File name:

UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe

Full analysis: https://app.any.run/tasks/6b783e84-8a82-47c8-b43b-80ee26ca8e50
Verdict: Malicious activity
Analysis date: January 10, 2025, 18:45:35
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
arch-scr
arch-html
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

949FAB8A38F9163BE3019D326CD2AB3C

SHA1:

BCC4C0E24496556C9EA72B904034FF7FAD21B40B

SHA256:

BD3DA4BB59C183FDC093FC526CD75BB2A7969A757A7E698598943A0D79163CF7

SSDEEP:

49152:DPNVkWShlX40vue4HyNt85q0lVlqQXO6ZCmSxbv0kFgQ0Qh1lhUq8s891D751h1O:DP/kWSA4D05zrlhO6smSlvMQ0QrTU15C

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • vcredist_x86.exe (PID: 4540)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)

    • The process creates files with name similar to system file names

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)

    • Starts CMD.EXE for commands execution

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • Ummy.exe (PID: 6552)

    • Get information on the list of running processes

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • cmd.exe (PID: 6892)

    • Reads security settings of Internet Explorer

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • Setup.exe (PID: 5496)

    • Starts a Microsoft application from unusual location

      • vcredist_x86.exe (PID: 836)
      • vcredist_x86.exe (PID: 4540)

    • Drops 7-zip archiver for unpacking

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)

    • Process drops legitimate windows executable

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • vcredist_x86.exe (PID: 4540)
      • msiexec.exe (PID: 6348)

    • Creates a software uninstall entry

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)

    • Checks Windows Trust Settings

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • Setup.exe (PID: 5496)
      • msiexec.exe (PID: 6348)

    • The process drops C-runtime libraries

      • vcredist_x86.exe (PID: 4540)
      • msiexec.exe (PID: 6348)

    • Creates file in the systems drive root

      • vcredist_x86.exe (PID: 4540)

    • Application launched itself

      • Ummy.exe (PID: 6552)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 1480)
      • cmd.exe (PID: 736)
      • cmd.exe (PID: 3736)

  • INFO

    • Checks supported languages

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • vcredist_x86.exe (PID: 4540)
      • Setup.exe (PID: 5496)
      • msiexec.exe (PID: 6348)
      • Ummy.exe (PID: 6552)
      • Ummy.exe (PID: 7072)
      • Ummy.exe (PID: 4984)
      • Ummy.exe (PID: 7156)
      • Ummy.exe (PID: 4384)

    • The sample compiled with english language support

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • vcredist_x86.exe (PID: 4540)
      • msiexec.exe (PID: 6348)

    • Create files in a temporary directory

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • Setup.exe (PID: 5496)
      • Ummy.exe (PID: 6552)

    • Reads the computer name

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • vcredist_x86.exe (PID: 4540)
      • Setup.exe (PID: 5496)
      • msiexec.exe (PID: 6348)
      • Ummy.exe (PID: 7156)

    • Checks proxy server information

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • Ummy.exe (PID: 6552)

    • Reads the machine GUID from the registry

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • Setup.exe (PID: 5496)
      • msiexec.exe (PID: 6348)
      • Ummy.exe (PID: 6552)

    • Creates files or folders in the user directory

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • msiexec.exe (PID: 6348)
      • Ummy.exe (PID: 6552)
      • Ummy.exe (PID: 7156)

    • The sample compiled with french language support

      • vcredist_x86.exe (PID: 4540)
      • msiexec.exe (PID: 6348)

    • The sample compiled with chinese language support

      • vcredist_x86.exe (PID: 4540)
      • msiexec.exe (PID: 6348)

    • The sample compiled with japanese language support

      • vcredist_x86.exe (PID: 4540)
      • msiexec.exe (PID: 6348)

    • The sample compiled with Italian language support

      • vcredist_x86.exe (PID: 4540)
      • msiexec.exe (PID: 6348)

    • The sample compiled with german language support

      • vcredist_x86.exe (PID: 4540)
      • msiexec.exe (PID: 6348)

    • Reads the software policy settings

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)
      • Setup.exe (PID: 5496)
      • msiexec.exe (PID: 6348)
      • Ummy.exe (PID: 6552)

