URL:

https://install.printanista.net/dca-pulse/1.5.7.9296/HmV0RIJsXmlNvXjFW5r1CRtp3Wg/Windows/ECI%20DCA%201.5.7.9296%20%5bH5UJG22JM8AW%5d.exe

Full analysis: https://app.any.run/tasks/e3c906df-a136-48a9-8ad0-039d6dfe67de
Verdict: Malicious activity
Analysis date: July 09, 2024, 23:08:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
crypto-regex
Indicators:
MD5:

488C84C70DAD6412FFB6382A783D3734

SHA1:

F5FB3F5B6396D4AF33515989C9AF7E7A36A3143F

SHA256:

8F59FA1F116C0FB26F3A6F6658D0CEDF294AF3D08161390C7257AF939E50E597

SSDEEP:

3:N8LREJF9MliMWi/0NhVvBkzuOqJZUmpCpBSmyCVULeR7TihoF1BJn:2lgPMUXi/0ND5kzuOqz/p8BSnWUu7lFF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].exe (PID: 2948)
      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].exe (PID: 3152)
      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3684)
      • DCA.Edge.Console.exe (PID: 2588)
      • ECI DCA 1.5.8.9518.exe (PID: 2436)
      • ECI DCA 1.5.8.9518.tmp (PID: 368)

    • Create files in the Startup directory

      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3684)
      • ECI DCA 1.5.8.9518.tmp (PID: 368)

    • Creates a writable file in the system directory

      • DCA.Edge.Console.exe (PID: 2588)
      • DCA.Edge.TrayIcon.exe (PID: 2840)

    • Starts NET.EXE for service management

      • cmd.exe (PID: 2412)
      • net.exe (PID: 2512)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].exe (PID: 2948)
      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].exe (PID: 3152)
      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3684)
      • DCA.Edge.Console.exe (PID: 2588)
      • ECI DCA 1.5.8.9518.exe (PID: 2436)
      • ECI DCA 1.5.8.9518.tmp (PID: 368)

    • Reads the Windows owner or organization settings

      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3684)
      • ECI DCA 1.5.8.9518.tmp (PID: 368)

    • Process drops legitimate windows executable

      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3684)
      • ECI DCA 1.5.8.9518.tmp (PID: 368)

    • Uses TASKKILL.EXE to kill process

      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3684)
      • ECI DCA 1.5.8.9518.tmp (PID: 368)

    • Reads security settings of Internet Explorer

      • DCA.Edge.Console.exe (PID: 2500)
      • DCA.Edge.Console.exe (PID: 3512)
      • DCA.Edge.Console.exe (PID: 2588)
      • DCA.Edge.TrayIcon.exe (PID: 3840)
      • DCA.Edge.Console.exe (PID: 2680)
      • DCA.Edge.Console.exe (PID: 2428)
      • DCA.Edge.Console.exe (PID: 2852)
      • DCA.Edge.TrayIcon.exe (PID: 2840)

    • Checks Windows Trust Settings

      • DCA.Edge.Console.exe (PID: 2500)
      • DCA.Edge.Console.exe (PID: 3512)
      • DCA.Edge.Console.exe (PID: 2588)
      • DCA.Edge.TrayIcon.exe (PID: 3840)
      • DCA.Edge.Console.exe (PID: 2680)
      • DCA.Edge.Console.exe (PID: 2428)
      • DCA.Edge.TrayIcon.exe (PID: 2840)
      • DCA.Edge.Console.exe (PID: 2852)

    • Reads the Internet Settings

      • DCA.Edge.Console.exe (PID: 2500)
      • DCA.Edge.Console.exe (PID: 3512)
      • DCA.Edge.TrayIcon.exe (PID: 3840)

    • Reads settings of System Certificates

      • DCA.Edge.Console.exe (PID: 2500)
      • DCA.Edge.Console.exe (PID: 3512)
      • DCA.Edge.TrayIcon.exe (PID: 3840)

    • Starts SC.EXE for service management

      • DCA.Edge.Console.exe (PID: 2500)
      • DCA.Edge.Console.exe (PID: 2680)

