URL:

http://pcclient.download.youku.com/youkuclient/youkuclient_setup_ywebtop1_7.7.9.5220.exe

Full analysis: https://app.any.run/tasks/65e1c782-44c2-4560-bb0a-10909d60169c
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: June 25, 2019, 11:48:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
adware
Indicators:
MD5:

FFC85E471B47A02BA8A1BADD037F0C44

SHA1:

B96FBA4B391BA02408FCBBABB88D8673C75AF78E

SHA256:

7FD3FA6ADAAFB1BCF6418CA9002ED333911A99626F8A66DDB550403AF51094E8

SSDEEP:

3:N1KOGTALREWETJMeq/JMeyQQNQM0C:COUAFnMMtBMlQe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • youkuclient_setup_ywebtop1_7.7.9.5220.exe (PID: 2488)
      • youkuclient_setup_ywebtop1_7.7.9.5220.exe (PID: 3024)
      • ns330E.tmp (PID: 3392)
      • YoukuMediaCenter.exe (PID: 1128)
      • ns6829.tmp (PID: 3128)
      • YouKuBugReport.exe (PID: 2492)
      • ns9499.tmp (PID: 1664)
      • nsBC36.tmp (PID: 3896)
      • alibabaprotectCon.exe (PID: 3980)
      • alibabaprotectCon.exe (PID: 3784)
      • nsBEF6.tmp (PID: 2120)
      • YoukuMediaCenter.exe (PID: 3744)
      • YoukuMediaCenter.exe (PID: 2536)
      • YoukuMediaCenter.exe (PID: 2184)
      • WebServe.exe (PID: 3108)
      • YoukuDesktop.exe (PID: 2188)
      • YoukuMediaCenter.exe (PID: 3000)
      • WebServe.exe (PID: 2880)
      • YoukuMediaCenter.exe (PID: 2152)
      • ikuacc.exe (PID: 2732)
      • CrashDumper.exe (PID: 2192)
      • YoukuMediaCenter.exe (PID: 2256)
      • YoukuMediaCenter.exe (PID: 2352)
      • pc-sdk-setup.exe (PID: 4028)
      • pc-sdk-setup.exe (PID: 3264)
      • ns1AAB.tmp (PID: 3584)
      • AlibabaProtect.exe (PID: 3432)
      • ns18E5.tmp (PID: 2800)
      • AlibabaProtect.exe (PID: 3196)
      • AlibabaProtect.exe (PID: 2364)
      • ns9067.tmp (PID: 4040)
      • AlibabaProtect.exe (PID: 3028)

    • Loads dropped or rewritten executable

      • youkuclient_setup_ywebtop1_7.7.9.5220.exe (PID: 3024)
      • YoukuMediaCenter.exe (PID: 1128)
      • regsvr32.exe (PID: 3984)
      • regsvr32.exe (PID: 3164)
      • YoukuMediaCenter.exe (PID: 3744)
      • YoukuMediaCenter.exe (PID: 3000)
      • WebServe.exe (PID: 2880)
      • YoukuMediaCenter.exe (PID: 2536)
      • WebServe.exe (PID: 3108)
      • YoukuMediaCenter.exe (PID: 2184)
      • YoukuDesktop.exe (PID: 2188)
      • YoukuMediaCenter.exe (PID: 2152)
      • CrashDumper.exe (PID: 2192)
      • YoukuMediaCenter.exe (PID: 2256)
      • YoukuMediaCenter.exe (PID: 2352)
      • pc-sdk-setup.exe (PID: 4028)
      • AlibabaProtect.exe (PID: 3196)
      • pc-sdk-setup.exe (PID: 3264)

    • Downloads executable files from the Internet

      • chrome.exe (PID: 2872)

    • Registers / Runs the DLL via REGSVR32.EXE

      • YouKuBugReport.exe (PID: 2492)

    • Changes settings of System certificates

      • alibabaprotectCon.exe (PID: 3980)
      • AlibabaProtect.exe (PID: 3196)

