File name:

a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b

Full analysis: https://app.any.run/tasks/afb283f6-a644-4ee5-b6d4-afb8e3e2ff56
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: September 26, 2023, 09:40:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
sinkhole
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

B814EB90FCF2D2ABF9273BE7556311B2

SHA1:

E38B5CE0A2B152DDBD0B3ABBFFF55E5E3556F1B0

SHA256:

A135D639735D9B6123B3960017AD3C2CE6B15346481B70B771D52C7AED17D35B

SSDEEP:

24576:YcytFdVWEbuYgvIP6llkUWPv053HEPS3DQ:ydVluYxPSlkPM53kPS3DQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ytd.exe (PID: 2528)
      • sm.exe (PID: 3048)
      • setup.exe (PID: 3060)
      • smu.exe (PID: 2384)
      • sma.exe (PID: 2608)
      • sma.exe (PID: 3108)
      • smu.exe (PID: 3268)
      • sma.exe (PID: 4084)
      • smp.exe (PID: 1572)
      • sma.exe (PID: 2796)
      • smp.exe (PID: 1588)
      • smp.exe (PID: 2464)
      • smi32.exe (PID: 752)
      • adworld.exe (PID: 3528)
      • adworld.exe (PID: 3792)
      • BrowserHelperSrv.exe (PID: 2456)
      • sense.exe (PID: 3972)
      • Gpxcybvzgcjf.exe (PID: 1184)
      • java.exe (PID: 3028)
      • BrowserHelper.exe (PID: 1200)
      • Unelevate.exe (PID: 1992)
      • YTDownloader.exe (PID: 2876)
      • SCHelper.exe (PID: 3212)
      • hdplus.exe (PID: 1496)
      • Iauqcv.exe (PID: 1636)
      • smu.exe (PID: 1040)
      • lzma.exe (PID: 2900)
      • MSI33CD.tmp (PID: 2404)
      • unpack200.exe (PID: 3088)
      • unpack200.exe (PID: 1240)
      • unpack200.exe (PID: 2840)
      • unpack200.exe (PID: 1704)
      • unpack200.exe (PID: 1012)
      • unpack200.exe (PID: 2272)
      • unpack200.exe (PID: 2280)
      • unpack200.exe (PID: 3456)
      • javaw.exe (PID: 3536)
      • javaw.exe (PID: 3020)
      • javaw.exe (PID: 3864)
      • smi32.exe (PID: 1704)
      • smi32.exe (PID: 3904)
      • smi32.exe (PID: 2916)

    • Loads dropped or rewritten executable

      • ytd.exe (PID: 2528)
      • sm.exe (PID: 3048)
      • setup.exe (PID: 3060)
      • chrome.exe (PID: 3264)
      • smu.exe (PID: 3268)
      • chrome.exe (PID: 2564)
      • Gpxcybvzgcjf.exe (PID: 1184)
      • sense.exe (PID: 3972)
      • WerFault.exe (PID: 3752)
      • Iauqcv.exe (PID: 1636)
      • hdplus.exe (PID: 1496)
      • YTDownloader.exe (PID: 2876)
      • WerFault.exe (PID: 572)
      • msiexec.exe (PID: 532)
      • msiexec.exe (PID: 2992)
      • unpack200.exe (PID: 3088)
      • unpack200.exe (PID: 1240)
      • unpack200.exe (PID: 2840)
      • unpack200.exe (PID: 1704)
      • unpack200.exe (PID: 2272)
      • unpack200.exe (PID: 1012)
      • unpack200.exe (PID: 2280)
      • unpack200.exe (PID: 3456)
      • javaw.exe (PID: 3864)
      • svchost.exe (PID: 868)
      • java.exe (PID: 3028)
      • javaw.exe (PID: 3020)
      • chrome.exe (PID: 2428)
      • iexplore.exe (PID: 3368)
      • javaw.exe (PID: 3536)

    • Creates a writable file the system directory

      • svchost.exe (PID: 868)
      • msiexec.exe (PID: 2992)

    • Starts NET.EXE for service management

      • setup.exe (PID: 3060)
      • net.exe (PID: 916)
      • net.exe (PID: 2624)
      • net.exe (PID: 2948)

