URL:

http://content.dellsupportcenter.com:80/updates/aulauncher.exe

Full analysis: https://app.any.run/tasks/0a4b9be5-014e-43be-b9cc-0c2113443f21
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: August 01, 2018, 16:43:35
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
loader
Indicators:
MD5:

E1A03FAC877E3B5C231CA5B78F27AEF9

SHA1:

42DB1CF1E45D42BC0B00EB9BD30E190A54CE7EC6

SHA256:

C184CB44F6CC577D0FA340194BAE0421ED5E9035F400DFD3EA7809B22DD7F2B2

SSDEEP:

3:N1KdKL8tBsJFVKXRGuOGKWVBEmN5LyNAkdA:CIyulQKEVBdODdA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • aulauncher[1].exe (PID: 3980)

    • Application was dropped or rewritten from another process

      • aulauncher[1].exe (PID: 1660)
      • aulauncher[1].exe (PID: 3980)
      • nsD9AE.tmp (PID: 3116)
      • CSAW_Child.exe (PID: 2880)
      • appupdater.exe (PID: 3336)
      • CSAW.exe (PID: 2648)
      • SupportAssistDownloadManager.exe (PID: 2764)
      • SupportAssistDownloadManager.exe (PID: 2352)
      • 7za.exe (PID: 1796)
      • SupportAssistInstaller.exe (PID: 2800)
      • SupportAssistAgent.exe (PID: 2460)
      • SupportAssistDownloadManager.exe (PID: 2432)
      • SupportAssistDownloadManager.exe (PID: 2436)
      • DDVRulesProcessor.exe (PID: 2212)
      • DDVDataCollector.exe (PID: 1996)
      • DSAPI.exe (PID: 2532)
      • DSAPI.exe (PID: 2088)
      • SupportAssist.exe (PID: 1468)
      • SupportAssistUI.exe (PID: 424)
      • FileDialogHelper.exe (PID: 304)
      • tmpC05F.tmp.exe (PID: 2752)
      • UpdaterUI.exe (PID: 3168)
      • DDVCollectorSvcApi.exe (PID: 3836)

    • Loads dropped or rewritten executable

      • aulauncher[1].exe (PID: 3980)
      • appupdater.exe (PID: 3336)
      • CSAW_Child.exe (PID: 2880)
      • CSAW.exe (PID: 2648)
      • SupportAssistInstaller.exe (PID: 2800)
      • SupportAssistAgent.exe (PID: 2460)
      • DDVDataCollector.exe (PID: 1996)
      • DDVCollectorSvcApi.exe (PID: 3836)
      • tmp7B76.tmp.exe (PID: 372)
      • installer.exe (PID: 2832)
      • DSAPI.exe (PID: 2088)
      • pcdrwi.exe (PID: 3212)
      • tmpC05F.tmp.exe (PID: 2752)
      • DSAPI.exe (PID: 2532)
      • SystemIdleCheck.exe (PID: 2912)
      • UpdaterUI.exe (PID: 3168)
      • SupportAssist.exe (PID: 1468)
      • SupportAssistUI.exe (PID: 424)
      • DDVRulesProcessor.exe (PID: 2212)

    • Changes settings of System certificates

      • aulauncher[1].exe (PID: 3980)
      • appupdater.exe (PID: 3336)
      • CSAW.exe (PID: 2648)
      • CSAW_Child.exe (PID: 2880)
      • SupportAssistAgent.exe (PID: 2460)
      • tmp7B76.tmp.exe (PID: 372)
      • DDVRulesProcessor.exe (PID: 2212)

    • Downloads executable files from the Internet

      • appupdater.exe (PID: 3336)

    • Uses Task Scheduler to run other applications

      • SupportAssistAgent.exe (PID: 2460)

    • Loads the Task Scheduler COM API

      • SCHTASKS.exe (PID: 3796)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 2192)
      • iexplore.exe (PID: 2152)
      • aulauncher[1].exe (PID: 3980)
      • appupdater.exe (PID: 3336)
      • CSAW.exe (PID: 2648)
      • CSAW_Child.exe (PID: 2880)
      • 7za.exe (PID: 1796)
      • MsiExec.exe (PID: 3080)
      • msiexec.exe (PID: 2612)
      • DrvInst.exe (PID: 3400)
      • DrvInst.exe (PID: 3288)
      • installer.exe (PID: 2832)
      • tmp7B76.tmp.exe (PID: 372)
      • tmpC05F.tmp.exe (PID: 2752)

