URL:

http://content.dellsupportcenter.com:80/updates/aulauncher.exe

Full analysis: https://app.any.run/tasks/0a4b9be5-014e-43be-b9cc-0c2113443f21
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: August 01, 2018, 16:43:35
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
loader
Indicators:
MD5:

E1A03FAC877E3B5C231CA5B78F27AEF9

SHA1:

42DB1CF1E45D42BC0B00EB9BD30E190A54CE7EC6

SHA256:

C184CB44F6CC577D0FA340194BAE0421ED5E9035F400DFD3EA7809B22DD7F2B2

SSDEEP:

3:N1KdKL8tBsJFVKXRGuOGKWVBEmN5LyNAkdA:CIyulQKEVBdODdA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • aulauncher[1].exe (PID: 3980)
      • aulauncher[1].exe (PID: 1660)
      • nsD9AE.tmp (PID: 3116)
      • CSAW.exe (PID: 2648)
      • CSAW_Child.exe (PID: 2880)
      • appupdater.exe (PID: 3336)
      • SupportAssistDownloadManager.exe (PID: 2352)
      • SupportAssistDownloadManager.exe (PID: 2764)
      • 7za.exe (PID: 1796)
      • SupportAssistInstaller.exe (PID: 2800)
      • SupportAssistAgent.exe (PID: 2460)
      • SupportAssistDownloadManager.exe (PID: 2432)
      • SupportAssistDownloadManager.exe (PID: 2436)
      • DDVRulesProcessor.exe (PID: 2212)
      • DDVDataCollector.exe (PID: 1996)
      • DDVCollectorSvcApi.exe (PID: 3836)
      • DSAPI.exe (PID: 2088)
      • DSAPI.exe (PID: 2532)
      • SupportAssist.exe (PID: 1468)
      • FileDialogHelper.exe (PID: 304)
      • SupportAssistUI.exe (PID: 424)
      • tmpC05F.tmp.exe (PID: 2752)
      • UpdaterUI.exe (PID: 3168)

    • Changes the autorun value in the registry

      • aulauncher[1].exe (PID: 3980)

    • Changes settings of System certificates

      • aulauncher[1].exe (PID: 3980)
      • CSAW.exe (PID: 2648)
      • appupdater.exe (PID: 3336)
      • CSAW_Child.exe (PID: 2880)
      • SupportAssistAgent.exe (PID: 2460)
      • DDVRulesProcessor.exe (PID: 2212)
      • tmp7B76.tmp.exe (PID: 372)

    • Loads dropped or rewritten executable

      • aulauncher[1].exe (PID: 3980)
      • appupdater.exe (PID: 3336)
      • CSAW.exe (PID: 2648)
      • CSAW_Child.exe (PID: 2880)
      • SupportAssistInstaller.exe (PID: 2800)
      • SupportAssistAgent.exe (PID: 2460)
      • DDVDataCollector.exe (PID: 1996)
      • DDVCollectorSvcApi.exe (PID: 3836)
      • tmp7B76.tmp.exe (PID: 372)
      • installer.exe (PID: 2832)
      • DSAPI.exe (PID: 2532)
      • pcdrwi.exe (PID: 3212)
      • tmpC05F.tmp.exe (PID: 2752)
      • SystemIdleCheck.exe (PID: 2912)
      • UpdaterUI.exe (PID: 3168)
      • SupportAssist.exe (PID: 1468)
      • SupportAssistUI.exe (PID: 424)
      • DDVRulesProcessor.exe (PID: 2212)
      • DSAPI.exe (PID: 2088)

    • Downloads executable files from the Internet

      • appupdater.exe (PID: 3336)

    • Uses Task Scheduler to run other applications

      • SupportAssistAgent.exe (PID: 2460)

    • Loads the Task Scheduler COM API

      • SCHTASKS.exe (PID: 3796)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 2192)
      • iexplore.exe (PID: 2152)
      • aulauncher[1].exe (PID: 3980)
      • appupdater.exe (PID: 3336)
      • CSAW.exe (PID: 2648)
      • CSAW_Child.exe (PID: 2880)
      • 7za.exe (PID: 1796)
      • msiexec.exe (PID: 2612)
      • MsiExec.exe (PID: 3080)
      • DrvInst.exe (PID: 3400)
      • DrvInst.exe (PID: 3288)
      • installer.exe (PID: 2832)
      • tmp7B76.tmp.exe (PID: 372)
      • tmpC05F.tmp.exe (PID: 2752)

