URL:

http://origin.pfultd.com/downloads/IMAGE/fi/psip-twain32/1500/PSIPTWAIN-1_50_0c.exe

Full analysis: https://app.any.run/tasks/d9d2004b-4578-40e1-bf1d-f98643636450
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 13, 2019, 13:21:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

A5A5FA7B2356E1534B8362D695ABF396

SHA1:

66B123589472941ABEBE2F65EDB8757524515235

SHA256:

92637CF1E03E752F98E9A602B23CEF44143D54EA253F65F3DCAC1A6875A30074

SSDEEP:

3:N1KRXQL3BXKVQKVhRLWXoVD8slPLNn:CyLxaiMQIwstNn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Setup.exe (PID: 3800)
      • Setup.exe (PID: 2544)
      • FJTWSVIC.exe (PID: 3912)
      • FJTWMKIC.exe (PID: 1672)
      • crtdmprc.exe (PID: 3636)
      • FtLnSOP.exe (PID: 3960)
      • crtdmprc.exe (PID: 3808)
      • FTErGuid.exe (PID: 3500)
      • InstUtil.exe (PID: 3012)
      • IcWiaChecker.exe (PID: 3904)
      • crtdmprc.exe (PID: 3276)
      • crtdmprc.exe (PID: 3720)
      • setup.exe (PID: 3840)

    • Loads dropped or rewritten executable

      • Setup.exe (PID: 3800)
      • SearchProtocolHost.exe (PID: 1816)
      • MsiExec.exe (PID: 1660)
      • FJTWMKIC.exe (PID: 1672)
      • InstUtil.exe (PID: 3012)

    • Changes settings of System certificates

      • msiexec.exe (PID: 4072)

    • Downloads executable files from the Internet

      • iexplore.exe (PID: 3304)

    • Writes to a start menu file

      • msiexec.exe (PID: 4072)
      • MsiExec.exe (PID: 2660)

  • SUSPICIOUS

    • Adds / modifies Windows certificates

      • msiexec.exe (PID: 4072)

    • Executable content was dropped or overwritten

      • ___PSIPTWAIN-1_50_0C[1]___.exe (PID: 3668)
      • DrvInst.exe (PID: 2148)
      • DrvInst.exe (PID: 2788)
      • msiexec.exe (PID: 4072)
      • DrvInst.exe (PID: 3056)
      • MsiExec.exe (PID: 2236)
      • DrvInst.exe (PID: 892)
      • DrvInst.exe (PID: 3624)
      • DrvInst.exe (PID: 2688)

    • Starts Microsoft Installer

      • Setup.exe (PID: 3800)
      • setup.exe (PID: 3840)

    • Creates COM task schedule object

      • MsiExec.exe (PID: 1660)
      • msiexec.exe (PID: 4072)

    • Changes the autorun value in the registry

      • msiexec.exe (PID: 4072)

    • Executed as Windows Service

      • FJTWSVIC.exe (PID: 3912)

    • Executed via COM

      • DrvInst.exe (PID: 2148)
      • DrvInst.exe (PID: 480)
      • DrvInst.exe (PID: 2632)
      • DrvInst.exe (PID: 3684)
      • DrvInst.exe (PID: 1472)
      • DrvInst.exe (PID: 1256)
      • DrvInst.exe (PID: 3384)
      • DrvInst.exe (PID: 2676)
      • DrvInst.exe (PID: 3824)
      • DrvInst.exe (PID: 3056)
      • DrvInst.exe (PID: 2596)
      • DrvInst.exe (PID: 2788)
      • DrvInst.exe (PID: 1000)
      • DrvInst.exe (PID: 892)
      • DrvInst.exe (PID: 1880)
      • DrvInst.exe (PID: 3260)
      • DrvInst.exe (PID: 2760)
      • DrvInst.exe (PID: 3880)
      • DrvInst.exe (PID: 2388)
      • DrvInst.exe (PID: 2688)
      • DrvInst.exe (PID: 1908)
      • DrvInst.exe (PID: 3624)
      • DrvInst.exe (PID: 1580)
      • rundll32.exe (PID: 3692)
      • rundll32.exe (PID: 916)
      • DrvInst.exe (PID: 3916)
      • DrvInst.exe (PID: 2800)