    • Changes the autorun value in the registry

      • YoukuMediaCenter.exe (PID: 3744)
      • YoukuMediaCenter.exe (PID: 2536)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2872)
      • YouKuBugReport.exe (PID: 2492)
      • youkuclient_setup_ywebtop1_7.7.9.5220.exe (PID: 3024)
      • pc-sdk-setup.exe (PID: 4028)
      • pc-sdk-setup.exe (PID: 3264)

    • Reads internet explorer settings

      • youkuclient_setup_ywebtop1_7.7.9.5220.exe (PID: 3024)

    • Reads Internet Cache Settings

      • youkuclient_setup_ywebtop1_7.7.9.5220.exe (PID: 3024)
      • YoukuMediaCenter.exe (PID: 3744)
      • YoukuMediaCenter.exe (PID: 2536)

    • Creates files in the user directory

      • youkuclient_setup_ywebtop1_7.7.9.5220.exe (PID: 3024)
      • YoukuMediaCenter.exe (PID: 3744)
      • YoukuMediaCenter.exe (PID: 2536)
      • YoukuMediaCenter.exe (PID: 3000)
      • ikuacc.exe (PID: 2732)
      • YoukuMediaCenter.exe (PID: 2152)
      • YoukuDesktop.exe (PID: 2188)
      • YoukuMediaCenter.exe (PID: 2256)
      • YoukuMediaCenter.exe (PID: 2184)

    • Starts application with an unusual extension

      • youkuclient_setup_ywebtop1_7.7.9.5220.exe (PID: 3024)
      • pc-sdk-setup.exe (PID: 4028)
      • pc-sdk-setup.exe (PID: 3264)

    • Creates a software uninstall entry

      • youkuclient_setup_ywebtop1_7.7.9.5220.exe (PID: 3024)

    • Creates COM task schedule object

      • regsvr32.exe (PID: 3984)
      • regsvr32.exe (PID: 3164)

    • Modifies the open verb of a shell class

      • youkuclient_setup_ywebtop1_7.7.9.5220.exe (PID: 3024)
      • YoukuMediaCenter.exe (PID: 3744)
      • YoukuMediaCenter.exe (PID: 2536)

    • Creates files in the program directory

      • youkuclient_setup_ywebtop1_7.7.9.5220.exe (PID: 3024)
      • YoukuMediaCenter.exe (PID: 3000)
      • YoukuMediaCenter.exe (PID: 2152)
      • YoukuDesktop.exe (PID: 2188)
      • pc-sdk-setup.exe (PID: 4028)
      • AlibabaProtect.exe (PID: 2364)
      • AlibabaProtect.exe (PID: 3196)
      • alibabaprotectCon.exe (PID: 3980)
      • alibabaprotectCon.exe (PID: 3784)
      • pc-sdk-setup.exe (PID: 3264)

    • Changes IE settings (feature browser emulation)

      • YoukuMediaCenter.exe (PID: 3744)
      • YoukuMediaCenter.exe (PID: 2536)

    • Adds / modifies Windows certificates

      • alibabaprotectCon.exe (PID: 3980)

    • Creates or modifies windows services

      • WebServe.exe (PID: 2880)

    • Starts CMD.EXE for commands execution

      • nsBEF6.tmp (PID: 2120)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 992)

    • Executed as Windows Service

      • WebServe.exe (PID: 3108)
      • AlibabaProtect.exe (PID: 3196)

    • Low-level read access rights to disk partition

      • YoukuDesktop.exe (PID: 2188)

    • Creates files in the Windows directory

      • WebServe.exe (PID: 3108)
      • AlibabaProtect.exe (PID: 3196)

    • Removes files from Windows directory

      • WebServe.exe (PID: 3108)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2872)

  • INFO

    • Reads Internet Cache Settings

      • chrome.exe (PID: 2872)

    • Application launched itself

      • chrome.exe (PID: 2872)

    • Dropped object may contain Bitcoin addresses

      • youkuclient_setup_ywebtop1_7.7.9.5220.exe (PID: 3024)
      • YoukuDesktop.exe (PID: 2188)
      • pc-sdk-setup.exe (PID: 4028)

    • Reads settings of System Certificates

      • YoukuMediaCenter.exe (PID: 2184)
      • YoukuDesktop.exe (PID: 2188)
      • AlibabaProtect.exe (PID: 3196)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
101
Monitored processes
56
Malicious processes
20
Suspicious processes
4

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs youkuclient_setup_ywebtop1_7.7.9.5220.exe no specs youkuclient_setup_ywebtop1_7.7.9.5220.exe chrome.exe no specs ns330e.tmp no specs youkumediacenter.exe no specs ns6829.tmp no specs youkubugreport.exe regsvr32.exe no specs regsvr32.exe no specs ns9499.tmp no specs youkumediacenter.exe alibabaprotectcon.exe youkumediacenter.exe youkumediacenter.exe youkumediacenter.exe nsbc36.tmp no specs webserve.exe no specs nsbef6.tmp no specs alibabaprotectcon.exe cmd.exe no specs sc.exe no specs webserve.exe youkudesktop.exe youkumediacenter.exe ikuacc.exe crashdumper.exe youkumediacenter.exe youkumediacenter.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs pc-sdk-setup.exe ns18e5.tmp no specs alibabaprotect.exe no specs ns1aab.tmp no specs alibabaprotect.exe no specs alibabaprotect.exe pc-sdk-setup.exe ns9067.tmp no specs alibabaprotect.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
908"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10658757632699496643,17954541270075751283,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=13505417522255179128 --mojo-platform-channel-handle=3972 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
992cmd.exe /c "sc start WebServe"C:\Windows\system32\cmd.exensBEF6.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1128"C:\Users\admin\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe" --utils --uninstall --type=ikucmc --action=overinstall --check-dll=0 --arg="repm=0|rm=1|pid=youkuclient|pver=|tm=1||box=1|sc=1|clearuserdata=0|path=\YoukuDesktop.exe"C:\Users\admin\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exens330E.tmp
User:
admin
Company:
Youku.com
Integrity Level:
HIGH
Description:
install helper
Exit code:
0
Version:
1.1.0.1226
Modules
Images
c:\users\admin\appdata\roaming\ytmediacenter\youkumediacenter.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\psapi.dll
1132"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=960,10658757632699496643,17954541270075751283,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=2859081655765145091 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2859081655765145091 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1572"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=960,10658757632699496643,17954541270075751283,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=15772670439280207949 --mojo-platform-channel-handle=4080 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1664"C:\Users\admin\AppData\Local\Temp\nscB22.tmp\ns9499.tmp" "C:\Program Files\YouKu\YoukuClient\YoukuMediaCenter.exe" --utils --install --type=ikucmc --action=user --check-dll=0 --arg="repm=0|rm=1|sr=1|pid=youkuclient|pver=7.7.9.5220|tm=0|mf=0|box=1|guide=1|conf=1|path=C:\Program Files\YouKu\YoukuClient\proxy\YoukuDesktop.exe|install_type=new|spk=1|ykgame=0"C:\Users\admin\AppData\Local\Temp\nscB22.tmp\ns9499.tmpyoukuclient_setup_ywebtop1_7.7.9.5220.exe
User:
admin
Integrity Level:
HIGH
Exit code:
4294967295
Modules
Images
c:\users\admin\appdata\local\temp\nscb22.tmp\ns9499.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2120"C:\Users\admin\AppData\Local\Temp\nscB22.tmp\nsBEF6.tmp" cmd.exe /c "sc start WebServe"C:\Users\admin\AppData\Local\Temp\nscB22.tmp\nsBEF6.tmpyoukuclient_setup_ywebtop1_7.7.9.5220.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nscb22.tmp\nsbef6.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2152"C:\Program Files\YouKu\YoukuClient\YoukuMediaCenter.exe" --utils --install --videoLibrary=videoLibraryC:\Program Files\YouKu\YoukuClient\YoukuMediaCenter.exe
youkuclient_setup_ywebtop1_7.7.9.5220.exe
User:
admin
Company:
youku.com
Integrity Level:
HIGH
Description:
优酷媒体中心
Exit code:
3221225477
Version:
7.7.9.5220
Modules
Images
c:\program files\youku\youkuclient\youkumediacenter.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2184"C:\Program Files\YouKu\YoukuClient\YoukuMediaCenter.exe" --utils --updatevidlibC:\Program Files\YouKu\YoukuClient\YoukuMediaCenter.exe
youkuclient_setup_ywebtop1_7.7.9.5220.exe
User:
admin
Company:
youku.com
Integrity Level:
HIGH
Description:
优酷媒体中心
Exit code:
0
Version:
7.7.9.5220
Modules
Images
c:\program files\youku\youkuclient\youkumediacenter.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2188"C:\Program Files\YouKu\YoukuClient\YoukuDesktop.exe" "iku://|install|"C:\Program Files\YouKu\YoukuClient\YoukuDesktop.exe
youkuclient_setup_ywebtop1_7.7.9.5220.exe
User:
admin
Company:
youku.com
Integrity Level:
HIGH
Description:
优酷
Exit code:
0
Version:
7.7.9.5220
Modules
Images
c:\program files\youku\youkuclient\youkudesktop.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
Total events
3 933
Read events
2 539
Write events
1 387
Delete events
7