    • Starts application with an unusual extension

      • aulauncher[1].exe (PID: 3980)

    • Creates files in the user directory

      • aulauncher[1].exe (PID: 3980)
      • appupdater.exe (PID: 3336)

    • Creates or modifies windows services

      • appupdater.exe (PID: 3336)
      • SupportAssistDownloadManager.exe (PID: 2764)
      • DSAPI.exe (PID: 2088)

    • Starts itself from another location

      • CSAW.exe (PID: 2648)

    • Reads Internet Cache Settings

      • appupdater.exe (PID: 3336)
      • SupportAssistUI.exe (PID: 424)

    • Adds / modifies Windows certificates

      • CSAW.exe (PID: 2648)
      • CSAW_Child.exe (PID: 2880)
      • tmp7B76.tmp.exe (PID: 372)
      • DDVRulesProcessor.exe (PID: 2212)

    • Creates files in the program directory

      • CSAW.exe (PID: 2648)
      • CSAW_Child.exe (PID: 2880)
      • 7za.exe (PID: 1796)
      • SupportAssistInstaller.exe (PID: 2800)
      • SupportAssistAgent.exe (PID: 2460)
      • DDVRulesProcessor.exe (PID: 2212)
      • installer.exe (PID: 2832)
      • DSAPI.exe (PID: 2088)
      • pcdrwi.exe (PID: 3212)
      • tmpC05F.tmp.exe (PID: 2752)
      • tmp7B76.tmp.exe (PID: 372)
      • UpdaterUI.exe (PID: 3168)
      • DDVDataCollector.exe (PID: 1996)

    • Removes files from Windows directory

      • SupportAssistInstaller.exe (PID: 2800)
      • DrvInst.exe (PID: 3440)
      • DrvInst.exe (PID: 3400)
      • DrvInst.exe (PID: 2560)
      • DrvInst.exe (PID: 3288)
      • SupportAssistAgent.exe (PID: 2460)
      • DDVRulesProcessor.exe (PID: 2212)

    • Creates files in the Windows directory

      • SupportAssistInstaller.exe (PID: 2800)
      • SupportAssistDownloadManager.exe (PID: 2764)
      • SupportAssistDownloadManager.exe (PID: 2352)
      • SupportAssistDownloadManager.exe (PID: 2432)
      • SupportAssistDownloadManager.exe (PID: 2436)
      • SupportAssistAgent.exe (PID: 2460)
      • DrvInst.exe (PID: 3440)
      • MsiExec.exe (PID: 3080)
      • DrvInst.exe (PID: 3400)
      • DrvInst.exe (PID: 2560)
      • DrvInst.exe (PID: 3288)
      • DDVRulesProcessor.exe (PID: 2212)

    • Searches for installed software

      • SupportAssistAgent.exe (PID: 2460)

    • Creates files in the driver directory

      • DrvInst.exe (PID: 3440)
      • DrvInst.exe (PID: 2560)
      • DrvInst.exe (PID: 3400)
      • DrvInst.exe (PID: 3288)

    • Starts Microsoft Installer

      • SupportAssistInstaller.exe (PID: 2800)

    • Uses NETSH.EXE for network configuration

      • SupportAssistAgent.exe (PID: 2460)

    • Changes IE settings (feature browser emulation)

      • SupportAssistUI.exe (PID: 424)

    • Reads internet explorer settings

      • SupportAssistUI.exe (PID: 424)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2152)

    • Application launched itself

      • iexplore.exe (PID: 2152)
      • msiexec.exe (PID: 2612)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2192)
      • iexplore.exe (PID: 2152)

    • Dropped object may contain URL's

      • iexplore.exe (PID: 2192)
      • iexplore.exe (PID: 2152)
      • CSAW.exe (PID: 2648)
      • aulauncher[1].exe (PID: 3980)
      • SupportAssistInstaller.exe (PID: 2800)
      • CSAW_Child.exe (PID: 2880)
      • msiexec.exe (PID: 1696)
      • appupdater.exe (PID: 3336)
      • SupportAssistAgent.exe (PID: 2460)
      • MsiExec.exe (PID: 3080)
      • 7za.exe (PID: 1796)
      • DrvInst.exe (PID: 3440)
      • DrvInst.exe (PID: 3400)
      • DrvInst.exe (PID: 2560)
      • DrvInst.exe (PID: 3288)
      • installer.exe (PID: 2832)
      • DDVRulesProcessor.exe (PID: 2212)
      • pcdrwi.exe (PID: 3212)
      • msiexec.exe (PID: 2720)
      • tmpC05F.tmp.exe (PID: 2752)
      • UpdaterUI.exe (PID: 3168)
      • tmp7B76.tmp.exe (PID: 372)
      • msiexec.exe (PID: 2612)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2192)

    • Reads settings of System Certificates

      • appupdater.exe (PID: 3336)
      • SupportAssistInstaller.exe (PID: 2800)
      • SupportAssistAgent.exe (PID: 2460)
      • tmp7B76.tmp.exe (PID: 372)
      • tmpC05F.tmp.exe (PID: 2752)
      • SupportAssistUI.exe (PID: 424)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2612)

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 2492)
      • MsiExec.exe (PID: 2348)
      • msiexec.exe (PID: 2612)
      • MsiExec.exe (PID: 864)
      • MsiExec.exe (PID: 3080)

    • Dropped object may contain Bitcoin addresses

      • msiexec.exe (PID: 2612)
      • tmp7B76.tmp.exe (PID: 372)
      • msiexec.exe (PID: 2720)

    • Creates files in the program directory

      • msiexec.exe (PID: 2612)

    • Creates or modifies windows services

      • msiexec.exe (PID: 2612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
96
Monitored processes
44
Malicious processes
22
Suspicious processes
5

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start download and start drop and start drop and start drop and start iexplore.exe iexplore.exe aulauncher[1].exe no specs aulauncher[1].exe nsd9ae.tmp no specs appupdater.exe csaw.exe csaw_child.exe 7za.exe supportassistinstaller.exe supportassistdownloadmanager.exe supportassistdownloadmanager.exe msiexec.exe no specs msiexec.exe msiexec.exe no specs supportassistagent.exe msiexec.exe no specs supportassistdownloadmanager.exe supportassistdownloadmanager.exe schtasks.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe drvinst.exe no specs drvinst.exe drvinst.exe no specs drvinst.exe ddvrulesprocessor.exe ddvdatacollector.exe ddvcollectorsvcapi.exe no specs installer.exe netsh.exe no specs netsh.exe no specs tmp7b76.tmp.exe taskmgr.exe no specs dsapi.exe dsapi.exe pcdrwi.exe tmpc05f.tmp.exe systemidlecheck.exe no specs updaterui.exe supportassist.exe filedialoghelper.exe no specs supportassistui.exe

