
(PID) Process:(6296) com.tencent.mm_2702800024_installer (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:InstallSource
Value:
{"app_id":"com.tencent.mm","app_type":1,"channel_id":2702800024,"install_priority":0,"build_id":50967,"display_name":"微信电脑版","pullup_type":1,"app_pullup_type":0,"install_mode":0,"version":"1.0.27.1044","report_info":{"source_id":"","account_id":"151709963","keyword_id":"77241071227482","media_id":"yyb-website","browser":"Edge","plan_id":"485154304","group_id":"1235852123113274","click_id":"e305d2bd356312815067b588c2e9b7f8","ocpc":"bing-search","h5_url":"https://sj.qq.com/pcsem/bannerpic/com.tencent.mm?mid=2545&supply_id=2702800024&ocpc=0&platform=bing&account_id=151709963&landing_type=pcyyb&plan_id=485154304&group_id=1235852123113274&keyword_id=kwd-77241071227482:loc-39&click_id=e305d2bd356312815067b588c2e9b7f8&matchtype=e&msclkid=e305d2bd356312815067b588c2e9b7f8","seo_source":"bing"},"extra_info":{"apk_channel":"","apk_deep_link":"","wx_app_path":""},"oem_type":0,"oem_preinstall":0,"androws_main_version":"","create_desktop_link":1,"auto_start_market":1,"client_pseudo_protocol":"","show_tray_icon":1}
(PID) Process:(6296) com.tencent.mm_2702800024_installer (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws\Env
Operation:writeName:svid
Value:
7b9dbdf50b95c8dcb4f1df121e84fd4d
(PID) Process:(6296) com.tencent.mm_2702800024_installer (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Tencent\Androws\Env
Operation:writeName:svid
Value:
7b9dbdf50b95c8dcb4f1df121e84fd4d
(PID) Process:(6296) com.tencent.mm_2702800024_installer (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws\Env\GraphicInfo\com.tencent.mm_2702800024_installer (1).exe
Operation:writeName:OpenglVendor
Value:
Microsoft Corporation
(PID) Process:(6296) com.tencent.mm_2702800024_installer (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws\Env\GraphicInfo\com.tencent.mm_2702800024_installer (1).exe
Operation:writeName:OpenglRenderer
Value:
GDI Generic
(PID) Process:(6296) com.tencent.mm_2702800024_installer (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws\Env\GraphicInfo\com.tencent.mm_2702800024_installer (1).exe
Operation:writeName:OpenglVersion
Value:
1.1.0
(PID) Process:(6296) com.tencent.mm_2702800024_installer (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws\Env\GraphicInfo\com.tencent.mm_2702800024_installer (1).exe
Operation:writeName:OpenglMajorVersion
Value:
0000000000000000
(PID) Process:(6296) com.tencent.mm_2702800024_installer (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws\Env\GraphicInfo\com.tencent.mm_2702800024_installer (1).exe
Operation:writeName:OpenglMinorVersion
Value:
0000000000000000
(PID) Process:(6296) com.tencent.mm_2702800024_installer (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Tencent\Androws\Duration
Operation:writeName:FetchOpenglInfocom.tencent.mm_2702800024_installer (1).exe
Value:
E834A42B93010000
Executable files
477
Suspicious files
731
Text files
563
Unknown types
32

Dropped files

PID
Process
Filename
Type
6296com.tencent.mm_2702800024_installer (1).exeC:\AndrowsData\Component\Androws.7z.teemo
MD5:
SHA256:
6296com.tencent.mm_2702800024_installer (1).exeC:\AndrowsData\Component\Androws.7z
MD5:
SHA256:
6296com.tencent.mm_2702800024_installer (1).exeC:\AndrowsData\Component\Androws\font\Noto Sans SC (TrueType).otf
MD5:
SHA256:
6296com.tencent.mm_2702800024_installer (1).exeC:\AndrowsData\Component\Androws\font\Noto Sans SC Bold (TrueType).otf
MD5:
SHA256:
6296com.tencent.mm_2702800024_installer (1).exeC:\AndrowsData\Component\Androws\font\Noto Sans SC Medium (TrueType).otf
MD5:
SHA256:
6296com.tencent.mm_2702800024_installer (1).exeC:\Users\admin\AppData\Roaming\Tencent\beacon\GlobalMgr.dbtext
MD5:8DA071308885F21FDA34EB0CD9A68F9E
SHA256:66DA243433374FF94BFDFF1979CFB71E4284543ADC0C39BD5884B28F401FA718
6296com.tencent.mm_2702800024_installer (1).exeC:\AndrowsData\Component\Androws\icudtl.dat
MD5:
SHA256:
6296com.tencent.mm_2702800024_installer (1).exeC:\Users\admin\AppData\Roaming\Tencent\Androws\db\OTable.db-journalbinary
MD5:D4885B9BD995DA5B86DDD83871AB0614
SHA256:9E580BB214CC9268D54ADAA0B189250CAF538AB127B7D05624075C2EEEF5A5AE