    • Executes as Windows Service

      • DCA.Edge.Console.exe (PID: 2588)
      • DCA.Edge.Console.exe (PID: 2852)

    • Searches for installed software

      • DCA.Edge.Console.exe (PID: 2588)
      • ECI DCA 1.5.8.9518.tmp (PID: 368)
      • DCA.Edge.Console.exe (PID: 2852)

    • Found regular expressions for crypto-addresses (YARA)

      • DCA.Edge.TrayIcon.exe (PID: 3840)
      • DCA.Edge.TrayIcon.exe (PID: 2840)

    • Adds/modifies Windows certificates

      • DCA.Edge.Console.exe (PID: 2588)

    • Application launched itself

      • cmd.exe (PID: 2828)
      • cmd.exe (PID: 2412)

    • Executing commands from a ".bat" file

      • DCA.Edge.Console.exe (PID: 2588)
      • cmd.exe (PID: 2828)

    • Starts CMD.EXE for commands execution

      • DCA.Edge.Console.exe (PID: 2588)
      • cmd.exe (PID: 2828)
      • cmd.exe (PID: 2412)

    • Creates a software uninstall entry

      • ECI DCA 1.5.8.9518.tmp (PID: 368)

    • The process deletes folder without confirmation

      • cmd.exe (PID: 2412)

  • INFO

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3432)
      • iexplore.exe (PID: 3344)

    • Application launched itself

      • iexplore.exe (PID: 3344)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 3432)
      • iexplore.exe (PID: 3344)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3344)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3344)

    • Create files in a temporary directory

      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].exe (PID: 2948)
      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].exe (PID: 3152)
      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3684)

    • Checks supported languages

      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].exe (PID: 2948)
      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3160)
      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].exe (PID: 3152)
      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3684)
      • DCA.Edge.Console.exe (PID: 2500)
      • DCA.Edge.Console.exe (PID: 3512)
      • DCA.Edge.TrayIcon.exe (PID: 3840)
      • DCA.Edge.Console.exe (PID: 2588)
      • ECI DCA 1.5.8.9518.exe (PID: 2436)
      • ECI DCA 1.5.8.9518.tmp (PID: 368)
      • DCA.Edge.Console.exe (PID: 2680)
      • DCA.Edge.Console.exe (PID: 2428)
      • DCA.Edge.TrayIcon.exe (PID: 2840)
      • DCA.Edge.Console.exe (PID: 2852)

    • Reads the computer name

      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3160)
      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3684)
      • DCA.Edge.Console.exe (PID: 2500)
      • DCA.Edge.TrayIcon.exe (PID: 3840)
      • DCA.Edge.Console.exe (PID: 3512)
      • DCA.Edge.Console.exe (PID: 2588)
      • ECI DCA 1.5.8.9518.tmp (PID: 368)
      • DCA.Edge.Console.exe (PID: 2680)
      • DCA.Edge.TrayIcon.exe (PID: 2840)
      • DCA.Edge.Console.exe (PID: 2428)
      • DCA.Edge.Console.exe (PID: 2852)

    • Creates files in the program directory

      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3684)
      • DCA.Edge.Console.exe (PID: 2500)
      • DCA.Edge.Console.exe (PID: 2588)
      • cmd.exe (PID: 2828)
      • ECI DCA 1.5.8.9518.tmp (PID: 368)
      • DCA.Edge.Console.exe (PID: 2852)

    • Reads the machine GUID from the registry

      • DCA.Edge.Console.exe (PID: 2500)
      • DCA.Edge.Console.exe (PID: 3512)
      • DCA.Edge.TrayIcon.exe (PID: 3840)
      • DCA.Edge.Console.exe (PID: 2588)
      • DCA.Edge.Console.exe (PID: 2680)
      • DCA.Edge.TrayIcon.exe (PID: 2840)
      • DCA.Edge.Console.exe (PID: 2428)
      • DCA.Edge.Console.exe (PID: 2852)

    • Reads the software policy settings

      • DCA.Edge.Console.exe (PID: 2500)
      • DCA.Edge.Console.exe (PID: 3512)
      • DCA.Edge.Console.exe (PID: 2588)
      • DCA.Edge.TrayIcon.exe (PID: 3840)
      • DCA.Edge.Console.exe (PID: 2680)
      • DCA.Edge.Console.exe (PID: 2428)
      • DCA.Edge.TrayIcon.exe (PID: 2840)
      • DCA.Edge.Console.exe (PID: 2852)

    • Creates a software uninstall entry

      • ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp (PID: 3684)

    • Reads Environment values

      • DCA.Edge.TrayIcon.exe (PID: 3840)
      • DCA.Edge.Console.exe (PID: 2588)
      • DCA.Edge.Console.exe (PID: 2852)
      • DCA.Edge.TrayIcon.exe (PID: 2840)

    • Reads product name

      • DCA.Edge.Console.exe (PID: 2588)
      • DCA.Edge.Console.exe (PID: 2852)

    • Disables trace logs

      • DCA.Edge.Console.exe (PID: 2588)
      • DCA.Edge.TrayIcon.exe (PID: 3840)
      • DCA.Edge.Console.exe (PID: 2852)
      • DCA.Edge.TrayIcon.exe (PID: 2840)

    • Manual execution by a user

      • explorer.exe (PID: 3788)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
84
Monitored processes
31
Malicious processes
15
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe eci dca 1.5.7.9296 [h5ujg22jm8aw].exe eci dca 1.5.7.9296 [h5ujg22jm8aw].tmp no specs eci dca 1.5.7.9296 [h5ujg22jm8aw].exe eci dca 1.5.7.9296 [h5ujg22jm8aw].tmp taskkill.exe no specs taskkill.exe no specs dca.edge.console.exe no specs sc.exe no specs sc.exe no specs dca.edge.console.exe no specs THREAT dca.edge.trayicon.exe no specs dca.edge.console.exe explorer.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs eci dca 1.5.8.9518.exe eci dca 1.5.8.9518.tmp taskkill.exe no specs taskkill.exe no specs dca.edge.console.exe no specs sc.exe no specs sc.exe no specs THREAT dca.edge.trayicon.exe no specs dca.edge.console.exe no specs dca.edge.console.exe net.exe no specs net1.exe no specs cmd.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
368"C:\Windows\TEMP\is-7K7VT.tmp\ECI DCA 1.5.8.9518.tmp" /SL5="$3003E,3484948,428032,C:\Windows\Temp\ecidca-b4cea6ea-0942-4d74-a555-795fb0affa0b\ECI DCA 1.5.8.9518.exe" /LOG="C:\Windows\Temp\ecidca-b4cea6ea-0942-4d74-a555-795fb0affa0b\setup.log" /SP- /SILENT /SUPPRESSMSGBOXES /CLOSEAPPLICATIONS /FORCECLOSEAPPLICATIONS /AutoUpgradeMode=true C:\Windows\Temp\is-7K7VT.tmp\ECI DCA 1.5.8.9518.tmp
ECI DCA 1.5.8.9518.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\windows\temp\is-7k7vt.tmp\eci dca 1.5.8.9518.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1616"C:\Windows\system32\sc.exe" create "DCAPulse" start= delayed-auto DisplayName= "ECI DCA" binPath= "\"C:\Program Files\ECI DCA\DCA.Edge.Console.exe\" --config \"C:\ProgramData\ECI DCA\dca.config\"" C:\Windows\System32\sc.exeDCA.Edge.Console.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
A tool to aid in developing services for WindowsNT
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2412cmd /c C:\Windows\Temp\ecidca-b4cea6ea-0942-4d74-a555-795fb0affa0b\update.bat > C:\ProgramData\ECI^ DCA\logs\update-1.5.8.9518-20240710-120917.log 2>&1C:\Windows\System32\cmd.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2428"C:\Program Files\ECI DCA\DCA.Edge.Console.exe" start-service C:\Program Files\ECI DCA\DCA.Edge.Console.exeECI DCA 1.5.8.9518.tmp
User:
SYSTEM
Company:
ECI Software Solutions, Inc
Integrity Level:
SYSTEM
Description:
ECI DCA
Exit code:
0
Version:
1.5.8.9518
Modules
Images
c:\program files\eci dca\dca.edge.console.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2436"C:\Windows\Temp\ecidca-b4cea6ea-0942-4d74-a555-795fb0affa0b\ECI DCA 1.5.8.9518.exe" /LOG="C:\Windows\Temp\ecidca-b4cea6ea-0942-4d74-a555-795fb0affa0b\setup.log" /SP- /SILENT /SUPPRESSMSGBOXES /CLOSEAPPLICATIONS /FORCECLOSEAPPLICATIONS /AutoUpgradeMode=true C:\Windows\Temp\ecidca-b4cea6ea-0942-4d74-a555-795fb0affa0b\ECI DCA 1.5.8.9518.exe
cmd.exe
User:
SYSTEM
Company:
ECI Software Solutions, Inc.
Integrity Level:
SYSTEM
Description:
ECI DCA Setup
Exit code:
0
Version:
1.5.8.9518
Modules
Images
c:\windows\temp\ecidca-b4cea6ea-0942-4d74-a555-795fb0affa0b\eci dca 1.5.8.9518.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2472C:\Windows\system32\cmd.exe /S /D /c" echo [Wed 07/10/2024 0:09:17.97] Launching: "C:\Windows\Temp\ecidca-b4cea6ea-0942-4d74-a555-795fb0affa0b\ECI DCA 1.5.8.9518.exe" /LOG="C:\Windows\Temp\ecidca-b4cea6ea-0942-4d74-a555-795fb0affa0b\setup.log" /SP- /SILENT /SUPPRESSMSGBOXES /CLOSEAPPLICATIONS /FORCECLOSEAPPLICATIONS /AutoUpgradeMode=true 2>&1"C:\Windows\System32\cmd.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2500"C:\Program Files\ECI DCA\DCA.Edge.Console.exe" config --config "C:\ProgramData\ECI DCA\dca.config" --installer "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ECI DCA 1.5.7.9296 [H5UJG22JM8AW].exe" --install-service C:\Program Files\ECI DCA\DCA.Edge.Console.exeECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmp
User:
admin
Company:
ECI Software Solutions, Inc
Integrity Level:
HIGH
Description:
ECI DCA
Exit code:
0
Version:
1.5.7.9296
Modules
Images
c:\program files\eci dca\dca.edge.console.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2512net start dcapulseC:\Windows\System32\net.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Net Command
Exit code:
2
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
2528cmd /c "rmdir C:\Windows\TEMP\ecidca-b4cea6ea-0942-4d74-a555-795fb0affa0b /s /q 2>&1 & exit"C:\Windows\System32\cmd.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2532"C:\Windows\system32\sc.exe" failure "DCAPulse" reset= 180 actions= restart/5000/restart/30000/restart/180000C:\Windows\System32\sc.exeDCA.Edge.Console.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
A tool to aid in developing services for WindowsNT
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
64 846
Read events
64 459
Write events
314
Delete events
73

Modification events

(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31117908
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
8729686
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31117909
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3344) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
197
Suspicious files
24
Text files
18
Unknown types
1

Dropped files

PID
Process
Filename
Type
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:DA47B9C3CE460EE37CC12BA1161CD030
SHA256:C8CA68B677EF16932AE0FCA4FAD6293E69866877F8FC7F7587CE2FD0C33C8337
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5F5C7D9E7CAAE5E8473258F0A371C955der
MD5:3DD0AEEB88575509B386AB5C54D5BA73
SHA256:9D6EA9D923C0AF92F2F742D13FA23C54D73E74940FE2E9D153FDD9570BBBC961
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751der
MD5:822467B728B7A66B081C91795373789A
SHA256:AF2343382B88335EEA72251AD84949E244FF54B6995063E24459A7216E9576B9
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:7E9FF9D27247B41C2C34FF6C1C0B710B
SHA256:3B10F6AAE1B0E2DCA6C530ABF2E05F6BDDDBC01B72D57934B79B0EFBF26C8BA0
3432iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5F5C7D9E7CAAE5E8473258F0A371C955binary
MD5:B6D80F4F0C6A1C1A1B9A617817C474D8
SHA256:93A0DAC9A5350DEA1B38E3872B97C8829B89C9F8BB53836580A279436EE113A5
3344iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFB1E8E66D55EE3861.TMPgmc
MD5:0100CC3CE6CB4A3A18ADCC4FD0F51B7D
SHA256:7E2ADCE06E46D6EAC6D1D0A8EBB7F9BC970DA92343E04B66B8B39EB957F2DEB3
2948ECI DCA 1.5.7.9296 [H5UJG22JM8AW].exeC:\Users\admin\AppData\Local\Temp\is-O2MQ5.tmp\ECI DCA 1.5.7.9296 [H5UJG22JM8AW].tmpexecutable
MD5:D447544C6131F197B619BC0019852EE1
SHA256:DF886EB50E15FFA297A9BBE2DC1B7804C121A0EC3E66A007CA65C0E6714CD0E8
3432iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ECI DCA 1.5.7.9296 [H5UJG22JM8AW][1].exeexecutable
MD5:805895FDC85F78706A8F8281432AB01E
SHA256:871C30A060AE7EC628D6EB99FCAD0FFE7B9B8E59B263F414F7CF949FD9DC4A49
3344iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{2C41CF17-3E48-11EF-9AAA-12A9866C77DE}.datbinary
MD5:1FB7942EE07020567F267B41AD3ACA77
SHA256:A3FA09EC68AD03D6651DAF371C9399EEC69888A2DD973765EC32457472B9185C
3432iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\ECI%20DCA%201.5.7.9296%20[H5UJG22JM8AW][1].htmhtml
MD5:97E14A75904892BDEA8C832698219609
SHA256:76F642865FD50667357B2B6BBD498C8A23594D4A6569C9B8B52A20A455774D8A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
33
DNS requests
19
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3432
iexplore.exe
GET
304
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fd83cc15ab472c49
unknown
unknown
3432
iexplore.exe
GET
304
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?efa5239e04139ffd
unknown
unknown
3432
iexplore.exe
GET
200
92.123.17.153:80
http://x1.c.lencr.org/
unknown
unknown
3432
iexplore.exe
GET
200
95.101.54.122:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRaigsNiq%2FSxhCk42MtHjdeYA%3D%3D
unknown
unknown
1372
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1372
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
3344
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
1372
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
2588
DCA.Edge.Console.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
unknown
2588
DCA.Edge.Console.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d3f68bd81ee5b5a7
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1372
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
1060
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:137
whitelisted
3432
iexplore.exe
18.194.190.64:443
install.printanista.net
AMAZON-02
DE
unknown
3432
iexplore.exe
199.232.210.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
3432
iexplore.exe
92.123.17.153:80
x1.c.lencr.org
AKAMAI-AS
AT
unknown
3432
iexplore.exe
95.101.54.122:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
install.printanista.net
  • 18.194.190.64
unknown
ctldl.windowsupdate.com
  • 199.232.210.172
  • 199.232.214.172
  • 93.184.221.240
whitelisted
x1.c.lencr.org
  • 92.123.17.153
whitelisted
r3.o.lencr.org
  • 95.101.54.122
  • 95.101.54.99
  • 95.101.54.200
  • 2.16.202.115
  • 2.16.202.114
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
updates.printfleetcdn.com
  • 18.194.190.64
unknown
1720566545.5PZL5S8A1M2YVG6J2A1LDJEKPVDL50FFIZV7E7PXR35WRZK4UZ.H5UJG22JM8AW.ECI-DCA-1-5-7-9296.Microsoft-Windows-NT-6-1-7601-Service-Pack-1.ping.reg.pf-d.ca
unknown

Threats

Found threats are available for the paid subscriptions
4 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://install.printanista.net/dca-pulse/1.5.7.9296/HmV0RIJsXmlNvXjFW5r1CRtp3Wg/Windows/ECI%20DCA%201.5.7.9296%20%5bH5UJG22JM8AW%5d.exe