    • Creates files in the Windows directory

      • DrvInst.exe (PID: 480)
      • DrvInst.exe (PID: 2148)
      • DrvInst.exe (PID: 1472)
      • msiexec.exe (PID: 4072)
      • DrvInst.exe (PID: 3684)
      • DrvInst.exe (PID: 1256)
      • DrvInst.exe (PID: 3384)
      • DrvInst.exe (PID: 2676)
      • DrvInst.exe (PID: 2632)
      • DrvInst.exe (PID: 3824)
      • DrvInst.exe (PID: 3056)
      • DrvInst.exe (PID: 2788)
      • DrvInst.exe (PID: 1880)
      • DrvInst.exe (PID: 892)
      • DrvInst.exe (PID: 2596)
      • DrvInst.exe (PID: 2760)
      • DrvInst.exe (PID: 3260)
      • DrvInst.exe (PID: 3880)
      • DrvInst.exe (PID: 1000)
      • DrvInst.exe (PID: 2688)
      • DrvInst.exe (PID: 2388)
      • MsiExec.exe (PID: 2236)
      • DrvInst.exe (PID: 1908)
      • DrvInst.exe (PID: 3624)
      • DrvInst.exe (PID: 1580)
      • DrvInst.exe (PID: 3916)

    • Removes files from Windows directory

      • MsiExec.exe (PID: 2236)
      • DrvInst.exe (PID: 480)
      • DrvInst.exe (PID: 2148)
      • DrvInst.exe (PID: 1472)
      • DrvInst.exe (PID: 3684)
      • DrvInst.exe (PID: 2676)
      • DrvInst.exe (PID: 1256)
      • DrvInst.exe (PID: 3384)
      • DrvInst.exe (PID: 2632)
      • DrvInst.exe (PID: 2788)
      • DrvInst.exe (PID: 3824)
      • DrvInst.exe (PID: 3056)
      • DrvInst.exe (PID: 2596)
      • DrvInst.exe (PID: 1880)
      • DrvInst.exe (PID: 1000)
      • DrvInst.exe (PID: 892)
      • DrvInst.exe (PID: 3260)
      • DrvInst.exe (PID: 2760)
      • DrvInst.exe (PID: 3880)
      • DrvInst.exe (PID: 2388)
      • DrvInst.exe (PID: 2688)
      • DrvInst.exe (PID: 3624)
      • DrvInst.exe (PID: 3916)
      • DrvInst.exe (PID: 1580)
      • msiexec.exe (PID: 4072)
      • DrvInst.exe (PID: 1908)

    • Creates files in the driver directory

      • DrvInst.exe (PID: 2148)
      • DrvInst.exe (PID: 1472)
      • DrvInst.exe (PID: 480)
      • DrvInst.exe (PID: 3684)
      • DrvInst.exe (PID: 1256)
      • DrvInst.exe (PID: 2632)
      • DrvInst.exe (PID: 2676)
      • DrvInst.exe (PID: 3384)
      • DrvInst.exe (PID: 2788)
      • DrvInst.exe (PID: 3824)
      • DrvInst.exe (PID: 2596)
      • DrvInst.exe (PID: 892)
      • DrvInst.exe (PID: 1880)
      • DrvInst.exe (PID: 3056)
      • DrvInst.exe (PID: 2760)
      • DrvInst.exe (PID: 3880)
      • DrvInst.exe (PID: 1000)
      • DrvInst.exe (PID: 3260)
      • DrvInst.exe (PID: 2388)
      • DrvInst.exe (PID: 2688)
      • DrvInst.exe (PID: 3624)
      • DrvInst.exe (PID: 1580)
      • DrvInst.exe (PID: 1908)
      • DrvInst.exe (PID: 3916)

    • Uses ATTRIB.EXE to modify file attributes

      • cmd.exe (PID: 3996)

