Malware analysis PC Building Simulator Setup.exe Malicious activity

Add for printing

File name:	PC Building Simulator Setup.exe
Full analysis:	https://app.any.run/tasks/eac1c644-529d-411d-82c5-fef940f6eac1
Verdict:	Malicious activity
Analysis date:	April 07, 2018, 10:10:01
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5:	B5419E30D8614C3B644341C82937331D
SHA1:	DCADE80C8D43D4DA211D390FC0F5868941421F19
SHA256:	83A17B97156FFCBB789B3686F3836C9F98275B307CE7FD673D9DD0B4AD92428B
SSDEEP:	196608:ClX+aFFgukY8Iw+5j3tpXr7e6DicueojSsmzRI2es/F:ClrFFg7awYTzvMjNoRUs/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:

Software preset

Internet Explorer 8.0.7601.17514 undefined
7-Zip 16.04 (16.04)
Adobe Acrobat Reader DC MUI (15.007.20033)
Adobe Flash Player 26 ActiveX (26.0.0.137)
CCleaner (5.35)
FileZilla Client 3.31.0 (3.31.0)
Google Chrome (61.0.3163.100)
Google Update Helper (1.3.33.5)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.6.1 (4.6.01055)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Home and Business 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (11.0.61030.0)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (11.0.61030)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (11.0.61030)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (14.12.25810.0)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25810 (14.12.25810)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25810 (14.12.25810)
Mozilla Firefox 55.0.3 (x86 en-US) (55.0.3)
Mozilla Maintenance Service (55.0.3)
Notepad++ (32-bit x86) (7.5.4)
Opera 12.15 (12.15.1748)
Skype™ 7.39 (7.39.102)
VLC media player (2.2.6)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Troubleshooters Package
InternetExplorer Optional Package
KB2534111
KB2999226
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
ProfessionalEdition
UltimateEdition
WinMan WinIP Package TopLevel

Add for printing

MALICIOUS
- Application loaded dropped or rewritten executable
  - PC Building Simulator Setup.exe (PID: 3828)
SUSPICIOUS
- Starts Internet Explorer
  - PC Building Simulator Setup.exe (PID: 3828)
- Check for Java to be installed
  - iexplore.exe (PID: 3764)
- Modifies the open verb of a shell class
  - opera.exe (PID: 272)
- Creates files in the user directory
  - opera.exe (PID: 272)
INFO
- Dropped object may contain URL's
  - PC Building Simulator Setup.exe (PID: 2424)
  - iexplore.exe (PID: 2712)
  - iexplore.exe (PID: 1432)
  - iexplore.exe (PID: 3764)
  - opera.exe (PID: 272)
- Reads internet explorer settings
  - iexplore.exe (PID: 1432)
  - iexplore.exe (PID: 2712)
- Changes internet zones settings
  - iexplore.exe (PID: 3764)
- Adds / modifies Windows certificates
  - iexplore.exe (PID: 1432)
- Reads Internet Cache Settings
  - iexplore.exe (PID: 2712)
  - iexplore.exe (PID: 1432)
  - iexplore.exe (PID: 3764)
- Changes settings of System certificates
  - iexplore.exe (PID: 1432)
- Creates files in the user directory
  - iexplore.exe (PID: 3764)
  - iexplore.exe (PID: 1432)
  - iexplore.exe (PID: 2712)
- Application launched itself
  - iexplore.exe (PID: 3764)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (42.1)
.exe	\|	Win64 Executable (generic) (37.3)
.dll	\|	Win32 Dynamic Link Library (generic) (8.8)
.exe	\|	Win32 Executable (generic) (6)
.exe	\|	Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	0000:00:00 00:00:00
PEType:	PE32
LinkerVersion:	2.25
CodeSize:	40448
InitializedDataSize:	126976
UninitializedDataSize:	51200
EntryPoint:	0x14e0
OSVersion:	4
ImageVersion:	1
SubsystemVersion:	4
Subsystem:	Windows GUI
FileVersionNumber:	1.0.0.0
ProductVersionNumber:	1.0.0.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
FileVersion:	1.0.0.0
ProductVersion:	1.0.0.0
OriginalFileName:	PC Building Simulator Setup.exe
InternalName:	PC Building Simulator Setup.exe
FileDescription:	PC Building Simulator Online Installer
CompanyName:	denuvo-crack
LegalCopyright:	denuvo-crack, 2017
ProductName:	PC Building Simulator Setup

