| File name: | AntiMalware_Setup-3.2.28.0.exe |
| Full analysis: | https://app.any.run/tasks/4e9986b7-7512-4712-8b2e-88f409eeb04f |
| Verdict: | Malicious activity |
| Threats: | Metamorfo is a trojan malware family that has been active since 2018. It remains a top threat, focusing on stealing victims’ financial information, including banking credentials and other data. The malware is known for targeting users in Brazil. |
| Analysis date: | February 24, 2024, 16:27:10 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5: | 048EA3233E0E7611AB414684583C1421 |
| SHA1: | 026E20BACA271CBFEA44FA2CE6F3E405CA5D263D |
| SHA256: | B548F01428CB26A5870602E8018ADBCE814DD2ED53A6B1F74C3B3B7BF23FA965 |
| SSDEEP: | 98304:e+QqZ8f+RYeWUC1k/lyeacDiV1eJ5X40iS0Tfya8+L/GIuBMJMEbCIkFIDUw67HG:xziahJqry7VR2/Mttleqhc/9+DQiW |
MALICIOUS
Drops the executable file immediately after the start
- AntiMalware_Setup-3.2.28.0.exe (PID: 1432)
- AntiMalware_Setup-3.2.28.0.exe (PID: 3464)
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
Creates a writable file in the system directory
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
Registers / Runs the DLL via REGSVR32.EXE
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
Steals credentials from Web Browsers
- AntiMalware.exe (PID: 3940)
METAMORFO has been detected (YARA)
- AntiMalware.exe (PID: 3940)
Actions looks like stealing of personal data
- AntiMalware.exe (PID: 3940)
SUSPICIOUS
Executable content was dropped or overwritten
- AntiMalware_Setup-3.2.28.0.exe (PID: 3464)
- AntiMalware_Setup-3.2.28.0.exe (PID: 1432)
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
Reads the Windows owner or organization settings
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
Creates files in the driver directory
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
Process drops legitimate windows executable
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
Reads the Internet Settings
- AntiMalware.exe (PID: 3940)
Reads security settings of Internet Explorer
- AntiMalware.exe (PID: 3940)
Reads settings of System Certificates
- AntiMalware.exe (PID: 3940)
Creates/Modifies COM task schedule object
- regsvr32.exe (PID: 2124)
Read startup parameters
- AntiMalware.exe (PID: 3940)
Adds/modifies Windows certificates
- AntiMalware.exe (PID: 3940)
The process verifies whether the antivirus software is installed
- AntiMalware.exe (PID: 3940)
Checks Windows Trust Settings
- AntiMalware.exe (PID: 3940)
Drops a system driver (possible attempt to evade defenses)
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
INFO
Reads the computer name
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3348)
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
- AntiMalware.exe (PID: 3940)
Checks supported languages
- AntiMalware_Setup-3.2.28.0.exe (PID: 1432)
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3348)
- AntiMalware_Setup-3.2.28.0.exe (PID: 3464)
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
- AntiMalware.exe (PID: 3940)
Create files in a temporary directory
- AntiMalware_Setup-3.2.28.0.exe (PID: 3464)
- AntiMalware_Setup-3.2.28.0.exe (PID: 1432)
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
- AntiMalware.exe (PID: 3940)
Creates files or folders in the user directory
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
- AntiMalware.exe (PID: 3940)
Creates files in the program directory
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
- AntiMalware.exe (PID: 3940)
Reads the machine GUID from the registry
- AntiMalware.exe (PID: 3940)
Creates a software uninstall entry
- AntiMalware_Setup-3.2.28.0.tmp (PID: 3932)
Reads Environment values
- AntiMalware.exe (PID: 3940)
Reads the software policy settings
- AntiMalware.exe (PID: 3940)
Application launched itself
- msedge.exe (PID: 2448)
- chrome.exe (PID: 2724)
- msedge.exe (PID: 2524)
Manual execution by a user
- chrome.exe (PID: 2724)
- msedge.exe (PID: 2524)
Reads CPU info
- AntiMalware.exe (PID: 3940)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Inno Setup installer (51.8) |
|---|---|---|
| .exe | | | InstallShield setup (20.3) |
| .exe | | | Win32 EXE PECompact compressed (generic) (19.6) |
| .dll | | | Win32 Dynamic Link Library (generic) (3.1) |
| .exe | | | Win32 Executable (generic) (2.1) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2020:11:15 09:48:30+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi |
| PEType: | PE32 |
| LinkerVersion: | 2.25 |
| CodeSize: | 741376 |
| InitializedDataSize: | 38400 |
| UninitializedDataSize: | - |
| EntryPoint: | 0xb5eec |
| OSVersion: | 6.1 |
| ImageVersion: | 6 |
| SubsystemVersion: | 6.1 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 3.2.28.0 |
| ProductVersionNumber: | 3.2.28.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Neutral |
| CharacterSet: | Unicode |
| Comments: | This installation was built with Inno Setup. |
| CompanyName: | Zemana Ltd. |
| FileDescription: | Advanced Malware Protection |
| FileVersion: | 3.2.28 |
| LegalCopyright: | Copyright 2017 |
| OriginalFileName: | |
| ProductName: | Advanced Malware Protection |
| ProductVersion: | 3.2.28 |
Total processes
90
Monitored processes
47
Malicious processes
5
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 316 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2096 --field-trial-handle=1232,i,9719250459513578146,4928855500623641531,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 109.0.5414.120 Modules
| |||||||||||||||
| 604 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1280 --field-trial-handle=1328,i,5224742412457683756,1943200056808944491,131072 /prefetch:2 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 848 | "schtasks.exe" /CREATE /F /TN "AMSkipUAC" /XML "C:\Program Files\Zemana\AntiMalware\data\AMSkipUAC" | C:\Windows\System32\schtasks.exe | — | AntiMalware.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1432 | "C:\Users\admin\AppData\Local\Temp\AntiMalware_Setup-3.2.28.0.exe" | C:\Users\admin\AppData\Local\Temp\AntiMalware_Setup-3.2.28.0.exe | explorer.exe | ||||||||||||
User: admin Company: Zemana Ltd. Integrity Level: MEDIUM Description: Advanced Malware Protection Exit code: 0 Version: 3.2.28 Modules
| |||||||||||||||
| 1740 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3612 --field-trial-handle=1328,i,5224742412457683756,1943200056808944491,131072 /prefetch:8 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1820 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3412 --field-trial-handle=1232,i,9719250459513578146,4928855500623641531,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 109.0.5414.120 Modules
| |||||||||||||||
| 1864 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1320 --field-trial-handle=1232,i,9719250459513578146,4928855500623641531,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 109.0.5414.120 Modules
| |||||||||||||||
| 1928 | "schtasks.exe" /CREATE /F /TN "AMSkipUAC" /XML "C:\Program Files\Zemana\AntiMalware\data\AMSkipUAC" | C:\Windows\System32\schtasks.exe | — | AntiMalware.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1956 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3392 --field-trial-handle=1232,i,9719250459513578146,4928855500623641531,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 109.0.5414.120 Modules
| |||||||||||||||
| 1956 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3984 --field-trial-handle=1328,i,5224742412457683756,1943200056808944491,131072 /prefetch:8 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
Total events
96 170
Read events
95 859
Write events
287
Delete events
24
Modification events
| (PID) Process: | (3932) AntiMalware_Setup-3.2.28.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
| Operation: | write | Name: | CUID |
Value: 122F47044D0197891995B5 | |||
| (PID) Process: | (3932) AntiMalware_Setup-3.2.28.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\ZmnGlobalSDK |
| Operation: | write | Name: | CUID |
Value: 122F47044D0197891995B5 | |||
| (PID) Process: | (3932) AntiMalware_Setup-3.2.28.0.tmp | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amsdk\Instances |
| Operation: | write | Name: | DefaultInstance |
Value: AMSDKDefaultFilter | |||
| (PID) Process: | (3932) AntiMalware_Setup-3.2.28.0.tmp | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amsdk\Instances\AMSDKDefaultFilter |
| Operation: | write | Name: | Altitude |
Value: 80682 | |||
| (PID) Process: | (3932) AntiMalware_Setup-3.2.28.0.tmp | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amsdk\Instances\AMSDKDefaultFilter |
| Operation: | write | Name: | Flags |
Value: 0 | |||
| (PID) Process: | (3932) AntiMalware_Setup-3.2.28.0.tmp | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl |
| Operation: | write | Name: | CrashDumpEnabled |
Value: 3 | |||
| (PID) Process: | (3932) AntiMalware_Setup-3.2.28.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\ZmnGlobalSDK |
| Operation: | write | Name: | PartnerId |
Value: 2 | |||
| (PID) Process: | (3932) AntiMalware_Setup-3.2.28.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\ZmnGlobalSDK |
| Operation: | write | Name: | AM_SelectedLang |
Value: x0409 | |||
| (PID) Process: | (3932) AntiMalware_Setup-3.2.28.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\ZmnGlobalSDK |
| Operation: | write | Name: | AM_InstallPath |
Value: C:\Program Files\Zemana\AntiMalware | |||
| (PID) Process: | (3932) AntiMalware_Setup-3.2.28.0.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\ZmnGlobalSDK |
| Operation: | write | Name: | AM_ShellIconPath |
Value: C:\Program Files\Zemana\AntiMalware\res\2.ico | |||
Executable files
36
Suspicious files
111
Text files
171
Unknown types
141
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3932 | AntiMalware_Setup-3.2.28.0.tmp | C:\Program Files\Zemana\AntiMalware\is-U95JU.tmp | executable | |
MD5:75CD10A49F0743FE04B5B282D9F7A5CE | SHA256:E64091F1796AEE4900EA972DC2403CC649FACE1D7A1BF76911528EDEBD6BEF1A | |||
| 3932 | AntiMalware_Setup-3.2.28.0.tmp | C:\Users\admin\AppData\Local\Temp\is-G75IE.tmp\AMSDKCore399001.dll | executable | |
MD5:BD1CD3CB27C3687F70789C96BD324381 | SHA256:2C63C9035A5794423FCF360A685C321C0D1A4E72C4DCA4C66A87D7A2157D3BB5 | |||
| 3932 | AntiMalware_Setup-3.2.28.0.tmp | C:\Program Files\Zemana\AntiMalware\is-2FHFQ.tmp | executable | |
MD5:048EA3233E0E7611AB414684583C1421 | SHA256:B548F01428CB26A5870602E8018ADBCE814DD2ED53A6B1F74C3B3B7BF23FA965 | |||
| 3932 | AntiMalware_Setup-3.2.28.0.tmp | C:\Windows\system32\drivers\amsdk.sys | executable | |
MD5:E9F97D45A6EFEF5745E91A7A3DDC1C9B | SHA256:5F59A79E3FA97ABDC29E6D1BA67187DF39AA3FDDE6B48EEDE35F7A3F4BDBCA45 | |||
| 3464 | AntiMalware_Setup-3.2.28.0.exe | C:\Users\admin\AppData\Local\Temp\is-0OHQ6.tmp\AntiMalware_Setup-3.2.28.0.tmp | executable | |
MD5:EA91A08C1EB0733BB797BB6458F01FB9 | SHA256:C0C7E61F5D7F57F14F6741D38514D265B48DCCC267303D17B8195B1548736590 | |||
| 3932 | AntiMalware_Setup-3.2.28.0.tmp | C:\Program Files\Zemana\AntiMalware\AntiMalware.Core.dll | executable | |
MD5:1B43CEDCEF849E735376FE8EF3E4B9F2 | SHA256:FDAC8167BE6E5A1D696AD9090417D9DCD01140C6D2166B674E49D0D2310CE66D | |||
| 3932 | AntiMalware_Setup-3.2.28.0.tmp | C:\Program Files\Zemana\AntiMalware\Setup.exe | executable | |
MD5:048EA3233E0E7611AB414684583C1421 | SHA256:B548F01428CB26A5870602E8018ADBCE814DD2ED53A6B1F74C3B3B7BF23FA965 | |||
| 3932 | AntiMalware_Setup-3.2.28.0.tmp | C:\Users\admin\AppData\Local\Temp\is-G75IE.tmp\2.rtf | text | |
MD5:D8F67DA37A0AF157E6D5065AD335D15B | SHA256:B6A8596D7D5A2A2B4A8AD4027E697619350FAB83083B9261C34E63C9F7CD29DE | |||
| 3932 | AntiMalware_Setup-3.2.28.0.tmp | C:\Program Files\Zemana\AntiMalware\unins000.exe | executable | |
MD5:EA91A08C1EB0733BB797BB6458F01FB9 | SHA256:C0C7E61F5D7F57F14F6741D38514D265B48DCCC267303D17B8195B1548736590 | |||
| 3932 | AntiMalware_Setup-3.2.28.0.tmp | C:\Program Files\Zemana\AntiMalware\AMSDKCore399001.dll | executable | |
MD5:BD1CD3CB27C3687F70789C96BD324381 | SHA256:2C63C9035A5794423FCF360A685C321C0D1A4E72C4DCA4C66A87D7A2157D3BB5 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
63
DNS requests
149
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
3940 | AntiMalware.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?32e8b2274d14f445 | unknown | compressed | 65.2 Kb | unknown |
3940 | AntiMalware.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?13221143fd385fdd | unknown | compressed | 65.2 Kb | unknown |
3940 | AntiMalware.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c218dcb863adf7e2 | unknown | compressed | 65.2 Kb | unknown |
3940 | AntiMalware.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?cbf103101b92822a | unknown | compressed | 65.2 Kb | unknown |
3940 | AntiMalware.exe | GET | 301 | 20.119.16.29:80 | http://connect.zemana.com/hotspot-detect.html | unknown | — | — | unknown |
856 | svchost.exe | HEAD | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acezyjyt2fp2x53dhyqbvt3gxdlq_63/khaoiebndkojlmppeemjhbpbandiljpe_63_win_pz5ggrx6ddtwepg55hf2663jnu.crx3 | unknown | — | — | unknown |
856 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3 | unknown | binary | 6.25 Kb | unknown |
856 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3 | unknown | binary | 9.96 Kb | unknown |
856 | svchost.exe | GET | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acezyjyt2fp2x53dhyqbvt3gxdlq_63/khaoiebndkojlmppeemjhbpbandiljpe_63_win_pz5ggrx6ddtwepg55hf2663jnu.crx3 | unknown | binary | 5.52 Kb | unknown |
856 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3 | unknown | binary | 10.1 Kb | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
1080 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
3940 | AntiMalware.exe | 208.109.37.181:443 | check.zemana.com | GO-DADDY-COM-LLC | US | unknown |
3940 | AntiMalware.exe | 208.109.191.195:443 | zam-ai.zemana.com | GO-DADDY-COM-LLC | US | unknown |
3940 | AntiMalware.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | EDGECAST | GB | whitelisted |
3940 | AntiMalware.exe | 20.119.16.29:80 | connect.zemana.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
2724 | chrome.exe | 239.255.255.250:1900 | — | — | — | unknown |
3940 | AntiMalware.exe | 20.119.16.29:443 | connect.zemana.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
1864 | chrome.exe | 142.250.179.131:443 | clientservices.googleapis.com | GOOGLE | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
check.zemana.com |
| whitelisted |
zam-ai.zemana.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
connect.zemana.com |
| unknown |
zam-cloud.zemana.com |
| unknown |
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
www.google.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
update.googleapis.com |
| whitelisted |
Threats
Process | Message |
|---|---|
AntiMalware.exe | AMLogger: 2024-02-24 16:28:12,944 [INFO ] [1] [Zemana.AntiMalware.UI.Program.Main] Line: 54 - ################################# SYSTEM INITIALIZED #################################
|
AntiMalware.exe | AMLogger: 2024-02-24 16:28:12,960 [INFO ] [1] [Zemana.AntiMalware.UI.Program.Main] Line: 55 - v3.2.28 is launching...
|
AntiMalware.exe | AMLogger: 2024-02-24 16:28:13,022 [INFO ] [1] [Zemana.AntiMalware.UI.Services.CommandHandler.CreateOrShowRunningUIInstance] Line: 234 - ================= Running command C:\Program Files\Zemana\AntiMalware\AntiMalware.exe /SL5=$100130,13025042,780800,C:\Users\admin\AppData\Local\Temp\AntiMalware_Setup-3.2.28.0.exe /SPAWNWND=$18013E /NOTIFYWND=$E0170 /INSTALLER /SELECTEDLANG x0409 /AUTOSTART /AUTOUPLOAD =================
|
AntiMalware.exe | AMLogger: 2024-02-24 16:28:13,257 [DEBUG] [1] [Zemana.AntiMalware.Core.Localization.Translator.Initialize] Line: 59 - Initializing translator... ActiveLanguageCode:
|
AntiMalware.exe | AMLogger: 2024-02-24 16:28:13,272 [DEBUG] [1] [Zemana.AntiMalware.Core.Localization.Translator.Initialize] Line: 72 - Language file path: C:\Program Files\Zemana\AntiMalware\Languages\Arabic.json
|
AntiMalware.exe | AMLogger: 2024-02-24 16:28:13,288 [DEBUG] [1] [Zemana.AntiMalware.Core.Localization.Translator.Initialize] Line: 81 - Is translation null: False
|
AntiMalware.exe | AMLogger: 2024-02-24 16:28:13,288 [DEBUG] [1] [Zemana.AntiMalware.Core.Localization.Translator.Initialize] Line: 72 - Language file path: C:\Program Files\Zemana\AntiMalware\Languages\Bosnian.json
|
AntiMalware.exe | AMLogger: 2024-02-24 16:28:13,288 [DEBUG] [1] [Zemana.AntiMalware.Core.Localization.Translator.Initialize] Line: 81 - Is translation null: False
|
AntiMalware.exe | AMLogger: 2024-02-24 16:28:13,288 [DEBUG] [1] [Zemana.AntiMalware.Core.Localization.Translator.Initialize] Line: 72 - Language file path: C:\Program Files\Zemana\AntiMalware\Languages\Croatian.json
|
AntiMalware.exe | AMLogger: 2024-02-24 16:28:13,288 [DEBUG] [1] [Zemana.AntiMalware.Core.Localization.Translator.Initialize] Line: 81 - Is translation null: False
|