    • Creates files in the user directory

      • aulauncher[1].exe (PID: 3980)
      • appupdater.exe (PID: 3336)

    • Creates or modifies windows services

      • appupdater.exe (PID: 3336)
      • SupportAssistDownloadManager.exe (PID: 2764)
      • DSAPI.exe (PID: 2088)

    • Starts application with an unusual extension

      • aulauncher[1].exe (PID: 3980)

    • Reads Internet Cache Settings

      • appupdater.exe (PID: 3336)
      • SupportAssistUI.exe (PID: 424)

    • Adds / modifies Windows certificates

      • CSAW.exe (PID: 2648)
      • CSAW_Child.exe (PID: 2880)
      • tmp7B76.tmp.exe (PID: 372)
      • DDVRulesProcessor.exe (PID: 2212)

    • Creates files in the program directory

      • CSAW.exe (PID: 2648)
      • CSAW_Child.exe (PID: 2880)
      • 7za.exe (PID: 1796)
      • SupportAssistAgent.exe (PID: 2460)
      • SupportAssistInstaller.exe (PID: 2800)
      • DDVRulesProcessor.exe (PID: 2212)
      • installer.exe (PID: 2832)
      • DSAPI.exe (PID: 2088)
      • pcdrwi.exe (PID: 3212)
      • tmpC05F.tmp.exe (PID: 2752)
      • UpdaterUI.exe (PID: 3168)
      • DDVDataCollector.exe (PID: 1996)
      • tmp7B76.tmp.exe (PID: 372)

    • Starts itself from another location

      • CSAW.exe (PID: 2648)

    • Creates files in the Windows directory

      • SupportAssistDownloadManager.exe (PID: 2764)
      • SupportAssistInstaller.exe (PID: 2800)
      • SupportAssistDownloadManager.exe (PID: 2352)
      • SupportAssistDownloadManager.exe (PID: 2432)
      • SupportAssistDownloadManager.exe (PID: 2436)
      • SupportAssistAgent.exe (PID: 2460)
      • DrvInst.exe (PID: 3440)
      • MsiExec.exe (PID: 3080)
      • DrvInst.exe (PID: 2560)
      • DrvInst.exe (PID: 3288)
      • DDVRulesProcessor.exe (PID: 2212)
      • DrvInst.exe (PID: 3400)

    • Removes files from Windows directory

      • SupportAssistInstaller.exe (PID: 2800)
      • DrvInst.exe (PID: 3400)
      • DrvInst.exe (PID: 3440)
      • DrvInst.exe (PID: 2560)
      • DrvInst.exe (PID: 3288)
      • SupportAssistAgent.exe (PID: 2460)
      • DDVRulesProcessor.exe (PID: 2212)

    • Starts Microsoft Installer

      • SupportAssistInstaller.exe (PID: 2800)

    • Searches for installed software

      • SupportAssistAgent.exe (PID: 2460)

    • Creates files in the driver directory

      • DrvInst.exe (PID: 2560)
      • DrvInst.exe (PID: 3400)
      • DrvInst.exe (PID: 3288)
      • DrvInst.exe (PID: 3440)

    • Uses NETSH.EXE for network configuration

      • SupportAssistAgent.exe (PID: 2460)

    • Changes IE settings (feature browser emulation)

      • SupportAssistUI.exe (PID: 424)

    • Reads internet explorer settings

      • SupportAssistUI.exe (PID: 424)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2192)
      • iexplore.exe (PID: 2152)

    • Dropped object may contain URL's

      • iexplore.exe (PID: 2192)
      • iexplore.exe (PID: 2152)
      • CSAW.exe (PID: 2648)
      • aulauncher[1].exe (PID: 3980)
      • CSAW_Child.exe (PID: 2880)
      • SupportAssistInstaller.exe (PID: 2800)
      • 7za.exe (PID: 1796)
      • msiexec.exe (PID: 1696)
      • SupportAssistAgent.exe (PID: 2460)
      • MsiExec.exe (PID: 3080)
      • appupdater.exe (PID: 3336)
      • DrvInst.exe (PID: 3440)
      • DrvInst.exe (PID: 3400)
      • DrvInst.exe (PID: 2560)
      • DrvInst.exe (PID: 3288)
      • DDVRulesProcessor.exe (PID: 2212)
      • installer.exe (PID: 2832)
      • pcdrwi.exe (PID: 3212)
      • msiexec.exe (PID: 2612)
      • tmp7B76.tmp.exe (PID: 372)
      • msiexec.exe (PID: 2720)
      • UpdaterUI.exe (PID: 3168)
      • tmpC05F.tmp.exe (PID: 2752)

    • Changes internet zones settings

      • iexplore.exe (PID: 2152)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2192)

    • Application launched itself

      • iexplore.exe (PID: 2152)
      • msiexec.exe (PID: 2612)

    • Reads settings of System Certificates

      • appupdater.exe (PID: 3336)
      • SupportAssistInstaller.exe (PID: 2800)
      • SupportAssistAgent.exe (PID: 2460)
      • tmp7B76.tmp.exe (PID: 372)
      • tmpC05F.tmp.exe (PID: 2752)
      • SupportAssistUI.exe (PID: 424)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2612)

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 2492)
      • MsiExec.exe (PID: 2348)
      • msiexec.exe (PID: 2612)
      • MsiExec.exe (PID: 864)
      • MsiExec.exe (PID: 3080)

    • Dropped object may contain Bitcoin addresses

      • msiexec.exe (PID: 2612)
      • tmp7B76.tmp.exe (PID: 372)
      • msiexec.exe (PID: 2720)

    • Creates files in the program directory

      • msiexec.exe (PID: 2612)

    • Creates or modifies windows services

      • msiexec.exe (PID: 2612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
96
Monitored processes
44
Malicious processes
22
Suspicious processes
5

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start download and start drop and start drop and start drop and start iexplore.exe iexplore.exe aulauncher[1].exe no specs aulauncher[1].exe nsd9ae.tmp no specs appupdater.exe csaw.exe csaw_child.exe 7za.exe supportassistinstaller.exe supportassistdownloadmanager.exe supportassistdownloadmanager.exe msiexec.exe no specs msiexec.exe msiexec.exe no specs supportassistagent.exe msiexec.exe no specs supportassistdownloadmanager.exe supportassistdownloadmanager.exe schtasks.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe drvinst.exe no specs drvinst.exe drvinst.exe no specs drvinst.exe ddvrulesprocessor.exe ddvdatacollector.exe ddvcollectorsvcapi.exe no specs installer.exe netsh.exe no specs netsh.exe no specs tmp7b76.tmp.exe taskmgr.exe no specs dsapi.exe dsapi.exe pcdrwi.exe tmpc05f.tmp.exe systemidlecheck.exe no specs updaterui.exe supportassist.exe filedialoghelper.exe no specs supportassistui.exe