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

272

"C:\Program Files\Opera\opera.exe"

C:\Program Files\Opera\opera.exe

—

explorer.exe

User:

admin

Company:

Opera Software

Integrity Level:

MEDIUM

Description:

Opera Internet Browser

Exit code:

Version:

1748

Modules

Images
c:\program files\opera\opera.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll

1428

"C:\Users\admin\AppData\Local\Temp\PC Building Simulator Setup.exe"

C:\Users\admin\AppData\Local\Temp\PC Building Simulator Setup.exe

—

explorer.exe

User:

admin

Company:

denuvo-crack

Integrity Level:

MEDIUM

Description:

PC Building Simulator Online Installer

Exit code:

3221226540

Version:

1.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\pc building simulator setup.exe
c:\systemroot\system32\ntdll.dll

1432

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3764 CREDAT:79873

C:\Program Files\Internet Explorer\iexplore.exe

—

iexplore.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Internet Explorer

Exit code:

Version:

8.00.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

2424

"C:\Users\admin\AppData\Local\Temp\PC Building Simulator Setup.exe"

C:\Users\admin\AppData\Local\Temp\PC Building Simulator Setup.exe

explorer.exe

User:

admin

Company:

denuvo-crack

Integrity Level:

HIGH

Description:

PC Building Simulator Online Installer

Exit code:

Version:

1.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\pc building simulator setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll

2712

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3764 CREDAT:79874

C:\Program Files\Internet Explorer\iexplore.exe

—

iexplore.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Internet Explorer

Exit code:

Version:

8.00.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

3764

"C:\Program Files\Internet Explorer\iexplore.exe" -nohome

C:\Program Files\Internet Explorer\iexplore.exe

—

PC Building Simulator Setup.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Internet Explorer

Exit code:

Version:

8.00.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

3828

"C:\Users\admin\AppData\Local\Temp\PC Building Simulator Setup.exe"

C:\Users\admin\AppData\Local\Temp\PC Building Simulator Setup.exe

—

PC Building Simulator Setup.exe

User:

admin

Company:

denuvo-crack

Integrity Level:

HIGH

Description:

PC Building Simulator Online Installer

Exit code:

Version:

1.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\pc building simulator setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll

Add for printing

Total events

932

Read events

683

Write events

241

Delete events

Modification events


(PID) Process:	(3764) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:	write	Name:	CompatibilityFlags
Value: 0
(PID) Process:	(3764) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 0
(PID) Process:	(3764) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 1
(PID) Process:	(3764) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:	write	Name:	SecuritySafe
Value: 1
(PID) Process:	(3764) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(3764) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 460000005D00000009000000000000000000000000000000040000000000000090CE7F108CAFD301000000000000000000000000020000001700000000000000FE80000000000000D45917EAB3ED3D860B000000000000001700000000000000FE80000000000000D45917EAB3ED3D860B000000000000001C00000000000000000000000000000000000000000000000000000000000000170000000000000000000000000000000000FFFFC0A8640B000000000000000002000000C0A864640000000000000000000000000000000000000000000000000C00000C37D0000010A73800D8703600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081F800009000230090002300380023000000000000702C000A00000000000000F8412C00
(PID) Process:	(3764) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
Operation:	write	Name:	{306C75A3-3A4C-11E8-B3BE-5254004AAD21}
Value: 0
(PID) Process:	(3764) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:	write	Name:	Type
Value: 4
(PID) Process:	(3764) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:	write	Name:	Count
Value: 1
(PID) Process:	(3764) iexplore.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:	write	Name:	Time
Value: E2070400060007000A000C0023008400