6296com.tencent.mm_2702800024_installer (1).exeC:\Users\admin\AppData\Roaming\Tencent\BeaconConfig\0WIN0GIA035UNMF7.initext
MD5:DC60A8DF728166ACB85BCC0B43C04DCE
SHA256:A2261D2372D4D674EC25D94F679A1D8BAE70C269D86DF2219FA5800F964C82FD
6296com.tencent.mm_2702800024_installer (1).exeC:\androws_temp.txtbinary
MD5:0D5A9115CA3E62AAC00A5D6B68392C56
SHA256:6F24BAE6C7B73ED650F4E9777D5420898356B3CB2E08DABB3EDB2253A655F9E6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
48
TCP/UDP connections
294
DNS requests
153
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
POST
200
195.138.255.24:80
http://r10.o.lencr.org/
unknown
whitelisted
POST
200
195.138.255.24:80
http://r11.o.lencr.org/
unknown
whitelisted
POST
200
195.138.255.24:80
http://r10.o.lencr.org/
unknown
whitelisted
2364
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6740
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.53.41.248:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7084
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7084
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1588
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6944
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6296
com.tencent.mm_2702800024_installer (1).exe
129.226.102.75:443
yybadaccess.3g.qq.com
Tencent Building, Kejizhongyi Avenue
HK
whitelisted
6296
com.tencent.mm_2702800024_installer (1).exe
101.33.47.206:8081
oth.eve.mdt.qq.com
Tencent Building, Kejizhongyi Avenue
SG
whitelisted
4360
SearchApp.exe
2.16.110.200:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2364
svchost.exe
40.126.32.133:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.78
whitelisted
yybadaccess.3g.qq.com
  • 129.226.102.75
whitelisted
oth.eve.mdt.qq.com
  • 101.33.47.206
  • 101.33.47.68
whitelisted
www.bing.com
  • 2.16.110.200
  • 2.16.110.192
  • 2.16.110.193
  • 2.16.110.203
  • 2.16.110.187
  • 2.16.110.131
  • 2.16.110.138
  • 2.16.110.194
  • 2.16.110.120
  • 2.16.110.146
  • 2.16.110.186
  • 2.16.110.195
  • 2.16.110.130
  • 2.16.110.137
  • 2.16.110.201
  • 2.16.110.121
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.133
  • 20.190.160.14
  • 40.126.32.72
  • 40.126.32.76
  • 20.190.160.17
  • 40.126.32.74
  • 40.126.32.68
  • 20.190.160.22
whitelisted
th.bing.com
  • 2.16.110.120
  • 2.16.110.200
  • 2.16.110.192
  • 2.16.110.193
  • 2.16.110.203
  • 2.16.110.187
  • 2.16.110.131
  • 2.16.110.138
  • 2.16.110.194
whitelisted
go.microsoft.com
  • 23.52.181.141
whitelisted
conf.syzs.qq.com
  • 43.152.137.29
  • 43.152.29.15
  • 43.152.29.20
whitelisted
crl.microsoft.com
  • 23.53.41.248
  • 23.53.42.18
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
Misc activity
ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
Process
Message
AndrowsSvr.exe
11-14 17:08:14.836 [1172.6212](info)[app.androwsservice] [service::ServiceMain] (androws_service.cpp:142) [Msg]: [Enter][argc]: 1
AndrowsSvr.exe
11-14 17:08:14.836 [1172.6668](info)[app.androwsservice] [service::Initialize::::operator()] (androws_service.cpp:194) [Msg]: Starting ServiceMain...
AndrowsSvr.exe
11-14 17:08:14.836 [1172.4816](info)[app.launch] [boot::Initialize] (initialize.cpp:103) [Msg]: "C:\Program Files\Tencent\Androws\Application\3.0.4076.0\AndrowsSvr.exe"
AndrowsSvr.exe
11-14 17:08:14.836 [1172.4816](info)[app.androwsservice] [WaitForExploreReady] (uac_start.cc:240) [Msg]: Waiting for explore...
AndrowsSvr.exe
11-14 17:08:14.836 [1172.6212](info)[app.androwsservice] [service::ServiceMain] (androws_service.cpp:170) [Msg]: Service Starting...
AndrowsSvr.exe
11-14 17:08:14.836 [1172.4816](info)[app.androwsservice] [WaitForExploreReady] (uac_start.cc:250) [Msg]: Waiting for explore done.
AndrowsSvr.exe
11-14 17:08:14.946 [1172.4816](warning)[default] [unknown] (:0) [Msg]: QObject: Cannot create children for a parent that is in a different thread. (Parent is CLoginService(0x7ff685dd0510), parent's thread is QThread(0x14ea1a63770), current thread is QThread(0x14ea1013c30)
AndrowsSvr.exe
11-14 17:08:14.946 [1172.4816](info)[app.clogin] [CLoginService::Initialize] (clogin_service.cc:142) [Msg]: enter.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
com.tencent.mm_2702800024_installer (1).exe