Process information

PID
CMD
Path
Indicators
Parent process
304 GetLaunchedUIProcessID 424C:\Program Files\Dell\SupportAssistAgent\bin\FileDialogHelper.exeSupportAssistAgent.exe
User:
SYSTEM
Company:
Dell Inc.
Integrity Level:
SYSTEM
Description:
FileIDialogHelper
Exit code:
0
Version:
2.2.3.2
Modules
Images
c:\program files\dell\supportassistagent\bin\filedialoghelper.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
372"C:\Users\admin\AppData\Local\Temp\tmp7B76.tmp.exe" "C:\Program Files\Dell\SupportAssistAgent\PCDr\Installer\installer.exe" --installDirectory="C:\Program Files\Dell\SupportAssistAgent\PCDr" --variant dsc --factory 0 --silent --silent --INTERNAL_SkipMultipleInstancesCheck --INTERNAL_InvokedByCombinedInstallerC:\Users\admin\AppData\Local\Temp\tmp7B76.tmp.exe
installer.exe
User:
admin
Company:
PC-Doctor, Inc.
Integrity Level:
HIGH
Description:
SupportAssist
Exit code:
0
Version:
6.0.6992.1236
Modules
Images
c:\users\admin\appdata\local\temp\tmp7b76.tmp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
424"C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistUI.exe" launch Mode=Normal Action=HomeeC:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistUI.exe
User:
admin
Company:
Dell Inc.
Integrity Level:
UNTRUSTED
Description:
SupportAssistUI
Exit code:
0
Version:
2.2.3.2
Modules
Images
c:\program files\dell\supportassistagent\bin\supportassistui.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
864C:\Windows\system32\MsiExec.exe -Embedding A0124DC7F586A3745645AAC7FC10C103C:\Windows\system32\MsiExec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1468"C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe" InvokeWebAPICall "SaveLanguage" "en-US""C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe
User:
admin
Company:
Dell Inc.
Integrity Level:
UNTRUSTED
Description:
SupportAssist
Exit code:
0
Version:
2.2.3.2
Modules
Images
c:\program files\dell\supportassistagent\bin\supportassist.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1660"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUFVP8I9\aulauncher[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUFVP8I9\aulauncher[1].exeiexplore.exe
User:
admin
Company:
Dell Inc
Integrity Level:
MEDIUM
Description:
SupportAssist
Exit code:
3221226540
Version:
1.0.6746.47
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\gufvp8i9\aulauncher[1].exe
c:\systemroot\system32\ntdll.dll
1696"msiexec.exe" /i C:\Windows\TEMP\SupportAssistAgent\LauncherAutoUpdate\SupportAssistx86-2.2.3.2.msi /qn REBOOT=ReallySuppress /norestartC:\Windows\system32\msiexec.exeSupportAssistInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1796"C:\ProgramData\PCDr\Installer\fpbvbqh4.zs0\7za.exe" x -o"C:\ProgramData\PCDr\Installer\fpbvbqh4.zs0\Extracted" -y "C:\ProgramData\PCDr\Installer\fpbvbqh4.zs0\SupportAssistInstaller.exe"C:\ProgramData\PCDr\Installer\fpbvbqh4.zs0\7za.exe
CSAW_Child.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
HIGH
Description:
7-Zip Standalone Console
Exit code:
0
Version:
9.20
Modules
Images
c:\programdata\pcdr\installer\fpbvbqh4.zs0\7za.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1896"C:\Windows\system32\taskmgr.exe" /4C:\Windows\system32\taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Task Manager
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1996"C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe"C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
services.exe
User:
SYSTEM
Company:
Dell Inc.
Integrity Level:
SYSTEM
Description:
Dell Data Vault Data Collector Service
Exit code:
0
Version:
5.2.5.81
Modules
Images
c:\program files\dell\delldatavault\ddvdatacollector.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
6 478
Read events
3 222
Write events
3 159
Delete events
97

Modification events

(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000048000000010000000000000000000000000000000000000000000000B096B68868EBD301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000D8BFD602040000000000000000000000000000000000000000000000F4BFD602040000000000000000000000000000000000000000000000D8372A0000000000FFFFFFFF000000000000000000000000010000002E00000000000000000000000000000002000000C0A801640000000000000000D84ED505AC02000005000000010000000000000000000000010000000000000000000000BF060000000000000000000000000000000000001000000088C0D60204000000000000000000000000000000000000000000000000000000C8E40C00000000000C0000000000000000000000
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{16F832C9-95AA-11E8-ACE5-5254004AAD11}
Value:
0
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
10
(PID) Process:(2152) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E20708000300010010002C0001000B00
Executable files
380
Suspicious files
102
Text files
926
Unknown types
93

Dropped files

PID
Process
Filename
Type
2152iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHUAAB7W\favicon[1].ico
MD5:
SHA256:
2152iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2192iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018071620180717\index.dat
MD5:
SHA256:
2192iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DATsmt
MD5:
SHA256:
3980aulauncher[1].exeC:\Users\admin\AppData\Roaming\PCDr\Installer\Logs\aulauncher.logtext
MD5:
SHA256:
2152iexplore.exeC:\Users\admin\AppData\Local\Temp\StructuredQuery.logtext
MD5:
SHA256:
2192iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MJG226QK\dnserror[1]html
MD5:68E03ED57EC741A4AFBBCD11FAB1BDBE
SHA256:1FF3334C3EB27033F8F37029FD72F648EDD4551FCE85FC1F5159FEAEA1439630
2192iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5A31W00O\noConnect[1]image
MD5:3CB8FACCD5DE434D415AB75C17E8FD86
SHA256:6976C426E3AC66D66303C114B22B2B41109A7DE648BA55FFC3E5A53BD0DB09E7
2152iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUFVP8I9\aulauncher[1].exe:Zone.Identifiertext
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
2192iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSILEDM7\down[1]image
MD5:555E83CE7F5D280D7454AF334571FB25
SHA256:70F316A5492848BB8242D49539468830B353DDAA850964DB4E60A6D2D7DB4880
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
69
DNS requests
21
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3336
appupdater.exe
GET
200
23.37.43.27:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D
NL
der
1.71 Kb
whitelisted
3336
appupdater.exe
GET
200
93.184.220.29:80
http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer
US
text
1.77 Kb
whitelisted
3336
appupdater.exe
GET
200
2.18.232.183:80
http://content.dellsupportcenter.com/updates/master/master_6746_dsc.xml
unknown
xml
652 b
suspicious
3336
appupdater.exe
GET
200
2.18.232.183:80
http://content.dellsupportcenter.com/mstr/current.xml
unknown
text
373 b
suspicious
3336
appupdater.exe
GET
200
23.37.43.27:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE%2FlB8ILcQ1m6ShHvICEBXkP9stRAkHuP7yYnXWys8%3D
NL
der
1.63 Kb
whitelisted
3336
appupdater.exe
GET
200
23.37.43.27:80
http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEBTUeF0Js47o0lLrwC%2BxHsE%3D
NL
der
1.62 Kb
whitelisted
3336
appupdater.exe
GET
200
2.18.232.183:80
http://content.dellsupportcenter.com/updates/tora/6992/1111/00/app_spec/dsc_6746.xml
unknown
xml
12.1 Kb
suspicious
3336
appupdater.exe
GET
200
23.37.43.27:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEBlGuoyK4jjheD0lLLpItG4%3D
NL
der
1.62 Kb
whitelisted
3336
appupdater.exe
GET
200
2.18.232.183:80
http://content.dellsupportcenter.com/updates/tora/6992/1111/00/rules/rules_dsc_6746_47.xml
unknown
xml
2.59 Kb
suspicious
3336
appupdater.exe
GET
200
23.37.43.27:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEH9IjqmlpJ%2BCUCOOr457bEU%3D
NL
der
1.62 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2192
iexplore.exe
2.18.232.183:80
content.dellsupportcenter.com
Akamai International B.V.
whitelisted
2152
iexplore.exe
13.107.21.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3336
appupdater.exe
2.18.232.183:80
content.dellsupportcenter.com
Akamai International B.V.
whitelisted
2192
iexplore.exe
2.18.232.183:443
content.dellsupportcenter.com
Akamai International B.V.
whitelisted
2880
CSAW_Child.exe
2.18.232.183:80
content.dellsupportcenter.com
Akamai International B.V.
whitelisted
2648
CSAW.exe
205.185.216.10:80
www.download.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2880
CSAW_Child.exe
52.46.128.67:443
firehose.us-east-1.amazonaws.com
US
unknown
2764
SupportAssistDownloadManager.exe
172.227.84.40:443
downloads.dell.com
Akamai Technologies, Inc.
US
whitelisted
2648
CSAW.exe
52.222.163.23:80
x.ss2.us
Amazon.com, Inc.
US
unknown
2880
CSAW_Child.exe
172.227.84.40:443
downloads.dell.com
Akamai Technologies, Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
content.dellsupportcenter.com
  • 2.18.232.183
suspicious
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
sf.symcb.com
  • 93.184.220.29
whitelisted
ocsp.verisign.com
  • 23.37.43.27
whitelisted
sf.symcd.com
  • 23.37.43.27
whitelisted
csc3-2009-2-aia.verisign.com
  • 93.184.220.29
whitelisted
csc3-2010-aia.verisign.com
  • 93.184.220.29
whitelisted
sv.symcb.com
  • 93.184.220.29
whitelisted
s2.symcb.com
  • 23.37.43.27
whitelisted
sv.symcd.com
  • 23.37.43.27
shared

Threats

PID
Process
Class
Message
3336
appupdater.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
2880
CSAW_Child.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Generic malicious VBA-macro loader
3212
pcdrwi.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Generic malicious VBA-macro loader
3168
UpdaterUI.exe
A Network Trojan was detected
SC TROJAN_DOWNLOADER Generic malicious VBA-macro loader
Process
Message
SupportAssistAgent.exe
Native library pre-loader is trying to load native SQLite library "C:\Program Files\Dell\SupportAssistAgent\bin\x86\sqlite3.dll"...
DDVRulesProcessor.exe
DDVRulesProcessor.exe
REPORT_ERROR:
DDVRulesProcessor.exe
InitGlobals: WmiGetServiceTag failed
DDVRulesProcessor.exe
DDVRulesProcessor.exe
DDVRulesProcessor.exe
REPORT_ERROR:
DDVRulesProcessor.exe
Started DDVRulesProcessor 5.2.5.81
DDVRulesProcessor.exe
DDVDataCollector.exe
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://content.dellsupportcenter.com:80/updates/aulauncher.exe