Modification events

(PID) Process:(2872) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2872) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2872) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2872) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2872) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2632) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:2872-13205936927147625
Value:
259
(PID) Process:(2872) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2872) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2872) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3488-13197474229333984
Value:
0
(PID) Process:(2872) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
Executable files
200
Suspicious files
107
Text files
1 290
Unknown types
500

Dropped files

PID
Process
Filename
Type
2872chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
MD5:
SHA256:
2872chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
MD5:
SHA256:
2872chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
MD5:
SHA256:
2872chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
MD5:
SHA256:
2872chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
MD5:
SHA256:
2872chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bba3b1ae-e562-4241-8ad6-5251d14aeb71.tmp
MD5:
SHA256:
2872chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp
MD5:
SHA256:
2872chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
MD5:
SHA256:
2872chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
MD5:
SHA256:
2872chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
409
TCP/UDP connections
811
DNS requests
60
Threats
16

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3000
YoukuMediaCenter.exe
GET
47.92.21.13:80
http://p.youku.com/location?rand=17361
CN
malicious
3000
YoukuMediaCenter.exe
GET
47.92.21.13:80
http://p.youku.com/location?rand=11178
CN
malicious
3980
alibabaprotectCon.exe
GET
203.119.206.121:80
http://pcs-sdk-server.alibaba.com/l?umid=&csid=&acnt=&hosttype=16&log=begin%20local_load
CN
unknown
2872
chrome.exe
GET
200
213.244.178.209:80
http://pcclient.download.youku.com/youkuclient/youkuclient_setup_ywebtop1_7.7.9.5220.exe
GB
executable
88.8 Mb
malicious
3024
youkuclient_setup_ywebtop1_7.7.9.5220.exe
GET
200
205.204.101.182:80
http://gm.mmstat.com/yt/yt_pcclient.pv.log?ver=7.7.9.5220&cid=installpack&key=insFinish&os=6.1&hw_mac=52-54-00-4A-04-AF&partnerid=ywebtop1&ext1=1
US
image
43 b
whitelisted
2536
YoukuMediaCenter.exe
GET
301
205.204.101.47:80
http://pcapp.youku.com/checkpreload.php
US
html
357 b
suspicious
3744
YoukuMediaCenter.exe
GET
301
205.204.101.47:80
http://pcapp.youku.com/checkpreload.php
US
html
357 b
suspicious
3108
WebServe.exe
GET
301
205.204.101.47:80
http://pcapp.youku.com/checkpreload.php
US
html
357 b
suspicious
2184
YoukuMediaCenter.exe
GET
301
205.204.101.47:80
http://pcapp.youku.com/checkpreload.php
US
html
357 b
suspicious
3744
YoukuMediaCenter.exe
GET
200
205.204.101.182:80
http://gm.mmstat.com/yt/yt_pcclient.initial.log?cid=mediacenter&pid=ywebtop1&peerid=100000000000000000005D120A7D5254004A04AF&ver=7.7.9.5220&log_type=5000000&start_reason=no_reason&caller=ns9499%2Etmp&last_time=0&user_op=NU&hw_cpu=&hw_mem=&hw_w=1280&hw_h=720&hw_mac=5254004a04af&sw_os=win_6%2E1&sw_os_bit=32&sw_browser=ie%2Cfirefox%7Copera%7Cchrome%7Cie&ext_2=7&ext_3=0-0&ext_4=alihttp
US
image
43 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2872
chrome.exe
172.217.23.131:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2872
chrome.exe
213.244.178.209:80
pcclient.download.youku.com
Level 3 Communications, Inc.
GB
suspicious
2872
chrome.exe
216.58.205.228:443
www.google.com
Google Inc.
US
whitelisted
2872
chrome.exe
172.217.22.67:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2872
chrome.exe
172.217.18.174:443
sb-ssl.google.com
Google Inc.
US
whitelisted
2872
chrome.exe
172.217.22.110:443
clients1.google.com
Google Inc.
US
whitelisted
3024
youkuclient_setup_ywebtop1_7.7.9.5220.exe
205.204.101.182:80
gm.mmstat.com
Alibaba (China) Technology Co., Ltd.
US
suspicious
3744
YoukuMediaCenter.exe
205.204.101.47:80
pcapp.youku.com
Alibaba (China) Technology Co., Ltd.
US
suspicious
3744
YoukuMediaCenter.exe
205.204.101.47:443
pcapp.youku.com
Alibaba (China) Technology Co., Ltd.
US
suspicious
3980
alibabaprotectCon.exe
203.119.206.121:80
pcs-sdk-server.alibaba.com
CN
unknown

DNS requests

Domain
IP
Reputation
pcclient.download.youku.com
  • 213.244.178.209
  • 213.244.178.210
  • 213.244.178.244
  • 213.244.178.178
  • 213.244.178.205
  • 213.244.178.206
  • 213.244.178.207
  • 213.244.178.208
malicious
clientservices.googleapis.com
  • 172.217.23.131
whitelisted
accounts.google.com
  • 172.217.22.45
shared
www.google.com
  • 216.58.205.228
malicious
ssl.gstatic.com
  • 172.217.22.67
whitelisted
sb-ssl.google.com
  • 172.217.18.174
whitelisted
www.gstatic.com
  • 172.217.22.67
whitelisted
gm.mmstat.com
  • 205.204.101.182
whitelisted
clients1.google.com
  • 172.217.22.110
whitelisted
pcs-sdk-server.alibaba.com
  • 203.119.206.121
  • 203.119.214.248
  • 203.119.214.247
unknown

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
A Network Trojan was detected
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
Misc activity
SUSPICIOUS [PTsecurity] Suspicious HTTP header - Sometimes used by hostile installer
A Network Trojan was detected
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
Misc activity
SUSPICIOUS [PTsecurity] Suspicious HTTP header - Sometimes used by hostile installer
A Network Trojan was detected
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
Misc activity
SUSPICIOUS [PTsecurity] Suspicious HTTP header - Sometimes used by hostile installer
A Network Trojan was detected
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
Misc activity
SUSPICIOUS [PTsecurity] Suspicious HTTP header - Sometimes used by hostile installer
Potential Corporate Privacy Violation
ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted
4 ETPRO signatures available at the full report
Process
Message
YoukuMediaCenter.exe
1: Hotfix present and filter active 2: Hotfix not present, filter active if this is an affected system 0: Hotfix present, filter not active Current Filter Status:2
YoukuMediaCenter.exe
openapicaller: sspi
YoukuMediaCenter.exe
openapicaller: sspi
YoukuMediaCenter.exe
openapicaller: sspi
YoukuMediaCenter.exe
openapicaller: sspi
YoukuMediaCenter.exe
openapicaller: sspi
YoukuMediaCenter.exe
1: Hotfix present and filter active 2: Hotfix not present, filter active if this is an affected system 0: Hotfix present, filter not active Current Filter Status:2
YoukuMediaCenter.exe
1: Hotfix present and filter active 2: Hotfix not present, filter active if this is an affected system 0: Hotfix present, filter not active Current Filter Status:2
YoukuMediaCenter.exe
1: Hotfix present and filter active 2: Hotfix not present, filter active if this is an affected system 0: Hotfix present, filter not active Current Filter Status:2
YoukuMediaCenter.exe
OpenApi: Sync oaid->35
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://pcclient.download.youku.com/youkuclient/youkuclient_setup_ywebtop1_7.7.9.5220.exe