URL:

https://www.google.com/search?sxsrf=ALeKk00oNjdNPic4gAPAzAy0tKedTkSA-A%3A1605975514549&ei=2j25X_L9IOXEgweFu7T4Cg&q=vegas+pro+crack+download&oq=vegas+pro+crack+download&gs_lcp=CgZwc3ktYWIQAzICCAAyBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMgYIABAWEB46BwgAEEcQsANKBQg6EgExUIAeWNooYMQpaABwAHgAgAHdAYgB3QqSAQUwLjguMZgBAKABAaoBB2d3cy13aXrIAQjAAQE&sclient=psy-ab&ved=0ahUKEwjy0r-AhZTtAhVl4uAKHYUdDa8Q4dUDCA0&uact=5

Full analysis: https://app.any.run/tasks/bc91ea00-57bc-4897-9ba1-b376df903522
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: November 21, 2020, 16:19:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
slimware
loader
Indicators:
MD5:

7153E8D0007A44517D5234B5760987A7

SHA1:

8FC4D993D627C631BF5081C422CCBEE9F43162AE

SHA256:

9D15ED68E0C624A491EF26963178F6F0F32CEC8303E313CC14F9B8C7DE735790

SSDEEP:

12:2V4GoqzD8QdpPhyPfOScD18KkJ4EkJ4EkJ4NWAACsqhWr8R:2K/GR0cRkqEkqEkqwAj3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe (PID: 2984)
      • DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe (PID: 3768)
      • SlimWare.Services.exe (PID: 1896)
      • SlimWare.Session.exe (PID: 1760)
      • scp3BA4.tmp.exe (PID: 3820)
      • SlimCleaner-setup.exe (PID: 2544)
      • SlimService.exe (PID: 1560)
      • SlimServiceFactory.exe (PID: 2832)

    • Changes settings of System certificates

      • DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe (PID: 3768)
      • SlimWare.Session.exe (PID: 1760)

    • SLIMWARE was detected

      • DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe (PID: 3768)
      • SlimWare.Session.exe (PID: 1760)

    • Loads dropped or rewritten executable

      • DriverUpdate.exe (PID: 2104)
      • csrss.exe (PID: 344)
      • SlimWare.Services.exe (PID: 1896)
      • explorer.exe (PID: 352)
      • SlimWare.Session.exe (PID: 1760)
      • svchost.exe (PID: 864)
      • SlimService.exe (PID: 1560)

    • Loads the Task Scheduler DLL interface

      • DriverUpdate.exe (PID: 2104)

    • Connects to CnC server

      • SlimWare.Session.exe (PID: 1760)

    • Changes the autorun value in the registry

      • DriverUpdate.exe (PID: 2104)
      • WinSat.exe (PID: 2960)
      • WinSat.exe (PID: 2992)
      • WinSat.exe (PID: 3220)

    • Starts Visual C# compiler

      • sdiagnhost.exe (PID: 1084)
      • sdiagnhost.exe (PID: 3708)

    • Drops executable file immediately after starts

      • msdt.exe (PID: 2008)

    • Loads the Task Scheduler COM API

      • DriverUpdate.exe (PID: 2104)

    • Application was injected by another process

      • winlogon.exe (PID: 428)

    • Runs injected code in another process

      • svchost.exe (PID: 864)

  • SUSPICIOUS

    • Drops a file that was compiled in debug mode

      • chrome.exe (PID: 2200)
      • msiexec.exe (PID: 2540)
      • DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe (PID: 3768)
      • scp3BA4.tmp.exe (PID: 3820)
      • msdt.exe (PID: 2008)

    • Executable content was dropped or overwritten

      • DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe (PID: 3768)
      • msiexec.exe (PID: 2540)
      • chrome.exe (PID: 2200)
      • DriverUpdate.exe (PID: 2104)
      • scp3BA4.tmp.exe (PID: 3820)
      • msdt.exe (PID: 2008)

    • Changes IE settings (feature browser emulation)

      • MsiExec.exe (PID: 1684)

    • Adds / modifies Windows certificates

      • DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe (PID: 3768)
      • SlimWare.Session.exe (PID: 1760)

    • Creates COM task schedule object

      • msiexec.exe (PID: 2540)

    • Executed as Windows Service

      • SlimWare.Services.exe (PID: 1896)

    • Drops a file with too old compile date

      • msiexec.exe (PID: 2540)
      • msdt.exe (PID: 2008)

    • Executed via COM

      • SlimWare.Session.exe (PID: 1760)
      • unsecapp.exe (PID: 1516)
      • sdiagnhost.exe (PID: 1084)
      • sdiagnhost.exe (PID: 3708)

    • Creates files in the Windows directory

      • svchost.exe (PID: 864)
      • msdt.exe (PID: 2008)
      • WinSat.exe (PID: 2960)
      • WinSat.exe (PID: 3220)

    • Creates a directory in Program Files

      • msiexec.exe (PID: 2540)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 560)

    • Drops a file with a compile date too recent

      • msiexec.exe (PID: 2540)

    • Starts CMD.EXE for commands execution

      • MsiExec.exe (PID: 684)

    • Creates files in the user directory

      • explorer.exe (PID: 352)

    • Application launched itself

      • msdt.exe (PID: 3704)

    • Low-level read access rights to disk partition

      • WinSat.exe (PID: 2960)
      • WinSat.exe (PID: 2992)
      • WinSat.exe (PID: 3220)

    • Removes files from Windows directory

      • msdt.exe (PID: 2008)

    • Creates files in the program directory

      • msdt.exe (PID: 2008)

    • Uses RUNDLL32.EXE to load library

      • svchost.exe (PID: 864)

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 2340)
      • chrome.exe (PID: 2200)
      • chrome.exe (PID: 184)
      • chrome.exe (PID: 3284)
      • chrome.exe (PID: 2168)
      • chrome.exe (PID: 2172)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2340)
      • chrome.exe (PID: 2200)
      • DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe (PID: 3768)
      • SlimWare.Session.exe (PID: 1760)
      • DriverUpdate.exe (PID: 2104)
      • chrome.exe (PID: 184)

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 1684)

    • Application launched itself

      • msiexec.exe (PID: 2540)
      • chrome.exe (PID: 2200)
      • chrome.exe (PID: 2036)
      • chrome.exe (PID: 3284)
      • chrome.exe (PID: 2172)

    • Creates files in the program directory

      • msiexec.exe (PID: 2540)

    • Dropped object may contain Bitcoin addresses

      • msiexec.exe (PID: 2540)
      • chrome.exe (PID: 2200)
      • chrome.exe (PID: 2172)
      • chrome.exe (PID: 2168)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2540)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
161
Monitored processes
116
Malicious processes
13
Suspicious processes
4

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start inject drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs driverupdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe no specs #SLIMWARE driverupdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe msiexec.exe msiexec.exe no specs driverupdate.exe slimware.services.exe no specs csrss.exe no specs #SLIMWARE slimware.session.exe chrome.exe no specs explorer.exe no specs svchost.exe chrome.exe no specs unsecapp.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs scp3ba4.tmp.exe chrome.exe no specs slimcleaner-setup.exe no specs driverupdate.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msiexec.exe no specs cmd.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs slimservice.exe no specs slimservicefactory.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msdt.exe no specs consent.exe no specs msdt.exe sdiagnhost.exe no specs csc.exe cvtres.exe no specs csc.exe cvtres.exe no specs csc.exe cvtres.exe no specs winsat.exe winsat.exe sdiagnhost.exe no specs csc.exe cvtres.exe no specs csc.exe cvtres.exe no specs csc.exe cvtres.exe no specs winsat.exe rundll32.exe no specs winlogon.exe

Process information

PID
CMD
Path
Indicators
Parent process
184"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,15704180965091091910,123274862890624347,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=10566644071030382953 --mojo-platform-channel-handle=1584 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
344%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
352C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\winanr.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
428winlogon.exeC:\Windows\System32\winlogon.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Logon Application
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winsta.dll
560"C:\Windows\system32\cmd.exe" /c "taskkill /F /IM "SlimCleanerPlus.exe" & taskkill /f /im slimservice.exe & taskkill /f /im slimservicefactory.exe"C:\Windows\system32\cmd.exeMsiExec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
568"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,1580002090349438222,16414427406966463159,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=16575685140476009428 --mojo-platform-channel-handle=1036 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
684C:\Windows\system32\MsiExec.exe -Embedding D0CE8586B6D73147ADB1991512205700C:\Windows\system32\MsiExec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
748"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,1580002090349438222,16414427406966463159,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=3763317970812199191 --mojo-platform-channel-handle=3740 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
848"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,15361275197710532959,4853541982034349556,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11966429846332332431 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
852"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,15361275197710532959,4853541982034349556,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1552334139431253367 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2444 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
7 940
Read events
6 237
Write events
1 609
Delete events
94

Modification events

(PID) Process:(2200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3252-13245750958665039
Value:
0
(PID) Process:(2200) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(2200) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:2200-13250449153976250
Value:
259
Executable files
73
Suspicious files
336
Text files
447
Unknown types
39

Dropped files

PID
Process
Filename
Type
2200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5FB93E02-898.pma
MD5:
SHA256:
2200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d5448ea2-d069-46e1-aaa1-f080bf4c3619.tmp
MD5:
SHA256:
2200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp
MD5:
SHA256:
2200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
MD5:
SHA256:
2200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:
SHA256:
2200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RFfbe55.TMPtext
MD5:
SHA256:
2200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
2200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RFfbe74.TMPtext
MD5:
SHA256:
2200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
2200chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
55
TCP/UDP connections
224
DNS requests
129
Threats
71

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3820
scp3BA4.tmp.exe
GET
200
54.152.189.42:80
http://stc.slimwareutilities.com/gettrack?product=SW1&p2=%5ESW2%5Expt031%5E%5E&secondOfferOrigin=%5ESW1%5Exdm111&ul_stubid=04e297c8-fbef-4c6c-affd-75e5929092a5
US
shared
3820
scp3BA4.tmp.exe
GET
301
54.175.182.177:80
http://apps-api.slimwareutilities.com/install/scp/6.1/x86/SlimCleaner-setup.exe?machineId=66653B8B-2AFC-431D-837B-1E08591EA5DB
US
malicious
3768
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
GET
200
99.86.7.66:80
http://download.driverupdate.net/5.8.15/x86/DriverUpdate-setup.msi.bz2
US
compressed
5.59 Mb
shared
3768
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
POST
200
54.175.182.177:80
http://apps-api.slimwareutilities.com/rpc/installer-data/2fabe197-926d-484a-8f4a-4b2bf35bf151
US
text
1.04 Kb
malicious
3768
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
GET
200
143.204.214.207:80
http://cdn.slimcleaner.com/downloads/silentdownloader/SlimCleanerPlus-Downloader.exe.bz2
US
compressed
136 Kb
whitelisted
3768
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
GET
200
52.5.68.22:80
http://trk.slimwareutilities.com/ulc.php?ev=TrackEvent&upl=YToxMTp7czo5OiJ1bF9zdHViaWQiO3M6MzY6IjA0ZTI5N2M4LWZiZWYtNGM2Yy1hZmZkLTc1ZTU5MjkwOTJhNSI7czoxMDoidWxfY29icmFuZCI7czozOiJTVzIiO3M6MTE6InVsX2NhbXBhaWduIjtzOjY6InhwdDAzMSI7czo4OiJ1bF9zdWJpZCI7czo1NToiRUFJYUlRb2JDaE1JeGREdm1ZV1U3UUlWVi1XN0NCMFBjZzVWRUFFWUFTQUFFZ0tKeV9EX0J3RSI7czo3OiJwcm9kdWN0IjtzOjM6IlNXMiI7czoxMjoidXNlclNlZ21lbnRzIjtPOjg6InN0ZENsYXNzIjoxOntzOjQ6IlNpdGUiO086ODoic3RkQ2xhc3MiOjI6e3M6NjoiRG9tYWluIjtzOjEyOiJzbGltd2FyZS5jb20iO3M6NDoiUGFnZSI7czoyMjoiL2Rvd25sb2FkL2RyaXZlcnVwZGF0ZSI7fX1zOjExOiJicm93c2VyVHlwZSI7czo2OiJDaHJvbWUiO3M6MTQ6ImJyb3dzZXJWZXJzaW9uIjtzOjEzOiI3NS4wLjM3NzAuMTAwIjtzOjE1OiJicm93c2VyTGFuZ3VhZ2UiO3M6NToiZW4tdXMiO3M6MTA6InBsYXRmb3JtT1MiO3M6NzoiV2luZG93cyI7czoxNzoicGxhdGZvcm1PU1ZlcnNpb24iO3M6MzoiNi4xIjt9&machineId=66653B8B-2AFC-431D-837B-1E08591EA5DB&platformOS=Windows&platformOSVersion=6.1&installer=LI0&installerVersion=2.24.6.42&product=SW2&installId=0C0F1312-E137-46EC-BF28-EF943262A8EF&description=InstallerScan-LI&result=installScanInitiated
US
text
2 b
malicious
3820
scp3BA4.tmp.exe
GET
200
143.204.214.207:80
http://cdn.slimcleaner.com/downloads/4.3.0.79/x86/SlimCleaner-setup.exe
US
executable
7.76 Mb
whitelisted
3820
scp3BA4.tmp.exe
GET
200
52.5.68.22:80
http://trk.slimwareutilities.com/ulc.php?ev=InstallerInvoked&platformOSVersion=6.1&secondOfferOrigin=%5ESW1%5Exdm111&ul_stubid=04e297c8-fbef-4c6c-affd-75e5929092a5&p2=%5ESW2%5Expt031%5E%5E&installer=SD0&product=SW1&installerVersion=2.4.2&machineId=66653B8B-2AFC-431D-837B-1E08591EA5DB&platformOS=Windows
US
text
2 b
malicious
3768
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
GET
200
52.5.68.22:80
http://trk.slimwareutilities.com/ulc.php?ev=TrackEvent&upl=YToxMTp7czo5OiJ1bF9zdHViaWQiO3M6MzY6IjA0ZTI5N2M4LWZiZWYtNGM2Yy1hZmZkLTc1ZTU5MjkwOTJhNSI7czoxMDoidWxfY29icmFuZCI7czozOiJTVzIiO3M6MTE6InVsX2NhbXBhaWduIjtzOjY6InhwdDAzMSI7czo4OiJ1bF9zdWJpZCI7czo1NToiRUFJYUlRb2JDaE1JeGREdm1ZV1U3UUlWVi1XN0NCMFBjZzVWRUFFWUFTQUFFZ0tKeV9EX0J3RSI7czo3OiJwcm9kdWN0IjtzOjM6IlNXMiI7czoxMjoidXNlclNlZ21lbnRzIjtPOjg6InN0ZENsYXNzIjoxOntzOjQ6IlNpdGUiO086ODoic3RkQ2xhc3MiOjI6e3M6NjoiRG9tYWluIjtzOjEyOiJzbGltd2FyZS5jb20iO3M6NDoiUGFnZSI7czoyMjoiL2Rvd25sb2FkL2RyaXZlcnVwZGF0ZSI7fX1zOjExOiJicm93c2VyVHlwZSI7czo2OiJDaHJvbWUiO3M6MTQ6ImJyb3dzZXJWZXJzaW9uIjtzOjEzOiI3NS4wLjM3NzAuMTAwIjtzOjE1OiJicm93c2VyTGFuZ3VhZ2UiO3M6NToiZW4tdXMiO3M6MTA6InBsYXRmb3JtT1MiO3M6NzoiV2luZG93cyI7czoxNzoicGxhdGZvcm1PU1ZlcnNpb24iO3M6MzoiNi4xIjt9&machineId=66653B8B-2AFC-431D-837B-1E08591EA5DB&platformOS=Windows&platformOSVersion=6.1&installer=LI0&installerVersion=2.24.6.42&product=SW2&installId=0C0F1312-E137-46EC-BF28-EF943262A8EF&description=InstallerScan-LI&result=installScanCompleted
US
text
2 b
malicious
1760
SlimWare.Session.exe
GET
200
52.5.68.22:80
http://trk.slimwareutilities.com/ulc.php?ev=Startup&platformOSVersion=6.1&installId=0C0F1312-E137-46EC-BF28-EF943262A8EF&browser=chrome&productVersion=5.8.15&product=SW2&hasUI=no&upl=YToxMTp7czo5OiJ1bF9zdHViaWQiO3M6MzY6IjA0ZTI5N2M4LWZiZWYtNGM2Yy1hZmZkLTc1ZTU5MjkwOTJhNSI7czoxMDoidWxfY29icmFuZCI7czozOiJTVzIiO3M6MTE6InVsX2NhbXBhaWduIjtzOjY6InhwdDAzMSI7czo4OiJ1bF9zdWJpZCI7czo1NToiRUFJYUlRb2JDaE1JeGREdm1ZV1U3UUlWVi1XN0NCMFBjZzVWRUFFWUFTQUFFZ0tKeV9EX0J3RSI7czo3OiJwcm9kdWN0IjtzOjM6IlNXMiI7czoxMjoidXNlclNlZ21lbnRzIjtPOjg6InN0ZENsYXNzIjoxOntzOjQ6IlNpdGUiO086ODoic3RkQ2xhc3MiOjI6e3M6NjoiRG9tYWluIjtzOjEyOiJzbGltd2FyZS5jb20iO3M6NDoiUGFnZSI7czoyMjoiL2Rvd25sb2FkL2RyaXZlcnVwZGF0ZSI7fX1zOjExOiJicm93c2VyVHlwZSI7czo2OiJDaHJvbWUiO3M6MTQ6ImJyb3dzZXJWZXJzaW9uIjtzOjEzOiI3NS4wLjM3NzAuMTAwIjtzOjE1OiJicm93c2VyTGFuZ3VhZ2UiO3M6NToiZW4tdXMiO3M6MTA6InBsYXRmb3JtT1MiO3M6NzoiV2luZG93cyI7czoxNzoicGxhdGZvcm1PU1ZlcnNpb24iO3M6MzoiNi4xIjt9&machineId=66653B8B-2AFC-431D-837B-1E08591EA5DB&isRegistered=no&platformOS=Windows&eventSource=SYSTEM
US
text
2 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2340
chrome.exe
172.217.21.227:443
fonts.gstatic.com
Google Inc.
US
whitelisted
2340
chrome.exe
216.58.212.142:443
apis.google.com
Google Inc.
US
whitelisted
2340
chrome.exe
216.58.210.14:443
consent.google.com
Google Inc.
US
whitelisted
2340
chrome.exe
216.58.207.46:443
ogs.google.com
Google Inc.
US
whitelisted
2340
chrome.exe
172.217.23.110:443
play.google.com
Google Inc.
US
whitelisted
2340
chrome.exe
172.253.58.154:443
adservice.google.com
Google Inc.
US
unknown
2340
chrome.exe
216.58.206.3:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2340
chrome.exe
13.224.241.59:443
img.fixthephoto.com
US
unknown
2340
chrome.exe
172.217.22.3:443
www.gstatic.com
Google Inc.
US
whitelisted
2340
chrome.exe
172.217.18.100:443
www.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.google.com
  • 172.217.18.100
  • 172.217.18.4
malicious
accounts.google.com
  • 172.217.18.109
  • 216.58.207.45
shared
www.gstatic.com
  • 172.217.22.3
whitelisted
fonts.gstatic.com
  • 172.217.21.227
whitelisted
consent.google.com
  • 216.58.210.14
shared
apis.google.com
  • 216.58.212.142
whitelisted
ogs.google.com
  • 216.58.207.46
whitelisted
play.google.com
  • 172.217.23.110
whitelisted
adservice.google.com
  • 172.253.58.154
  • 172.253.58.157
  • 172.253.58.156
  • 172.253.58.155
whitelisted
consent.google.dk
  • 172.217.21.238
whitelisted

Threats

PID
Process
Class
Message
1056
svchost.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
1056
svchost.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
1056
svchost.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
3768
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Generic Protocol Command Decode
SURICATA HTTP Request abnormal Content-Encoding header
3768
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Misc activity
ADWARE [PTsecurity] Win32/Slimware.A
3768
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Generic Protocol Command Decode
SURICATA HTTP Request abnormal Content-Encoding header
3768
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Generic Protocol Command Decode
SURICATA HTTP Request abnormal Content-Encoding header
3768
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Generic Protocol Command Decode
SURICATA HTTP Request abnormal Content-Encoding header
3768
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Generic Protocol Command Decode
SURICATA HTTP Request abnormal Content-Encoding header
1760
SlimWare.Session.exe
Generic Protocol Command Decode
SURICATA HTTP Request abnormal Content-Encoding header
16 ETPRO signatures available at the full report
Process
Message
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Calling SetDllDirectory
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Succeeded to SetDefaultDlLDirectories
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Loading C:\Windows\system32\BCRYPT.DLL
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Loading C:\Windows\system32\RSAENH.DLL
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Loading C:\Windows\system32\CRYPT32.DLL
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Loading C:\Windows\system32\MSASN1.DLL
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Loading C:\Windows\system32\USERENV.DLL
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Loading C:\Windows\system32\WINTRUST.DLL
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Loading C:\Windows\system32\GDIPLUS.DLL
DriverUpdate-setup-2fabe197-926d-484a-8f4a-4b2bf35bf151.exe
Loading C:\Windows\system32\MSI.DLL
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.google.com/search?sxsrf=ALeKk00oNjdNPic4gAPAzAy0tKedTkSA-A%3A1605975514549&ei=2j25X_L9IOXEgweFu7T4Cg&q=vegas+pro+crack+download&oq=vegas+pro+crack+download&gs_lcp=CgZwc3ktYWIQAzICCAAyBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMgYIABAWEB46BwgAEEcQsANKBQg6EgExUIAeWNooYMQpaABwAHgAgAHdAYgB3QqSAQUwLjguMZgBAKABAaoBB2d3cy13aXrIAQjAAQE&sclient=psy-ab&ved=0ahUKEwjy0r-AhZTtAhVl4uAKHYUdDa8Q4dUDCA0&uact=5