Process information

PID
CMD
Path
Indicators
Parent process
304 GetLaunchedUIProcessID 424C:\Program Files\Dell\SupportAssistAgent\bin\FileDialogHelper.exeSupportAssistAgent.exe
User:
SYSTEM
Company:
Dell Inc.
Integrity Level:
SYSTEM
Description:
FileIDialogHelper
Exit code:
0
Version:
2.2.3.2
Modules
Images
c:\program files\dell\supportassistagent\bin\filedialoghelper.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
372"C:\Users\admin\AppData\Local\Temp\tmp7B76.tmp.exe" "C:\Program Files\Dell\SupportAssistAgent\PCDr\Installer\installer.exe" --installDirectory="C:\Program Files\Dell\SupportAssistAgent\PCDr" --variant dsc --factory 0 --silent --silent --INTERNAL_SkipMultipleInstancesCheck --INTERNAL_InvokedByCombinedInstallerC:\Users\admin\AppData\Local\Temp\tmp7B76.tmp.exe
installer.exe
User:
admin
Company:
PC-Doctor, Inc.
Integrity Level:
HIGH
Description:
SupportAssist
Exit code:
0
Version:
6.0.6992.1236
Modules
Images
c:\users\admin\appdata\local\temp\tmp7b76.tmp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
424"C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistUI.exe" launch Mode=Normal Action=HomeeC:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistUI.exe
User:
admin
Company:
Dell Inc.
Integrity Level:
UNTRUSTED
Description:
SupportAssistUI
Exit code:
0
Version:
2.2.3.2
Modules
Images
c:\program files\dell\supportassistagent\bin\supportassistui.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
864C:\Windows\system32\MsiExec.exe -Embedding A0124DC7F586A3745645AAC7FC10C103C:\Windows\system32\MsiExec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1468"C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe" InvokeWebAPICall "SaveLanguage" "en-US""C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe
User:
admin
Company:
Dell Inc.
Integrity Level:
UNTRUSTED
Description:
SupportAssist
Exit code:
0
Version:
2.2.3.2
Modules
Images
c:\program files\dell\supportassistagent\bin\supportassist.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1660"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUFVP8I9\aulauncher[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUFVP8I9\aulauncher[1].exeiexplore.exe
User:
admin
Company:
Dell Inc
Integrity Level:
MEDIUM
Description:
SupportAssist
Exit code:
3221226540
Version:
1.0.6746.47
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\gufvp8i9\aulauncher[1].exe
c:\systemroot\system32\ntdll.dll
1696"msiexec.exe" /i C:\Windows\TEMP\SupportAssistAgent\LauncherAutoUpdate\SupportAssistx86-2.2.3.2.msi /qn REBOOT=ReallySuppress /norestartC:\Windows\system32\msiexec.exeSupportAssistInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1796"C:\ProgramData\PCDr\Installer\fpbvbqh4.zs0\7za.exe" x -o"C:\ProgramData\PCDr\Installer\fpbvbqh4.zs0\Extracted" -y "C:\ProgramData\PCDr\Installer\fpbvbqh4.zs0\SupportAssistInstaller.exe"C:\ProgramData\PCDr\Installer\fpbvbqh4.zs0\7za.exe
CSAW_Child.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
HIGH
Description:
7-Zip Standalone Console
Exit code:
0
Version:
9.20
Modules
Images
c:\programdata\pcdr\installer\fpbvbqh4.zs0\7za.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1896"C:\Windows\system32\taskmgr.exe" /4C:\Windows\system32\taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Task Manager
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1996"C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe"C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
services.exe
User:
SYSTEM
Company:
Dell Inc.
Integrity Level:
SYSTEM
Description:
Dell Data Vault Data Collector Service
Exit code:
0
Version:
5.2.5.81
Modules
Images
c:\program files\dell\delldatavault\ddvdatacollector.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
6 478
Read events
3 222
Write events
3 159
Delete events
97

Modification events

(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000048000000010000000000000000000000000000000000000000000000B096B68868EBD301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000D8BFD602040000000000000000000000000000000000000000000000F4BFD602040000000000000000000000000000000000000000000000D8372A0000000000FFFFFFFF000000000000000000000000010000002E00000000000000000000000000000002000000C0A801640000000000000000D84ED505AC02000005000000010000000000000000000000010000000000000000000000BF060000000000000000000000000000000000001000000088C0D60204000000000000000000000000000000000000000000000000000000C8E40C00000000000C0000000000000000000000
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{16F832C9-95AA-11E8-ACE5-5254004AAD11}
Value:
0
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
10
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E20708000300010010002C0001000B00
Executable files
380
Suspicious files
102
Text files
926
Unknown types
93