    • The process uses the downloaded file

      • UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe (PID: 3688)

    • The sample compiled with korean language support

      • vcredist_x86.exe (PID: 4540)
      • msiexec.exe (PID: 6348)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6348)

    • The sample compiled with spanish language support

      • vcredist_x86.exe (PID: 4540)
      • msiexec.exe (PID: 6348)

    • The sample compiled with russian language support

      • vcredist_x86.exe (PID: 4540)
      • msiexec.exe (PID: 6348)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6348)

    • Sends debugging messages

      • Setup.exe (PID: 5496)

    • Manual execution by a user

      • Ummy.exe (PID: 6552)

    • Process checks computer location settings

      • Ummy.exe (PID: 4984)
      • Ummy.exe (PID: 6552)
      • Ummy.exe (PID: 4384)

    • Drops encrypted VBS script (Microsoft Script Encoder)

      • Ummy.exe (PID: 4384)

    • Application launched itself

      • msedge.exe (PID: 6720)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.17.2.0
ProductVersionNumber: 1.17.2.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: ITPRODUCTDEV LTD
FileDescription: Ummy Desktop
FileVersion: 1.17.2
LegalCopyright: Copyright © 2024 ITPRODUCTDEV LTD
ProductName: Ummy
ProductVersion: 1.17.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
193
Monitored processes
63
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ummyvd-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs vcredist_x86.exe no specs vcredist_x86.exe setup.exe msiexec.exe ummy.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs reg.exe no specs reg.exe no specs ummy.exe no specs ummy.exe ummy.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs ummy.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
520"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x31c,0x320,0x324,0x314,0x32c,0x7ff822105fd8,0x7ff822105fe4,0x7ff822105ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
628"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5636 --field-trial-handle=2140,i,14456005298393803830,8768662434348839387,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
736C:\WINDOWS\system32\cmd.exe /d /s /c "C:\WINDOWS\system32\reg.exe ADD "HKCU\Software\Classes\ummy\shell\open\command" /f"C:\Windows\SysWOW64\cmd.exeUmmy.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
836"C:\Users\admin\AppData\Local\Temp\nse543F.tmp\vcredist_x86.exe" /install /quiet /norestartC:\Users\admin\AppData\Local\Temp\nse543F.tmp\vcredist_x86.exeUmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Visual C++ 2010 x86 Redistributable Setup
Exit code:
3221226540
Version:
10.0.40219.325
Modules
Images
c:\users\admin\appdata\local\temp\nse543f.tmp\vcredist_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1020"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4032 --field-trial-handle=2140,i,14456005298393803830,8768662434348839387,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1080"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4220 --field-trial-handle=2140,i,14456005298393803830,8768662434348839387,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1480C:\WINDOWS\system32\cmd.exe /d /s /c "C:\WINDOWS\system32\reg.exe ADD "HKCU\Software\Classes\ummy" /f"C:\Windows\SysWOW64\cmd.exeUmmy.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1856"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4500 --field-trial-handle=2140,i,14456005298393803830,8768662434348839387,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2072\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2092C:\WINDOWS\system32\reg.exe ADD "HKCU\Software\Classes\ummy" /fC:\Windows\SysWOW64\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
20 285
Read events
19 636
Write events
607
Delete events
42

Modification events

(PID) Process:(3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeKey:HKEY_CURRENT_USER\SOFTWARE\589bbc75-bab8-5041-bad3-2b463b503e06
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\ummy
(PID) Process:(3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeKey:HKEY_CURRENT_USER\SOFTWARE\Ummy
Operation:writeName:vid
Value:
148
(PID) Process:(3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\ummy\uninstallerIcon.ico
(PID) Process:(3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06
Operation:writeName:Publisher
Value:
ITPRODUCTDEV LTD
(PID) Process:(3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06
Operation:writeName:NoModify
Value:
1
(PID) Process:(3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06
Operation:writeName:NoRepair
Value:
1
(PID) Process:(3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06
Operation:writeName:EstimatedSize
Value:
220981
Executable files
96
Suspicious files
463
Text files
156
Unknown types
4