    • Actions looks like stealing of personal data

      • smu.exe (PID: 2384)
      • smu.exe (PID: 3268)
      • smp.exe (PID: 2464)
      • chrome.exe (PID: 3264)
      • YTDownloader.exe (PID: 2876)

    • Steals credentials from Web Browsers

      • smu.exe (PID: 2384)
      • smu.exe (PID: 3268)
      • chrome.exe (PID: 3264)

    • Changes the AppInit_DLLs value (autorun option)

      • smu.exe (PID: 3268)

    • Uses Task Scheduler to run other applications

      • adworld.exe (PID: 3792)

    • Connects to the CnC server

      • Gpxcybvzgcjf.exe (PID: 1184)
      • Iauqcv.exe (PID: 1636)
      • YTDownloader.exe (PID: 2876)

  • SUSPICIOUS

    • Searches for installed software

      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1420)
      • sm.exe (PID: 3048)
      • smu.exe (PID: 3268)
      • SCHelper.exe (PID: 3212)
      • chrome.exe (PID: 3264)

    • Application launched itself

      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1880)
      • chrome.exe (PID: 3264)

    • Reads the Internet Settings

      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1880)
      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1420)
      • setup.exe (PID: 3060)
      • sma.exe (PID: 2608)
      • sma.exe (PID: 3108)
      • smu.exe (PID: 2384)
      • sm.exe (PID: 3048)
      • SCHelper.exe (PID: 3212)
      • chrome.exe (PID: 3264)
      • adworld.exe (PID: 3528)
      • adworld.exe (PID: 3792)
      • Gpxcybvzgcjf.exe (PID: 1184)
      • java.exe (PID: 3028)
      • YTDownloader.exe (PID: 2876)
      • Iauqcv.exe (PID: 1636)
      • wscript.exe (PID: 2384)

    • The process creates files with name similar to system file names

      • sm.exe (PID: 3048)
      • setup.exe (PID: 3060)
      • sense.exe (PID: 3972)
      • Gpxcybvzgcjf.exe (PID: 1184)
      • hdplus.exe (PID: 1496)
      • Iauqcv.exe (PID: 1636)

    • Starts application with an unusual extension

      • sm.exe (PID: 3048)
      • setup.exe (PID: 3060)
      • msiexec.exe (PID: 2472)

    • Drops a system driver (possible attempt to evade defenses)

      • sm.exe (PID: 3048)
      • setup.exe (PID: 3060)

    • Starts CMD.EXE for commands execution

      • ns2706.tmp (PID: 2484)
      • ns3BA8.tmp (PID: 3856)
      • ns4166.tmp (PID: 1348)
      • ns454F.tmp (PID: 2220)
      • nsC048.tmp (PID: 2140)
      • nsC52B.tmp (PID: 2784)

    • Process requests binary or script from the Internet

      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1420)

    • Starts SC.EXE for service management

      • sm.exe (PID: 3048)
      • setup.exe (PID: 3060)
      • cmd.exe (PID: 2040)

    • Executes as Windows Service

      • smu.exe (PID: 3268)
      • BrowserHelperSrv.exe (PID: 2456)
      • VSSVC.exe (PID: 3252)

    • Reads settings of System Certificates

      • chrome.exe (PID: 3264)
      • java.exe (PID: 3028)

    • Reads Microsoft Outlook installation path

      • adworld.exe (PID: 3792)

    • Reads Internet Explorer settings

      • adworld.exe (PID: 3792)

    • Detected use of alternative data streams (AltDS)

      • smu.exe (PID: 3268)

    • Checks for Java to be installed

      • java.exe (PID: 3028)
      • msiexec.exe (PID: 2992)
      • javaw.exe (PID: 3536)

    • Checks Windows Trust Settings

      • java.exe (PID: 3028)
      • msiexec.exe (PID: 2984)

    • Reads security settings of Internet Explorer

      • java.exe (PID: 3028)

    • The process executes via Task Scheduler

      • YTDownloader.exe (PID: 2876)
      • wscript.exe (PID: 2384)
      • iexplore.exe (PID: 3368)

    • Reads Mozilla Firefox installation path

      • msiexec.exe (PID: 2992)

  • INFO

    • Reads the machine GUID from the registry

      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1880)
      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1420)
      • smu.exe (PID: 2384)
      • setup.exe (PID: 3060)
      • sma.exe (PID: 3108)
      • sma.exe (PID: 2608)
      • smu.exe (PID: 3268)
      • sma.exe (PID: 4084)
      • smp.exe (PID: 1572)
      • sma.exe (PID: 2796)
      • smp.exe (PID: 1588)
      • smp.exe (PID: 2464)
      • sm.exe (PID: 3048)
      • SCHelper.exe (PID: 3212)
      • chrome.exe (PID: 3264)
      • adworld.exe (PID: 3528)
      • adworld.exe (PID: 3792)
      • Gpxcybvzgcjf.exe (PID: 1184)
      • java.exe (PID: 3028)
      • YTDownloader.exe (PID: 2876)
      • Iauqcv.exe (PID: 1636)
      • msiexec.exe (PID: 2984)
      • msiexec.exe (PID: 532)
      • msiexec.exe (PID: 2992)

    • Reads the computer name

      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1880)
      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1420)
      • ytd.exe (PID: 2528)
      • sm.exe (PID: 3048)
      • setup.exe (PID: 3060)
      • smu.exe (PID: 2384)
      • sma.exe (PID: 2608)
      • sma.exe (PID: 3108)
      • smu.exe (PID: 3268)
      • sma.exe (PID: 4084)
      • sma.exe (PID: 2796)
      • smp.exe (PID: 1572)
      • smp.exe (PID: 1588)
      • smp.exe (PID: 2464)
      • SCHelper.exe (PID: 3212)
      • chrome.exe (PID: 3264)
      • adworld.exe (PID: 3528)
      • adworld.exe (PID: 3792)
      • BrowserHelperSrv.exe (PID: 2456)
      • sense.exe (PID: 3972)
      • Gpxcybvzgcjf.exe (PID: 1184)
      • java.exe (PID: 3028)
      • BrowserHelper.exe (PID: 1200)
      • Unelevate.exe (PID: 1992)
      • YTDownloader.exe (PID: 2876)
      • hdplus.exe (PID: 1496)
      • Iauqcv.exe (PID: 1636)
      • msiexec.exe (PID: 2984)
      • msiexec.exe (PID: 532)
      • msiexec.exe (PID: 2992)
      • javaw.exe (PID: 3536)
      • smu.exe (PID: 1040)

    • Checks supported languages

      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1880)
      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1420)
      • ytd.exe (PID: 2528)
      • setup.exe (PID: 3060)
      • ns2706.tmp (PID: 2484)
      • smu.exe (PID: 2384)
      • sma.exe (PID: 2608)
      • sma.exe (PID: 3108)
      • smu.exe (PID: 3268)
      • sma.exe (PID: 4084)
      • sm.exe (PID: 3048)
      • ns3BA8.tmp (PID: 3856)
      • sma.exe (PID: 2796)
      • smp.exe (PID: 1572)
      • ns4166.tmp (PID: 1348)
      • smp.exe (PID: 1588)
      • smp.exe (PID: 2464)
      • ns454F.tmp (PID: 2220)
      • SCHelper.exe (PID: 3212)
      • smi32.exe (PID: 752)
      • chrome.exe (PID: 3264)
      • adworld.exe (PID: 3528)
      • adworld.exe (PID: 3792)
      • BrowserHelperSrv.exe (PID: 2456)
      • sense.exe (PID: 3972)
      • Gpxcybvzgcjf.exe (PID: 1184)
      • java.exe (PID: 3028)
      • BrowserHelper.exe (PID: 1200)
      • nsC048.tmp (PID: 2140)
      • nsC52B.tmp (PID: 2784)
      • Unelevate.exe (PID: 1992)
      • YTDownloader.exe (PID: 2876)
      • hdplus.exe (PID: 1496)
      • Iauqcv.exe (PID: 1636)
      • smu.exe (PID: 1040)
      • msiexec.exe (PID: 2984)
      • lzma.exe (PID: 2900)
      • msiexec.exe (PID: 532)
      • MSI33CD.tmp (PID: 2404)
      • msiexec.exe (PID: 2992)
      • unpack200.exe (PID: 3088)
      • unpack200.exe (PID: 1240)
      • unpack200.exe (PID: 2840)
      • unpack200.exe (PID: 1704)
      • unpack200.exe (PID: 1012)
      • unpack200.exe (PID: 2272)
      • unpack200.exe (PID: 2280)
      • unpack200.exe (PID: 3456)
      • javaw.exe (PID: 3864)
      • jaureg.exe (PID: 268)
      • javaw.exe (PID: 3536)
      • javaw.exe (PID: 3020)
      • smi32.exe (PID: 1704)
      • smi32.exe (PID: 3904)
      • smi32.exe (PID: 2916)

    • Checks proxy server information

      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1880)
      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1420)
      • sma.exe (PID: 2608)
      • setup.exe (PID: 3060)
      • sma.exe (PID: 3108)
      • SCHelper.exe (PID: 3212)
      • adworld.exe (PID: 3792)
      • Gpxcybvzgcjf.exe (PID: 1184)
      • java.exe (PID: 3028)
      • YTDownloader.exe (PID: 2876)
      • Iauqcv.exe (PID: 1636)

    • Create files in a temporary directory

      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1420)
      • ytd.exe (PID: 2528)
      • setup.exe (PID: 3060)
      • sm.exe (PID: 3048)
      • smu.exe (PID: 2384)
      • chrome.exe (PID: 3264)
      • sense.exe (PID: 3972)
      • Gpxcybvzgcjf.exe (PID: 1184)
      • java.exe (PID: 3028)
      • hdplus.exe (PID: 1496)
      • Iauqcv.exe (PID: 1636)
      • msiexec.exe (PID: 2984)
      • msiexec.exe (PID: 2992)
      • javaw.exe (PID: 3864)

    • Reads Environment values

      • setup.exe (PID: 3060)
      • sm.exe (PID: 3048)
      • Gpxcybvzgcjf.exe (PID: 1184)
      • Iauqcv.exe (PID: 1636)

    • Creates files in the program directory

      • sm.exe (PID: 3048)
      • setup.exe (PID: 3060)
      • smu.exe (PID: 2384)
      • smp.exe (PID: 1588)
      • unpack200.exe (PID: 3088)
      • unpack200.exe (PID: 1240)
      • unpack200.exe (PID: 2840)
      • unpack200.exe (PID: 1704)
      • unpack200.exe (PID: 1012)
      • unpack200.exe (PID: 2272)
      • unpack200.exe (PID: 2280)
      • unpack200.exe (PID: 3456)
      • java.exe (PID: 3028)
      • javaw.exe (PID: 3864)

    • Creates files or folders in the user directory

      • smp.exe (PID: 1588)
      • chrome.exe (PID: 3264)
      • adworld.exe (PID: 3528)
      • a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe (PID: 1420)
      • setup.exe (PID: 3060)
      • adworld.exe (PID: 3792)
      • Gpxcybvzgcjf.exe (PID: 1184)
      • BrowserHelper.exe (PID: 1200)
      • java.exe (PID: 3028)
      • WerFault.exe (PID: 3752)
      • Iauqcv.exe (PID: 1636)
      • WerFault.exe (PID: 572)
      • lzma.exe (PID: 2900)

    • Manual execution by a user

      • SCHelper.exe (PID: 3212)

    • Process checks computer location settings

      • chrome.exe (PID: 3264)

    • Reads product name

      • Gpxcybvzgcjf.exe (PID: 1184)
      • Iauqcv.exe (PID: 1636)

    • The process uses the downloaded file

      • chrome.exe (PID: 692)
      • chrome.exe (PID: 3076)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 2472)

    • Application launched itself

      • msiexec.exe (PID: 2984)
      • chrome.exe (PID: 2428)
      • iexplore.exe (PID: 3368)

    • Reads the time zone

      • javaw.exe (PID: 3536)

    • Reads the Internet Settings

      • explorer.exe (PID: 2892)

    • Loads dropped or rewritten executable

      • iexplore.exe (PID: 3092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

ProductVersion: 2.0.0.999
LegalCopyright: Copyright (C) 2014
FileVersion: 2.0.0.999
CharacterSet: Unicode
LanguageCode: Unknown (0009)
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x0017
ProductVersionNumber: 2.0.0.999
FileVersionNumber: 2.0.7213.390
Subsystem: Windows GUI
SubsystemVersion: 5.1
ImageVersion: -
OSVersion: 5.1
EntryPoint: 0x5066a
UninitializedDataSize: -
InitializedDataSize: 366592
CodeSize: 478720
LinkerVersion: 12
PEType: PE32
ImageFileCharacteristics: Executable, 32-bit
TimeStamp: 2014:10:27 15:00:30+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
174
Monitored processes
108
Malicious processes
33
Suspicious processes
17

Behavior graph

Click at the process to see the details
start download and start download and start download and start download and start download and start download and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe ytd.exe no specs sm.exe setup.exe net.exe no specs net1.exe no specs ns2706.tmp no specs cmd.exe no specs smu.exe sma.exe sma.exe sc.exe no specs smu.exe sma.exe sma.exe ns3ba8.tmp no specs cmd.exe no specs smp.exe no specs ns4166.tmp no specs cmd.exe no specs smp.exe no specs ns454f.tmp no specs cmd.exe no specs smp.exe schelper.exe smi32.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs adworld.exe chrome.exe no specs chrome.exe no specs adworld.exe schtasks.exe no specs sc.exe no specs chrome.exe no specs chrome.exe no specs net.exe no specs net1.exe no specs browserhelpersrv.exe sc.exe no specs sense.exe no specs net.exe no specs net1.exe no specs gpxcybvzgcjf.exe werfault.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs java.exe browserhelper.exe no specs nsc048.tmp no specs cmd.exe no specs sc.exe no specs find.exe no specs nsc52b.tmp no specs cmd.exe no specs unelevate.exe no specs ytdownloader.exe hdplus.exe no specs iauqcv.exe werfault.exe no specs wscript.exe no specs smu.exe no specs lzma.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msi33cd.tmp no specs vssvc.exe no specs msiexec.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs javaw.exe no specs msiexec.exe no specs jaureg.exe no specs javaw.exe no specs svchost.exe no specs javaw.exe no specs explorer.exe no specs explorer.exe no specs chrome.exe smi32.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs iexplore.exe smi32.exe no specs iexplore.exe no specs smi32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
268"C:\Program Files\Common Files\Java\Java Update\jaureg.exe" -r jre 1.7.0_55-b14C:\Program Files\Common Files\Java\Java Update\jaureg.exejava.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
HIGH
Description:
Java Update Registration
Exit code:
0
Version:
2.8.271.9
Modules
Images
c:\program files\common files\java\java update\jaureg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
272C:\Windows\system32\net1 start BrsHelperC:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\logoncli.dll
328"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x118,0x11c,0x120,0xec,0x124,0x6c968b38,0x6c968b48,0x6c968b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
532C:\Windows\system32\MsiExec.exe -Embedding D0C0D05C34A733A4A4DC2956FC7603D9 CC:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
572C:\Windows\system32\WerFault.exe -u -p 1636 -s 824C:\Windows\System32\WerFault.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\werfault.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
692"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=1172,i,12735580465747619705,5151613850552774031,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
752"C:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe" /ProcessId:3264 "C:\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll"C:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exesmu.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Description:
SBInject Application
Exit code:
0
Version:
2, 1, 0, 93
Modules
Images
c:\program files\common files\goobzo\gbupdate\smi32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
788"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1268 --field-trial-handle=1212,i,18050268819586190975,10660940395066785724,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
868C:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
876"C:\Windows\explorer.exe" C:\ProgramData\Oracle\tmpinstall\javatmp.lnkC:\Windows\explorer.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\explorer.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
Total events
51 474
Read events
44 235
Write events
975
Delete events
6 264

Modification events

(PID) Process:(1880) a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1880) a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1880) a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1880) a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1880) a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1880) a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1880) a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1880) a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000004F010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(868) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1302019708-1500728564-335382590-1000
Operation:writeName:RefCount
Value:
2
(PID) Process:(868) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1302019708-1500728564-335382590-1000
Operation:writeName:RefCount
Value:
3
Executable files
192
Suspicious files
567
Text files
170
Unknown types
0

Dropped files

PID
Process
Filename
Type
1420a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exeC:\Users\admin\AppData\Local\Temp\Install_17249\sense.exe
MD5:
SHA256:
1420a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exeC:\Users\admin\AppData\Local\Temp\Install_17249\ytd.exe
MD5:
SHA256:
2528ytd.exeC:\Users\admin\AppData\Local\Temp\nso1AB0.tmp\setup1.exe
MD5:
SHA256:
2528ytd.exeC:\Users\admin\AppData\Local\Temp\nso1AB0.tmp\setup.exeexecutable
MD5:0546EA62D2FB2A20096665DBD1F7D90D
SHA256:ECAB02E6695BCFEFCBA81ADA6C2FB058FF72018EC2BF1D8C1DF78458790841DC
2528ytd.exeC:\Users\admin\AppData\Local\Temp\nso1AB0.tmp\D1958.dllexecutable
MD5:904BEEBEC2790EE2CA0C90FC448AC7E0
SHA256:F730D9385BF72EAC5D579BCF1F7E4330F1D239CA1054D4EAD48E9E363D9F4222
3048sm.exeC:\Users\admin\AppData\Local\Temp\nsq2118.tmp\AccDownload.dllexecutable
MD5:669826C7A3582A2955E46FD2623C70E6
SHA256:5DE9D704D1E014781DD07E1E7E9609E83ABF17998283BD134677E7377F50B717
1420a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exeC:\Users\admin\AppData\Local\Temp\Install_17249\sm.exebinary
MD5:8A0B6B791AB6A59EA566084B5C3DB906
SHA256:B97C2E661C8A09556EB1AB8F367A4B053FA51AEE6B1B7AAF7A129A3E0DC2B179
1420a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exeC:\Users\admin\AppData\Local\Temp\Install_17249\adworld.exebinary
MD5:F280E882CBE895379B08A970439F9F54
SHA256:E6B5E274CE500E2A412AF9E9277CC71DB8586DBE4F167260A53B0EFB898AA56E
3048sm.exeC:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exeexecutable
MD5:6E359132FF73141D315CC8297A8B000E
SHA256:F3D7C2F149B6EA8BB3E351B0895DB41825C3310B072623F2E4D8BD83D335796D
3048sm.exeC:\Program Files\Common Files\Goobzo\GBUpdate\SBIEBrowserHelperObject.dllexecutable
MD5:CE764CB5445DA985B6F78ECD42A7D8A9
SHA256:A2F44029058B53910260572F58044443AA912F985A8254054D13791A1CA5C918
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
229
TCP/UDP connections
72
DNS requests
62
Threats
22

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
GET
18.66.107.144:80
http://d1cfk8e4o0c4u2.cloudfront.net/p.ashx?e=XOxRKBm2zlx2gtIu55M0yoCfR8IA/2fYBj4z8FH1ai83NngJ+wloiqXOTYIAPznU/oCs/HtksfhjWaercJfqbL3m1dZQuIEESgutXEF84pmPQ3tun/RC1I6bl5nhzDUUE+szAub7axEphfdOL+Ldg4P/16zFu9j+9qn+j3K1WQcWpuSC8y3WfhUgttakC4sYY4DChz0G5lWIaYILPThMicQahrf7JYzyVpmzeuq9GxmMC6HmGcTyVA==
unknown
unknown
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
GET
18.66.107.144:80
http://d1cfk8e4o0c4u2.cloudfront.net/p.ashx?e=XOxRKBm2zlx2gtIu55M0yoCfR8IA/2fYBj4z8FH1ai83NngJ+wloiqXOTYIAPznU/oCs/HtksfhjWaercJfqbL3m1dZQuIEESgutXEF84pmPQ3tun/RC1EwWyX+fyiGC4C+MbH355EGz4gguKWlYXYyyj9DQlMJ0b4hCiNm/FL2D+jUEMP3p187LhBc9CCqekHS2+e6fdj3CTb2hf+jcfQ==
unknown
unknown
1880
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
GET
503
18.66.107.144:80
http://d1cfk8e4o0c4u2.cloudfront.net/p.ashx?e=LCnUzM5l8JJsK0lFUFVJ71TL/gTyHDjh8UFdT2/luDbJPQJqDrLPCjGD+PktCUvXSaMKaweg1fvLkiuWdH/Dc/iE03V14Of81QHs3X92ilHXt7qcDfFhJwTxIUcsgQ+wOHs8aC5TjjEkSvFXhNAG41HLtvF/guYbleYi75ripS7Flx7ZTOkAyw9P22cTL+CwD82t84QhMzI=
unknown
html
326 b
unknown
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
GET
206
18.66.92.95:80
http://d15dmtla1h7vbw.cloudfront.net/chromeinstall-7u55.exe
unknown
executable
244 Kb
unknown
1880
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
GET
503
18.66.107.144:80
http://d1cfk8e4o0c4u2.cloudfront.net/p.ashx?e=t1D+UTAmief7gVBeEzWk0Vvvlk2wRPy8ZE6hTgOWZMNxTYwWxYG9WO0O4HbLgHJal82GYSJd43hpJwgX7gkbpUCN9h+bV19VdXQO8eCkzNk9LWPkwGrB/imF904v4t2DhvUiLCZht1FTj66BO280JB7h8pjcMsdu3FvjBC3XULGQSpxXslvpsA==
unknown
html
326 b
unknown
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
GET
200
65.9.7.115:80
http://d1vw44q53d84jx.cloudfront.net/t.ashx?e=d/UISSlWdlMJ8EaiKxutoLbafHK8DnBgUPQCH48lXK4gLxC0aXqYrZSlvA7qLI/zY/ZehaViekA72KZ04969HC4btG+OZIk/4yV9gTVq+WZsJKoGkBMBgLPiCC4paVhdxm8eLhHOQtq81bLQaw2AZJ+Yd948cnJ5bmvo3dCzdSR4OUtq+cqeOQ==
unknown
text
13 b
unknown
1880
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
GET
503
18.66.107.144:80
http://d1cfk8e4o0c4u2.cloudfront.net/p.ashx?e=xY8ohDYpM+gO8fn3umFd+VTL/gTyHDjh2dsGia7qF1jJPQJqDrLPCjGD+PktCUvXSaMKaweg1fvLkiuWdH/Dc/iE03V14Of8WLazpewXw1g2CwU4D2xJMDU5WtNS+/FmFAL52sIXt4UeH8s8AG8ECxxc81u2rgCmmMirUCkbrsoOvG2wC4awqrGyF+XF7R1+HC5RilmyQIsM0nJRXbm8NoHR2k6EfoQLzhkPHjkLJj3FnqbEhWfMYRtbZg0DcQVdMpsgxHrBNxvLt+w5kp+8yfap/o9ytVkHFqbkgvMt1n4VILbWpAuLGGOAwoc9BuZViGmCCz04TInEGoa3+yWM8laZs3rqvRsZjAuh5hnE8lQ=
unknown
html
326 b
unknown
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
GET
200
65.9.7.115:80
http://d1vw44q53d84jx.cloudfront.net/t.ashx?e=d/UISSlWdlMJ8EaiKxutoLbafHK8DnBgUPQCH48lXK4gLxC0aXqYrZSlvA7qLI/zY/ZehaViekA72KZ04969HC4btG+OZIk/4yV9gTVq+WZsJKoGkBMBgLPiCC4paVhdxm8eLhHOQtq81bLQaw2AZJ+Yd948cnJ5bmvo3dCzdSR4OUtq+cqeOQ==
unknown
text
13 b
unknown
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
GET
200
65.9.7.14:80
http://dfb5uyoqjsg4c.cloudfront.net/install.ashx?e=j32vo1XGv6sJ8EaiKxutoDOtIyZ5pQWAxJAMwq/x5frWhR5cAjNta0sbVGO1W26tpBYRLnE2nJ1TLOIJMm9BPNcZYf1qufPNK30YQw9/HOpsGOfjsYho4NPhQ8vn03xEttbRxoZBZ36P4omGccpXw5SlvA7qLI/zpGuQ+/X26CX0U5hvPpP952TyGQVcVjzEiFQIdh2Gt3h3SscUvrg6I3Vv/4c52rFRZ3aBvjoMrn3G654koUNxkHkq97U+qopyurGzptuz/fuVOnVuKEUYebFdJGU0pZ/GidScYYklb+0nytQf7GBypusrAPq35vVl
unknown
binary
72 b
unknown
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
GET
206
13.32.23.199:80
http://d1u8krau5i784p.cloudfront.net/123hd1.exe
unknown
executable
244 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1880
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
65.9.7.115:80
d1vw44q53d84jx.cloudfront.net
AMAZON-02
US
unknown
4
System
192.168.100.255:137
whitelisted
1880
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
18.66.107.144:80
d1cfk8e4o0c4u2.cloudfront.net
AMAZON-02
US
unknown
4
System
192.168.100.255:138
whitelisted
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
18.66.107.144:80
d1cfk8e4o0c4u2.cloudfront.net
AMAZON-02
US
unknown
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
65.9.7.115:80
d1vw44q53d84jx.cloudfront.net
AMAZON-02
US
unknown
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
65.9.7.14:80
dfb5uyoqjsg4c.cloudfront.net
AMAZON-02
US
unknown
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
54.231.204.53:80
ytdownloader.s3-website-us-east-1.amazonaws.com
AMAZON-02
US
unknown
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
54.231.163.224:80
s3.amazonaws.com
AMAZON-02
US
unknown
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
18.66.92.95:80
d15dmtla1h7vbw.cloudfront.net
US
unknown

DNS requests

Domain
IP
Reputation
d1cfk8e4o0c4u2.cloudfront.net
  • 18.66.107.144
  • 18.66.107.49
  • 18.66.107.85
  • 18.66.107.148
whitelisted
d1vw44q53d84jx.cloudfront.net
  • 65.9.7.115
  • 65.9.7.231
  • 65.9.7.205
  • 65.9.7.92
whitelisted
dfb5uyoqjsg4c.cloudfront.net
  • 65.9.7.14
  • 65.9.7.6
  • 65.9.7.133
  • 65.9.7.17
unknown
download.ytdownloader.com
  • 173.239.4.61
unknown
d15dmtla1h7vbw.cloudfront.net
  • 18.66.92.95
  • 18.66.92.103
  • 18.66.92.226
  • 18.66.92.85
unknown
ytdownloader.s3-website-us-east-1.amazonaws.com
  • 54.231.204.53
  • 52.217.130.205
  • 52.217.47.19
  • 54.231.169.53
  • 52.216.133.146
  • 52.216.56.141
  • 52.216.246.11
  • 52.216.211.157
shared
s3.amazonaws.com
  • 54.231.163.224
  • 52.217.164.216
  • 54.231.160.184
  • 16.182.100.176
  • 54.231.132.72
  • 52.216.33.0
  • 54.231.129.144
  • 52.217.138.120
shared
d1u8krau5i784p.cloudfront.net
  • 13.32.23.199
  • 13.32.23.213
  • 13.32.23.84
  • 13.32.23.182
unknown
d1r4x0ok79m009.cloudfront.net
  • 52.222.232.113
  • 52.222.232.10
  • 52.222.232.94
  • 52.222.232.11
whitelisted
d23ocewf5ttxmu.cloudfront.net
  • 13.225.84.43
  • 13.225.84.196
  • 13.225.84.182
  • 13.225.84.231
unknown

Threats

PID
Process
Class
Message
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
2608
sma.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
3108
sma.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
1420
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1184
Gpxcybvzgcjf.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP Win32/Toolbar.CrossRider.A Checkin
4 ETPRO signatures available at the full report
Process
Message
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
[SbTracer::ReadConfiguration] ___Warning - No Trace Level
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
[SbTracer::ReadConfiguration] ___Warning - No Trace Time Stamp
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
[SbTracer::ReadConfiguration] ___Warning - No Trace Destination
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
[SbTracer::ReadConfiguration] ___Warning - No Trace Time Limit
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
[SbTracer::Initialize] Done
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
[SbTracer::FormatFilePath] ___Warning - No Log folder: C:\Users\admin\Desktop\
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
[SbTracer::UpdateAllParameters]
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
[SbTracer::ReadConfiguration] ___Warning - No Trace Backup
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
[SbTracer::ReadConfiguration] ___Warning - No Trace Max Size
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b.exe
[SbTracer::ReadConfiguration] Done
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
a135d639735d9b6123b3960017ad3c2ce6b15346481b70b771d52c7aed17d35b