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2424	PC Building Simulator Setup.exe	C:\Users\admin\AppData\Local\Temp\_MEI24242\PC Building Simulator Setup.exe.manifest		xml
		MD5:—	SHA256:—
2424	PC Building Simulator Setup.exe	C:\Users\admin\AppData\Local\Temp\_MEI24242\Microsoft.VC90.CRT.manifest		xml
		MD5:120305542310362D577E8DAAAF1195A6	SHA256:1287212FAFE76E9D650244DAF341637F1810040FCAB0B10CDA8C1CBB23AAEE8B
2424	PC Building Simulator Setup.exe	C:\Users\admin\AppData\Local\Temp\_MEI24242\_socket.pyd		executable
		MD5:600DE8A82E2204E88DF27714687F88B9	SHA256:A24422D519E5A9283A0887D4BE09BE2AC89797886D8F45151CAB5E9FEF8DB1E1
2424	PC Building Simulator Setup.exe	C:\Users\admin\AppData\Local\Temp\_MEI24242\bz2.pyd		executable
		MD5:58C57A662CDE57FEA311444CC8DADC24	SHA256:69B4EC17DE1368A9EA62313954629E1ACE3F414A7EAEDCEDBFC79B110CADBAAC
2424	PC Building Simulator Setup.exe	C:\Users\admin\AppData\Local\Temp\_MEI24242\msvcm90.dll		executable
		MD5:975D2C42455C53C09CF68B222B9A2B5B	SHA256:0B612C42B11CFD94F958835E3D89E8D33C1478B5B380F61F2A7E7639F8B5FFBD
2424	PC Building Simulator Setup.exe	C:\Users\admin\AppData\Local\Temp\_MEI24242\msvcr90.dll		executable
		MD5:B57AA4B9C02AB9CF14D59F56AE5C7557	SHA256:38D822661AFFBBDA0EAEAC0715EC8EB91A5DCC2F41BBFF4B5DE5DEE57F7D9E17
2424	PC Building Simulator Setup.exe	C:\Users\admin\AppData\Local\Temp\_MEI24242\_ssl.pyd		executable
		MD5:9B59BE1FA8427368C4E0E763F578D74C	SHA256:4BA198E7F53A37B3A825FF2CE4D3E6CA00AD96E62852F0127A46C57A9A4A3026
2424	PC Building Simulator Setup.exe	C:\Users\admin\AppData\Local\Temp\_MEI24242\wx._core_.pyd		executable
		MD5:4B9820D3BD2E61FB921C0DDE667BF513	SHA256:92AD1DCC58B8A6D7453D7CD3DB046133963C2C5AA6045AA4506D14FE9A7C4765
2424	PC Building Simulator Setup.exe	C:\Users\admin\AppData\Local\Temp\_MEI24242\wx._misc_.pyd		executable
		MD5:0EEA7CA8F5E69C2C84020C7F8DD1F364	SHA256:3CD56509C100A60847B3B9A219B8D940A251C272983F8837B7AFBD36E92E6CA5
2424	PC Building Simulator Setup.exe	C:\Users\admin\AppData\Local\Temp\_MEI24242\python27.dll		executable
		MD5:BDA3CCD47D86473965F00E5FCF9857FD	SHA256:AD9038FC6BB13E15FB7794F56F7A57C790026221A402B88B49BF7E9F430F9927