    • Starts CMD.EXE for commands execution

      • MsiExec.exe (PID: 2432)
      • setup.exe (PID: 3840)

    • Creates files in the program directory

      • InstUtil.exe (PID: 3012)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 3932)

    • Creates files in the user directory

      • iexplore.exe (PID: 3304)

    • Application launched itself

      • iexplore.exe (PID: 3932)
      • msiexec.exe (PID: 4072)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3304)
      • iexplore.exe (PID: 3932)

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 3952)
      • MsiExec.exe (PID: 2236)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 4072)

    • Application was dropped or rewritten from another process

      • MSI4AAF.tmp (PID: 3888)
      • MSI4C95.tmp (PID: 3880)
      • MSI6042.tmp (PID: 3672)
      • MSI5850.tmp (PID: 3120)
      • MSI5BBC.tmp (PID: 2308)
      • MSI4ECA.tmp (PID: 2852)

    • Creates a software uninstall entry

      • MsiExec.exe (PID: 2236)
      • msiexec.exe (PID: 4072)
      • MsiExec.exe (PID: 2660)

    • Dropped object may contain Bitcoin addresses

      • msiexec.exe (PID: 4072)

    • Creates files in the program directory

      • msiexec.exe (PID: 4072)

    • Reads settings of System Certificates

      • DrvInst.exe (PID: 3260)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
120
Monitored processes
73
Malicious processes
32
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe psiptwain-1_50_0c[1].exe no specs ___psiptwain-1_50_0c[1]___.exe setup.exe no specs setup.exe searchprotocolhost.exe no specs msiexec.exe no specs msiexec.exe msiexec.exe no specs msiexec.exe msi49f2.tmp no specs msi4aaf.tmp no specs msi4b8b.tmp no specs msi4c95.tmp no specs msi4db0.tmp no specs msi4eca.tmp no specs msi5850.tmp no specs msi5bbc.tmp no specs msi6042.tmp no specs msi611d.tmp no specs msiexec.exe no specs fjtwsvic.exe no specs drvinst.exe drvinst.exe no specs drvinst.exe no specs drvinst.exe no specs drvinst.exe no specs drvinst.exe no specs drvinst.exe no specs drvinst.exe no specs drvinst.exe drvinst.exe no specs drvinst.exe drvinst.exe no specs drvinst.exe no specs drvinst.exe no specs drvinst.exe drvinst.exe no specs drvinst.exe no specs drvinst.exe no specs drvinst.exe drvinst.exe no specs drvinst.exe drvinst.exe no specs drvinst.exe no specs drvinst.exe no specs msiea21.tmp no specs drvinst.exe no specs rundll32.exe no specs dinotify.exe no specs rundll32.exe no specs crtdmprc.exe no specs fjtwmkic.exe no specs crtdmprc.exe no specs icwiachecker.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe crtdmprc.exe no specs ftlnsop.exe no specs crtdmprc.exe no specs fterguid.exe no specs setup.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs cmd.exe no specs cacls.exe no specs cmd.exe no specs attrib.exe no specs cmd.exe no specs instutil.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
480DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{0a447f6c-fc5a-36ee-e4c2-fe1aed5b697e}\fi5530C2.inf" "0" "6935ee1d7" "000005B8" "WinSta0\Default" "000005C0" "208" "C:\Windows\fjmini"C:\Windows\system32\DrvInst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
488"C:\Windows\Installer\MSIEA21.tmp" /RescanDeviceC:\Windows\Installer\MSIEA21.tmpmsiexec.exe
User:
admin
Company:
PFU LIMITED
Integrity Level:
HIGH
Description:
ScanSnap Device API
Exit code:
1
Version:
1, 0, 0, 9
Modules
Images
c:\windows\installer\msiea21.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
892DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{2a6eacd0-e42d-7e67-ff13-0c7ce9a9d91d}\fi6800.inf" "0" "66c85150b" "000005C0" "WinSta0\Default" "000003CC" "208" "C:\Windows\fjmini"C:\Windows\system32\DrvInst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
916rundll32.exe C:\Windows\system32\newdev.dll,pDiDeviceInstallNotification \\.\pipe\PNP_Device_Install_Pipe_1.{7105bb79-066a-4db7-87e8-5517565f4991} "(null)"C:\Windows\system32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
1000DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{5db8c540-8064-5139-0440-6d73c3d1b240}\fi6770.inf" "0" "6d6e008eb" "000005B8" "WinSta0\Default" "000005C0" "208" "C:\Windows\fjmini"C:\Windows\system32\DrvInst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1184"msiexec.exe" /i "C:\Users\admin\Desktop\Disk1\PSTWAIN\ext\PSIP_TWAIN.msi" TRANSFORMS="" /qn /norestart CHS=1 SUPPORT_PAGE=1 C:\Windows\system32\msiexec.exeSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1256DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{7b7cce2f-acd0-2a6e-2ee6-ba41af6e6d7c}\fi6140C.inf" "0" "60531df13" "000005C0" "WinSta0\Default" "000003CC" "208" "C:\Windows\fjmini"C:\Windows\system32\DrvInst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1472DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{60dbd07e-598f-1add-0889-971c36210269}\fi6110.inf" "0" "6748a2dfb" "000003CC" "WinSta0\Default" "000002FC" "208" "C:\Windows\fjmini"C:\Windows\system32\DrvInst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1580DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{2ccbb925-fccf-7958-9480-786965230118}\fi7700.inf" "0" "63ef0d693" "000003CC" "WinSta0\Default" "000002FC" "208" "C:\Windows\fjmini"C:\Windows\system32\DrvInst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1652attrib -R "C:\Program Files\fiScanner\ScannerCentralAdminAgent"C:\Windows\system32\attrib.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Attribute Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\attrib.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
4 274
Read events
2 063
Write events
2 174
Delete events
37

Modification events

(PID) Process:(3932) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3932) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3932) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3932) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3932) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3932) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3932) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{2990C383-8DDE-11E9-A370-5254004A04AF}
Value:
0
(PID) Process:(3932) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(3932) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
1
(PID) Process:(3932) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E307060004000D000D00150022008901
Executable files
1 187
Suspicious files
259
Text files
251
Unknown types
326

Dropped files

PID
Process
Filename
Type
3932iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFF4E8323971A732CD.TMP
MD5:
SHA256:
3932iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
3932iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3304iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W3U9LDFY\PSIPTWAIN-1_50_0c[1].exe
MD5:
SHA256:
3932iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\PSIPTWAIN-1_50_0c[1].exe
MD5:
SHA256:
3176PSIPTWAIN-1_50_0c[1].exeC:\Users\admin\Desktop\___PSIPTWAIN-1_50_0C[1]___.exe
MD5:
SHA256:
3304iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:
SHA256:
3304iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:
SHA256:
3932iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{2990C384-8DDE-11E9-A370-5254004A04AF}.datbinary
MD5:
SHA256:
3932iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061320190614\index.datdat
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
3
DNS requests
2
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3304
iexplore.exe
GET
200
2.16.186.82:80
http://origin.pfultd.com/downloads/IMAGE/fi/psip-twain32/1500/PSIPTWAIN-1_50_0c.exe
unknown
executable
137 Mb
whitelisted
3932
iexplore.exe
GET
200
13.107.21.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3304
iexplore.exe
2.16.186.82:80
origin.pfultd.com
Akamai International B.V.
whitelisted
3932
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3932
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
origin.pfultd.com
  • 2.16.186.82
  • 2.16.186.120
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted

Threats

PID
Process
Class
Message
3304
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3304
iexplore.exe
Misc activity
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
Process
Message
MsiExec.exe
C:\Users\admin\Desktop\Disk1\PSTWAIN\SOP\INI\SOPSettings.ini?C:\Windows\twain_32\fjscan32\SOP\SOPSettings.ini
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://origin.pfultd.com/downloads/IMAGE/fi/psip-twain32/1500/PSIPTWAIN-1_50_0c.exe