Dropped files

PID
Process
Filename
Type
3688UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\ummy-1.17.2-ia32.nsis[1].7z
MD5:
SHA256:
3688UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeC:\Users\admin\AppData\Local\Temp\nse543F.tmp\package.7z
MD5:
SHA256:
3688UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeC:\Users\admin\AppData\Local\Temp\nse543F.tmp\7z-out\icudtl.dat
MD5:
SHA256:
3688UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeC:\Users\admin\AppData\Local\Temp\nse543F.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
3688UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeC:\Users\admin\AppData\Local\Temp\nse543F.tmp\nsExec.dllexecutable
MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
SHA256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
3688UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeC:\Users\admin\AppData\Local\Temp\nse543F.tmp\7z-out\chrome_100_percent.pakbinary
MD5:109EE8FFD715C63E3E2248C2AD5CA559
SHA256:B581F176C6BDBF8A152947FB37AF9C0E6D7651616408CB7312B336C37A704580
3688UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeC:\Users\admin\AppData\Local\Temp\nse543F.tmp\StdUtils.dllexecutable
MD5:C6A6E03F77C313B267498515488C5740
SHA256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
3688UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_B05F2E1AA1980E34F0399E6443E4BD65der
MD5:95AAA847058512E8F907E76EE924A43F
SHA256:D2838EB4BC154272CCB48369347A9F59125648ACEBAE90F2A9C88C9B9AC14B28
3688UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeC:\Users\admin\AppData\Local\Temp\nse543F.tmp\7z-out\LICENSE.electron.txttext
MD5:4D42118D35941E0F664DDDBD83F633C5
SHA256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
3688UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exeC:\Users\admin\AppData\Local\Temp\nse543F.tmp\SpiderBanner.dllexecutable
MD5:17309E33B596BA3A5693B4D3E85CF8D7
SHA256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
101
DNS requests
91
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.146:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3688
UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe
GET
200
142.250.184.227:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
whitelisted
3688
UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe
GET
200
172.217.16.131:80
http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACECesG%2BlaxWWrCklg14T%2Fer4%3D
unknown
whitelisted
3688
UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe
GET
302
172.67.150.95:80
http://desktop.televzr.com/download/updater/latest/ummy.nsis.7z/ummy-1.17.2-ia32.nsis.7z
unknown
whitelisted
3688
UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe
GET
200
104.21.1.194:80
http://cdn-televzr.com/ummy/ummy-1.17.2-ia32.nsis.7z
unknown
unknown
3688
UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe
GET
200
172.217.16.131:80
http://c.pki.goog/r/r1.crl
unknown
whitelisted
5568
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.146:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2164
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
104.126.37.128:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1176
svchost.exe
20.190.160.22:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.48.23.146
  • 23.48.23.147
  • 23.48.23.139
  • 23.48.23.137
  • 23.48.23.141
  • 23.48.23.143
  • 23.48.23.145
  • 23.48.23.140
  • 23.48.23.193
  • 2.16.241.19
  • 2.16.241.12
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 2.23.246.101
whitelisted
google.com
  • 142.250.181.238
whitelisted
www.bing.com
  • 104.126.37.128
  • 104.126.37.153
  • 104.126.37.171
  • 104.126.37.163
  • 104.126.37.160
  • 104.126.37.162
  • 104.126.37.123
  • 104.126.37.146
  • 104.126.37.161
  • 104.126.37.179
  • 104.126.37.147
  • 104.126.37.137
  • 104.126.37.131
  • 104.126.37.176
  • 104.126.37.130
  • 104.126.37.139
  • 104.126.37.185
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.160.22
  • 40.126.32.140
  • 40.126.32.74
  • 40.126.32.138
  • 40.126.32.136
  • 40.126.32.133
  • 20.190.160.20
  • 40.126.32.76
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
www.google-analytics.com
  • 172.217.16.142
whitelisted
ocsp.pki.goog
  • 142.250.184.227
whitelisted
c.pki.goog
  • 172.217.16.131
whitelisted

Threats

No threats detected
Process
Message
Setup.exe
The operation completed successfully.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe