download:

protegent-anti-virus.html

Full analysis: https://app.any.run/tasks/470e0ed8-6308-4416-8873-153520cbdb79
Verdict: Malicious activity
Analysis date: June 17, 2019, 18:07:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode text, with very long lines
MD5:

FEF5E14B63A72050DA4916CC8E61D893

SHA1:

A495F117A3CFCD296EF419072F945408F47F483F

SHA256:

A943BBB750C4E0A89D3F406AE219F543D42CB2353DF713B07E0514E52B1B8317

SSDEEP:

768:am+4pvd7L05xVj8VLZxkYEV/CYamJGqApK2zzvjy:am+4pvd7L8WZxkYEV/CYaH3KQ+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Setup.exe (PID: 3840)
      • Setup.exe (PID: 1796)
      • CPSERV~1.EXE (PID: 3996)
      • CPSERV~1.EXE (PID: 1836)
      • Setup.exe (PID: 2620)
      • DLPSettings.exe (PID: 2940)
      • cpservice.exe (PID: 2680)
      • CPSERV~1.EXE (PID: 2124)
      • CPSERV~1.EXE (PID: 3304)
      • pgxsrv.exe (PID: 1700)
      • pgxsrv.exe (PID: 2516)
      • pgavgui.exe (PID: 1880)

    • Changes the autorun value in the registry

      • Setup.exe (PID: 1796)
      • ProtegentAV.tmp (PID: 3140)

    • Disables Windows Defender

      • ProtegentAV.tmp (PID: 3140)

    • Starts NET.EXE for service management

      • ProtegentAV.tmp (PID: 3140)

    • Loads dropped or rewritten executable

      • pgxsrv.exe (PID: 2516)

    • Changes settings of System certificates

      • pgxsrv.exe (PID: 2516)

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 296)

    • Reads internet explorer settings

      • PAVSetup.exe (PID: 3628)

    • Executable content was dropped or overwritten

      • PAVSetup.exe (PID: 3628)
      • Setup.exe (PID: 1796)
      • ProtegentAV.exe (PID: 3408)
      • ProtegentAV.tmp (PID: 3140)

    • Creates files in the user directory

      • Setup.exe (PID: 1796)

    • Creates or modifies windows services

      • Setup.exe (PID: 1796)
      • DLPSettings.exe (PID: 2940)
      • ProtegentAV.tmp (PID: 3140)

    • Executed as Windows Service

      • cpservice.exe (PID: 2680)
      • pgxsrv.exe (PID: 2516)

    • Creates a software uninstall entry

      • Setup.exe (PID: 1796)

    • Removes files from Windows directory

      • ProtegentAV.tmp (PID: 3140)

    • Creates files in the driver directory

      • ProtegentAV.tmp (PID: 3140)

    • Creates files in the Windows directory

      • ProtegentAV.tmp (PID: 3140)

    • Creates files in the program directory

      • pgxsrv.exe (PID: 1700)
      • pgxsrv.exe (PID: 2516)

    • Low-level read access rights to disk partition

      • pgxsrv.exe (PID: 2516)

    • Adds / modifies Windows certificates

      • pgxsrv.exe (PID: 2516)

    • Creates COM task schedule object

      • ProtegentAV.tmp (PID: 3140)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2956)

    • Application launched itself

      • iexplore.exe (PID: 2956)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3472)
      • iexplore.exe (PID: 2956)
      • iexplore.exe (PID: 832)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3472)
      • iexplore.exe (PID: 832)
      • iexplore.exe (PID: 2956)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3472)
      • iexplore.exe (PID: 2956)

    • Creates files in the user directory

      • iexplore.exe (PID: 3472)
      • iexplore.exe (PID: 832)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 296)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3472)
      • iexplore.exe (PID: 832)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2956)
      • iexplore.exe (PID: 3472)

    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 832)

    • Application was dropped or rewritten from another process

      • ProtegentAV.tmp (PID: 3140)

    • Loads dropped or rewritten executable

      • ProtegentAV.tmp (PID: 3140)

    • Dropped object may contain TOR URL's

      • ProtegentAV.tmp (PID: 3140)

    • Creates a software uninstall entry

      • ProtegentAV.tmp (PID: 3140)

    • Creates files in the program directory

      • ProtegentAV.tmp (PID: 3140)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.htm/html | HyperText Markup Language with DOCTYPE (80.6)
.html | HyperText Markup Language (19.3)

EXIF

HTML

HTTPEquivXUACompatible: IE=edge
Title: Protegent Antivirus Solution - Top Antivirus - Free Antivirus Download with Data Recovery
Keywords: Free antivirus Online, Top Antivirus, Free antivirus software , anti spyware, free antivirus download, top antivirus, Best Antivirus Software, Protegent Antivirus
Robots: index,follow,all
ContentLanguage: en
Author: Protegent Antivirus
GoogleBot: NOODP
Description: Protegent is a Top antivirus download solution is an advanced antivirus software online that provide virus protection with free data recovery software. Free Antivirus Download also available
viewport: width=device-width, initial-scale=1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
70
Monitored processes
23
Malicious processes
7
Suspicious processes
3

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs pavsetup.exe setup.exe no specs setup.exe setup.exe dlpsettings.exe no specs cpserv~1.exe cpserv~1.exe no specs cpservice.exe no specs cpserv~1.exe cpserv~1.exe no specs protegentav.exe protegentav.tmp runonce.exe no specs grpconv.exe no specs pgxsrv.exe no specs net.exe no specs net1.exe no specs pgxsrv.exe pgavgui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
296C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Exit code:
0
Version:
26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
832"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2956 CREDAT:203009C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1076C:\Windows\system32\net1 start pgxsrvC:\Windows\system32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
1260"net.exe" start pgxsrvC:\Windows\system32\net.exeProtegentAV.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
1700"C:\Program Files\Protegent AV Cloud\pgxsrv.exe" -install yesC:\Program Files\Protegent AV Cloud\pgxsrv.exeProtegentAV.tmp
User:
admin
Integrity Level:
HIGH
Description:
Protegent AV Cloud
Exit code:
0
Version:

Modules
Images
c:\program files\protegent av cloud\pgxsrv.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1796"C:\PAV\WindowsVista\Setup.exe" C:\PAV\WindowsVista\Setup.exe
Setup.exe
User:
admin
Company:
Unistal Systems Pvt. Ltd.
Integrity Level:
HIGH
Description:
Setup Application
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\pav\windowsvista\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1836C:\UNISTAL\UBSuite\DLP\CPSERV~1.EXE -iC:\UNISTAL\UBSuite\DLP\CPSERV~1.EXESetup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\unistal\ubsuite\dlp\cpserv~1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1880"C:\Program Files\Protegent AV Cloud\pgavgui.exe"C:\Program Files\Protegent AV Cloud\pgavgui.exeProtegentAV.tmp
User:
admin
Integrity Level:
HIGH
Description:
Protegent AV Cloud
Exit code:
0
Version:

Modules
Images
c:\program files\protegent av cloud\pgavgui.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
2124C:\UNISTAL\UBSuite\DLP\CPSERV~1.EXEC:\UNISTAL\UBSuite\DLP\CPSERV~1.EXE
Setup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\unistal\ubsuite\dlp\cpserv~1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2376"C:\Windows\system32\runonce.exe" -rC:\Windows\system32\runonce.exeProtegentAV.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Run Once Wrapper
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\runonce.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
2 093
Read events
1 691
Write events
384
Delete events
18

Modification events

(PID) Process:(2956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2956) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:Type
Value:
3
(PID) Process:(3472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:Count
Value:
1
(PID) Process:(3472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:Time
Value:
E307060001001100120008000B006103
(PID) Process:(3472) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Operation:writeName:LoadTime
Value:
19
Executable files
105
Suspicious files
18
Text files
362
Unknown types
50

Dropped files

PID
Process
Filename
Type
2956iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
2956iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3472iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@providesupport[1].txt
MD5:
SHA256:
832iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@bing[2].txt
MD5:
SHA256:
3472iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\safe-standard[1].jstext
MD5:
SHA256:
832iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I30O7JSO\qsml[1].aspx
MD5:
SHA256:
3472iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\js[1]text
MD5:
SHA256:
832iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\04BIU8GO\qsml[1].aspx
MD5:
SHA256:
832iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:
SHA256:
3472iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@providesupport[2].txttext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
71
TCP/UDP connections
215
DNS requests
41
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
832
iexplore.exe
GET
13.107.5.80:80
http://api.bing.com/qsml.aspx?query=pro&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us
US
whitelisted
832
iexplore.exe
GET
200
13.107.5.80:80
http://api.bing.com/qsml.aspx?query=protegent&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us
US
xml
238 b
whitelisted
832
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/rs/5n/Yu/cj,nj/758a6ac0/7adf7b38.js
US
text
3.97 Kb
whitelisted
832
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/rs/6q/4S/cj,nj/347afee2/33036ea1.js
US
text
1.77 Kb
whitelisted
832
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/search?q=protegent&src=IE-SearchBox&FORM=IE8SRC
US
html
57.2 Kb
whitelisted
832
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/rs/32/1Q/cj,nj/3f1e2270/f8c6dd44.js
US
text
773 b
whitelisted
832
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/rs/5n/Yp/cj,nj/8bf5c256/db475c97.js
US
text
1.31 Kb
whitelisted
832
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/rb/5n/cj,nj/c44ec255/9a358300.js?bu=ErUf2B_5Hv4e4QSMH44f5B-QH5cfoR_QH84fvh-qHrcduh2tHg
US
text
4.95 Kb
whitelisted
832
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/fd/ls/l?IG=FF8EB715A73D462D87070615F7DD00CE&CID=0EE1F7B1B45561220D27FACFB54B60B5&Type=Event.CPT&DATA={"pp":{"S":"L","FC":63,"BC":125,"SE":-1,"TC":-1,"H":188,"BP":266,"CT":282,"IL":7},"ad":[-1,-1,1260,560,1260,498,0]}&P=SERP&DA=DUB02
US
image
5.73 Kb
whitelisted
832
iexplore.exe
GET
200
13.107.5.80:80
http://api.bing.com/qsml.aspx?query=p&maxwidth=253&rowheight=20&sectionHeight=400&FORM=IE8SSC&market=en-us
US
xml
226 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2956
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3472
iexplore.exe
104.20.2.40:443
image.providesupport.com
Cloudflare Inc
US
shared
3472
iexplore.exe
185.60.216.35:443
www.facebook.com
Facebook, Inc.
IE
whitelisted
4
System
104.20.3.47:445
c.statcounter.com
Cloudflare Inc
US
shared
4
System
104.20.2.47:445
c.statcounter.com
Cloudflare Inc
US
shared
4
System
104.20.2.47:139
c.statcounter.com
Cloudflare Inc
US
shared
832
iexplore.exe
13.107.5.80:80
api.bing.com
Microsoft Corporation
US
whitelisted
832
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
832
iexplore.exe
157.55.134.140:443
login.live.com
Microsoft Corporation
US
whitelisted
832
iexplore.exe
40.127.75.23:80
234e95268adc34c744f56cc04d65b4ff.clo.footprintdns.com
Microsoft Corporation
AU
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
code.jquery.com
  • 205.185.208.52
whitelisted
image.providesupport.com
  • 104.20.2.40
  • 104.20.3.40
suspicious
www.googletagmanager.com
  • 172.217.16.136
  • 172.217.22.40
whitelisted
www.facebook.com
  • 185.60.216.35
whitelisted
c.statcounter.com
  • 104.20.3.47
  • 104.20.2.47
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
login.live.com
  • 157.55.134.140
  • 157.55.134.138
  • 157.55.134.142
whitelisted
234e95268adc34c744f56cc04d65b4ff.clo.footprintdns.com
  • 40.127.75.23
unknown
a76d203fb226c641e3a3a53f6721f5e8.clo.footprintdns.com
  • 13.107.6.163
suspicious

Threats

No threats detected
Process
Message
CPSERV~1.EXE
[MY_SERVICE] StartServiceCtrlDispatcher error = 1063
CPSERV~1.EXE
[MY_SERVICE] StartServiceCtrlDispatcher error = 1063
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
protegent-anti-virus.html