Dropped files

PID
Process
Filename
Type
2152iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHUAAB7W\favicon[1].ico
MD5:
SHA256:
2152iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2192iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018071620180717\index.dat
MD5:
SHA256:
2192iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DATsmt
MD5:
SHA256:
2192iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018080120180802\index.datdat
MD5:
SHA256:
2152iexplore.exeC:\Users\admin\AppData\Local\Temp\StructuredQuery.logtext
MD5:
SHA256:
3980aulauncher[1].exeC:\Users\admin\AppData\Roaming\PCDr\Installer\Logs\aulauncher.logtext
MD5:
SHA256:
2152iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHUAAB7W\favicon[2].pngimage
MD5:9FB559A691078558E77D6848202F6541
SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
2192iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MJG226QK\httpErrorPagesScripts[1]text
MD5:E7CA76A3C9EE0564471671D500E3F0F3
SHA256:58268CA71A28973B756A48BBD7C9DC2F6B87B62AE343E582CE067C725275B63C
2192iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSILEDM7\down[1]image
MD5:555E83CE7F5D280D7454AF334571FB25
SHA256:70F316A5492848BB8242D49539468830B353DDAA850964DB4E60A6D2D7DB4880
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
69
DNS requests
21
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3336
appupdater.exe
GET
200
2.18.232.183:80
http://content.dellsupportcenter.com/mstr/current.xml
unknown
text
373 b
suspicious
3336
appupdater.exe
GET
200
93.184.220.29:80
http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer
US
text
1.77 Kb
whitelisted
3336
appupdater.exe
GET
200
23.37.43.27:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w%3D
NL
der
1.40 Kb
whitelisted
3336
appupdater.exe
GET
200
2.18.232.183:80
http://content.dellsupportcenter.com/updates/tora/6992/1111/00/app_spec/dsc_6746.xml
unknown
xml
12.1 Kb
suspicious
3336
appupdater.exe
GET
200
23.37.43.27:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D
NL
der
1.71 Kb
whitelisted
3336
appupdater.exe
GET
200
23.37.43.27:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE%2FlB8ILcQ1m6ShHvICEBXkP9stRAkHuP7yYnXWys8%3D
NL
der
1.63 Kb
whitelisted
3336
appupdater.exe
GET
200
23.37.43.27:80
http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEBTUeF0Js47o0lLrwC%2BxHsE%3D
NL
der
1.62 Kb
whitelisted
3336
appupdater.exe
GET
200
2.18.232.183:80
http://content.dellsupportcenter.com/updates/tora/6992/1111/00/rules/rules_dsc_6746_47.xml
unknown
xml
2.59 Kb
suspicious
3336
appupdater.exe
GET
200
2.18.232.183:80
http://content.dellsupportcenter.com/updates/tora/6992/1111/00/rules/withSigneddll-PCDoctor_6422.40_windows_appupdaterrules_dell.zip
unknown
compressed
60.9 Kb
suspicious
3336
appupdater.exe
GET
200
23.37.43.27:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEH9IjqmlpJ%2BCUCOOr457bEU%3D
NL
der
1.62 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2192
iexplore.exe
2.18.232.183:443
content.dellsupportcenter.com
Akamai International B.V.
whitelisted
2192
iexplore.exe
2.18.232.183:80
content.dellsupportcenter.com
Akamai International B.V.
whitelisted
2152
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2648
CSAW.exe
52.222.163.23:80
x.ss2.us
Amazon.com, Inc.
US
unknown
2880
CSAW_Child.exe
52.46.128.67:443
firehose.us-east-1.amazonaws.com
US
unknown
2880
CSAW_Child.exe
172.227.84.40:443
downloads.dell.com
Akamai Technologies, Inc.
US
whitelisted
2764
SupportAssistDownloadManager.exe
172.227.84.40:443
downloads.dell.com
Akamai Technologies, Inc.
US
whitelisted
2648
CSAW.exe
205.185.216.10:80
www.download.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2800
SupportAssistInstaller.exe
23.37.43.27:80
ocsp.verisign.com
Akamai Technologies, Inc.
NL
whitelisted
2352
SupportAssistDownloadManager.exe
172.227.84.40:443
downloads.dell.com
Akamai Technologies, Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
content.dellsupportcenter.com
  • 2.18.232.183
suspicious
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
sf.symcb.com
  • 93.184.220.29
whitelisted
ocsp.verisign.com
  • 23.37.43.27
whitelisted
sf.symcd.com
  • 23.37.43.27
whitelisted
csc3-2009-2-aia.verisign.com
  • 93.184.220.29
whitelisted
csc3-2010-aia.verisign.com
  • 93.184.220.29
whitelisted
sv.symcb.com
  • 93.184.220.29
whitelisted
s2.symcb.com
  • 23.37.43.27
whitelisted
sv.symcd.com
  • 23.37.43.27
shared

Threats

PID
Process
Class
Message
3336
appupdater.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
2880
CSAW_Child.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Generic malicious VBA-macro loader
3212
pcdrwi.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Generic malicious VBA-macro loader
3168
UpdaterUI.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Generic malicious VBA-macro loader
Process
Message
SupportAssistAgent.exe
Native library pre-loader is trying to load native SQLite library "C:\Program Files\Dell\SupportAssistAgent\bin\x86\sqlite3.dll"...
DDVRulesProcessor.exe
DDVRulesProcessor.exe
REPORT_ERROR:
DDVRulesProcessor.exe
InitGlobals: WmiGetServiceTag failed
DDVRulesProcessor.exe
DDVRulesProcessor.exe
DDVRulesProcessor.exe
REPORT_ERROR:
DDVRulesProcessor.exe
Started DDVRulesProcessor 5.2.5.81
DDVRulesProcessor.exe
DDVDataCollector.exe
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://content.dellsupportcenter.com:80/updates/aulauncher.exe