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	500	46.30.213.138:80	http://license.denuvo-crack.com/favicon.ico	DK	html	341 b	unknown
—	—	GET	200	172.217.18.14:80	http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCA8tOJw6gcvg	US	der	463 b	whitelisted
—	—	GET	200	2.16.186.26:80	http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D	unknown	der	313 b	whitelisted
—	—	GET	200	93.184.220.29:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAGC%2BAmOouYmuRo7J4Qfua8%3D	US	der	471 b	whitelisted
—	—	GET	200	46.30.213.138:80	http://license.denuvo-crack.com/3dm-games/?product=PC%20Building%20Simulator	DK	html	170 b	unknown
—	—	GET	200	172.217.18.14:80	http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCBHSn7NRwhCM	US	der	463 b	whitelisted
—	—	GET	200	93.184.220.29:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTuqL92L3tjkN67RNFF%2FEdvT6NEzAQUwBKyKHRoRmfpcCV0GgBFWwZ9XEQCEAPRyjH9ADRPA%2F%2FcdnY8tVE%3D	US	der	471 b	whitelisted
—	—	GET	200	93.184.220.29:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTuqL92L3tjkN67RNFF%2FEdvT6NEzAQUwBKyKHRoRmfpcCV0GgBFWwZ9XEQCEAPRyjH9ADRPA%2F%2FcdnY8tVE%3D	US	der	471 b	whitelisted
—	—	GET	200	93.184.220.29:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTuqL92L3tjkN67RNFF%2FEdvT6NEzAQUwBKyKHRoRmfpcCV0GgBFWwZ9XEQCEAPRyjH9ADRPA%2F%2FcdnY8tVE%3D	US	der	471 b	whitelisted
—	—	GET	200	178.255.83.1:80	http://ocsp.trust-provider.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEENSAj%2F6qJAfE5%2Fj9OXBRE4%3D	GB	der	471 b	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	204.79.197.200:80	www.bing.com	Microsoft Corporation	US	whitelisted
—	—	46.30.213.138:80	license.denuvo-crack.com	One.com A/S	DK	unknown
—	—	178.255.83.1:80	ocsp.trust-provider.com	CCANET Limited	GB	unknown
—	—	104.31.92.100:443	nextkon.com	Cloudflare Inc	US	shared
—	—	2.16.186.26:80	ocsp.comodoca4.com	Akamai International B.V.	—	whitelisted
—	—	52.219.24.5:443	s3-us-west-1.amazonaws.com	Amazon.com, Inc.	US	unknown
—	—	216.58.207.46:443	www.google-analytics.com	Google Inc.	US	whitelisted
—	—	172.217.18.170:443	fonts.googleapis.com	Google Inc.	US	whitelisted
—	—	93.184.220.29:80	ocsp.digicert.com	MCI Communications Services, Inc. d/b/a Verizon Business	US	whitelisted
—	—	172.217.18.14:80	ocsp.pki.goog	Google Inc.	US	whitelisted

DNS requests

Domain	IP	Reputation
www.bing.com	204.79.197.200 13.107.21.200	whitelisted
license.denuvo-crack.com	46.30.213.138	unknown
nextkon.com	104.31.92.100 104.31.93.100	malicious
ocsp.trust-provider.com	178.255.83.1	whitelisted
ocsp.comodoca4.com	2.16.186.26 2.16.186.17	whitelisted
s3-us-west-1.amazonaws.com	52.219.24.5 52.219.20.65	shared
fonts.googleapis.com	172.217.18.170	whitelisted
www.google-analytics.com	216.58.207.46	whitelisted
ocsp.pki.goog	172.217.18.14	whitelisted
ocsp.digicert.com	93.184.220.29	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

PC Building Simulator Setup.exe

B5419E30D8614C3B644341C82937331D

DCADE80C8D43D4DA211D390FC0F5868941421F19

83A17B97156FFCBB789B3686F3836C9F98275B307CE7FD673D9DD0B4AD92428B

196608:ClX+aFFgukY8Iw+5j3tpXr7e6DicueojSsmzRI2es/F:ClrFFg7awYTzvMjNoRUs/

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Application loaded dropped or rewritten executable

SUSPICIOUS

Starts Internet Explorer

Check for Java to be installed

Modifies the open verb of a shell class

Creates files in the user directory

INFO

Dropped object may contain URL's

Reads internet explorer settings

Changes internet zones settings

Adds / modifies Windows certificates

Reads Internet Cache Settings

Changes settings of System certificates

Creates files in the user directory

Application launched itself

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings