File name:

GTA Vice City.exe

Full analysis: https://app.any.run/tasks/b6fd0aa5-01ed-4959-a6db-3b46bf63be40
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 01, 2024, 09:56:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
MD5:

40547625A1941556030D9A8A13DF3423

SHA1:

ADAFFFFF2F02FB561CC4C290B9C9362DF2D679C3

SHA256:

CFAB6184D583C24063862EBDAE16022B5514BA4BA53AE7DEBE113720DB6E8FB1

SSDEEP:

3072:5RwJJAMuPCVVHSBzc4sSWq3zpKAqgK0kB2u5p40lRmn3q5VwVh:8P0CVVHZ4seDpRK0UPm3V

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • GTA Vice City.exe (PID: 2936)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • GTA Vice City.exe (PID: 2936)

    • Reads settings of System Certificates

      • biclient.exe (PID: 2944)

    • Reads the Internet Settings

      • biclient.exe (PID: 2944)
      • biclient.exe (PID: 1524)
      • biclient.exe (PID: 2016)
      • biclient.exe (PID: 3508)
      • biclient.exe (PID: 2112)
      • biclient.exe (PID: 1948)

    • Reads security settings of Internet Explorer

      • biclient.exe (PID: 2944)
      • biclient.exe (PID: 1524)
      • biclient.exe (PID: 2016)
      • biclient.exe (PID: 3508)
      • biclient.exe (PID: 1948)
      • biclient.exe (PID: 2112)

    • Adds/modifies Windows certificates

      • biclient.exe (PID: 2944)

    • Checks Windows Trust Settings

      • biclient.exe (PID: 2944)

    • Reads Microsoft Outlook installation path

      • biclient.exe (PID: 2944)
      • biclient.exe (PID: 1524)
      • biclient.exe (PID: 2016)
      • biclient.exe (PID: 1948)
      • biclient.exe (PID: 2112)
      • biclient.exe (PID: 3508)

    • Access to an unwanted program domain was detected

      • biclient.exe (PID: 2944)

    • Reads Internet Explorer settings

      • biclient.exe (PID: 2944)

  • INFO

    • Checks supported languages

      • wmpnscfg.exe (PID: 3220)
      • GTA Vice City.exe (PID: 2936)
      • biclient.exe (PID: 2944)
      • biclient.exe (PID: 1524)
      • biclient.exe (PID: 2016)
      • biclient.exe (PID: 3508)
      • biclient.exe (PID: 1948)
      • biclient.exe (PID: 2112)

    • Create files in a temporary directory

      • GTA Vice City.exe (PID: 2936)

    • Reads the computer name

      • GTA Vice City.exe (PID: 2936)
      • biclient.exe (PID: 2944)
      • biclient.exe (PID: 2016)
      • biclient.exe (PID: 1524)
      • biclient.exe (PID: 3508)
      • biclient.exe (PID: 1948)
      • biclient.exe (PID: 2112)
      • wmpnscfg.exe (PID: 3220)

    • Reads the machine GUID from the registry

      • biclient.exe (PID: 2944)
      • biclient.exe (PID: 1524)
      • biclient.exe (PID: 2016)
      • biclient.exe (PID: 3508)
      • biclient.exe (PID: 2112)
      • biclient.exe (PID: 1948)

    • Creates files or folders in the user directory

      • biclient.exe (PID: 2944)

    • Reads the software policy settings

      • biclient.exe (PID: 2944)

    • Manual execution by a user

      • biclient.exe (PID: 1524)
      • explorer.exe (PID: 2556)
      • biclient.exe (PID: 2016)
      • biclient.exe (PID: 3508)
      • biclient.exe (PID: 2112)
      • biclient.exe (PID: 1948)

    • Checks proxy server information

      • biclient.exe (PID: 2944)
      • biclient.exe (PID: 1524)
      • biclient.exe (PID: 2016)
      • biclient.exe (PID: 3508)
      • biclient.exe (PID: 2112)
      • biclient.exe (PID: 1948)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (91.9)
.exe | Win32 Executable MS Visual C++ (generic) (3.3)
.exe | Win64 Executable (generic) (3)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:12:17 09:14:12+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.56
CodeSize: 29184
InitializedDataSize: 14848
UninitializedDataSize: 110592
EntryPoint: 0x39ac
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.1.0.0
ProductVersionNumber: 2.1.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
CompanyName: -
FileDescription: Powered by BetterInstaller
FileVersion: 2.1.0.0
LegalCopyright: -
ProductName: -
ProductVersion: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
57
Monitored processes
10
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start gta vice city.exe biclient.exe explorer.exe no specs biclient.exe no specs biclient.exe biclient.exe no specs biclient.exe no specs biclient.exe no specs wmpnscfg.exe no specs gta vice city.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1524"C:\Users\admin\AppData\Local\Temp\biclient.exe" C:\Users\admin\AppData\Local\Temp\biclient.exeexplorer.exe
User:
admin
Company:
Somoto Ltd.
Integrity Level:
MEDIUM
Description:
Better Installer Host
Exit code:
0
Version:
2.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\biclient.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1948"C:\Users\admin\AppData\Local\Temp\biclient.exe" C:\Users\admin\AppData\Local\Temp\biclient.exeexplorer.exe
User:
admin
Company:
Somoto Ltd.
Integrity Level:
MEDIUM
Description:
Better Installer Host
Exit code:
0
Version:
2.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\biclient.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
2016"C:\Users\admin\AppData\Local\Temp\biclient.exe" C:\Users\admin\AppData\Local\Temp\biclient.exe
explorer.exe
User:
admin
Company:
Somoto Ltd.
Integrity Level:
HIGH
Description:
Better Installer Host
Exit code:
0
Version:
2.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\biclient.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
2112"C:\Users\admin\AppData\Local\Temp\biclient.exe" C:\Users\admin\AppData\Local\Temp\biclient.exeexplorer.exe
User:
admin
Company:
Somoto Ltd.
Integrity Level:
MEDIUM
Description:
Better Installer Host
Exit code:
0
Version:
2.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\biclient.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
2556"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2936"C:\Users\admin\Desktop\GTA Vice City.exe" C:\Users\admin\Desktop\GTA Vice City.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Powered by BetterInstaller
Exit code:
0
Version:
2.1.0.0
Modules
Images
c:\users\admin\desktop\gta vice city.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
2944"C:\Users\admin\AppData\Local\Temp\biclient.exe" /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid "network_smb_asoft" /id "7zipggdb" /name "7-Zip" /uniqid GTA Vice City C:\Users\admin\AppData\Local\Temp\biclient.exe
GTA Vice City.exe
User:
admin
Company:
Somoto Ltd.
Integrity Level:
HIGH
Description:
Better Installer Host
Version:
2.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\biclient.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
3220"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3332"C:\Users\admin\Desktop\GTA Vice City.exe" C:\Users\admin\Desktop\GTA Vice City.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Powered by BetterInstaller
Exit code:
3221226540
Version:
2.1.0.0
Modules
Images
c:\users\admin\desktop\gta vice city.exe
c:\windows\system32\ntdll.dll
3508"C:\Users\admin\AppData\Local\Temp\biclient.exe" C:\Users\admin\AppData\Local\Temp\biclient.exeexplorer.exe
User:
admin
Company:
Somoto Ltd.
Integrity Level:
MEDIUM
Description:
Better Installer Host
Exit code:
0
Version:
2.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\biclient.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
12 356
Read events
12 228
Write events
97
Delete events
31

Modification events

(PID) Process:(2936) GTA Vice City.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
Operation:writeName:PendingFileRenameOperations
Value:
\??\C:\Users\admin\AppData\Local\Temp\biclient.exe
(PID) Process:(2944) biclient.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2944) biclient.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2944) biclient.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2944) biclient.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2944) biclient.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2944) biclient.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(2944) biclient.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(2944) biclient.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(2944) biclient.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
Executable files
1
Suspicious files
22
Text files
45
Unknown types
8

Dropped files

PID
Process
Filename
Type
2944biclient.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\domain_profile[1].htmhtml
MD5:CA1D1DF2A9E22F22F7E557212DC3C3C7
SHA256:E29775E3D973E2145C77AD872A2163FCCECC160D5220013347CC27842AB59963
2944biclient.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:DDEC6DC63249E1B64BD6E30B1BB0BD8A
SHA256:0D96F7826097C0E891F9D990B1CA1BBA542222CCF2A1AC829E089BC0D2183801
2944biclient.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\QG8K19P3.txttext
MD5:E00A52247974BD05D09FDCE2EB12E615
SHA256:026369B1A84AB383D8B761AF73004699490F546DBF719AE68C3E4799846BA50C
2944biclient.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199binary
MD5:8D1040B12A663CA4EC7277CFC1CE44F0
SHA256:3086094D4198A5BBD12938B0D2D5F696C4DFC77E1EAE820ADDED346A59AA8727
2944biclient.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199binary
MD5:72C0EEB07ED0CF8D714BDFF2146F0361
SHA256:B54DF8979112138CFA3AFE70200F21A9435E2B18318CFA29084A3808196882B8
2944biclient.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419der
MD5:465F6EE51DA5EBC884590039B43975C7
SHA256:A73FEAAAB0D2EC4318BDB65353BB4C59ADDF1C70F8CFDEBEC6A87B4802D66216
2944biclient.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\reboot.min[1].csstext
MD5:51B8B71098EEED2C55A4534E48579A16
SHA256:BD78E3BCC569D029E7C709144E4038DEDE4D92A143E77BC46E4F15913769758B
2944biclient.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\responsive[1].csstext
MD5:4998FE22F90EACCE5AA2EC3B3B37BD81
SHA256:93FCBFCA018780A8AF6E48A2C4CD6F7AD314730440236C787D581E2CEF1AB8F8
2944biclient.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:C41194EC6E087A4A036A1B142AF648DC
SHA256:4443A48313A8245B4EFE77701BD302EDD16CF50DF503791D0386645F75B2FC9F
2936GTA Vice City.exeC:\Users\admin\AppData\Local\Temp\config.initext
MD5:B4C2D212E20AEA65CEB77228A6E4AFEF
SHA256:31856A0DE78B89DCEEEA215065090059C47810428189B3A0D19074106DDE601C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
33
DNS requests
24
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2944
biclient.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
unknown
2944
biclient.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?87d2523899126b4f
unknown
unknown
2944
biclient.exe
GET
302
52.86.6.113:80
http://bi.bisrv.com/network_smb_asoft/7zipggdb/ab8c3e447ddf744c85be4a642b9d3d67?v=2.1&uid=ab8c3e447ddf744c85be4a642b9d3d67&muid=05E28309B8D1983AA928469025E49813
unknown
unknown
2944
biclient.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
unknown
unknown
2944
biclient.exe
GET
200
216.58.206.67:80
http://c.pki.goog/r/r1.crl
unknown
unknown
2944
biclient.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
unknown
2944
biclient.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
unknown
2944
biclient.exe
GET
200
216.58.206.67:80
http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQCmrOqyXa%2F%2FgRBajssQLKXU
unknown
unknown
2944
biclient.exe
GET
200
216.58.206.67:80
http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD6XznazuPu%2BxDsBhjsCTDO
unknown
unknown
2944
biclient.exe
GET
200
216.58.206.67:80
http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEDzB%2BrH%2BcR2lEC3VaK3WaPU%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1372
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
2564
svchost.exe
239.255.255.250:3702
whitelisted
2944
biclient.exe
52.86.6.113:80
bi.bisrv.com
AMAZON-AES
US
unknown
4
System
192.168.100.255:138
whitelisted
2944
biclient.exe
104.26.6.37:443
www.hugedomains.com
CLOUDFLARENET
US
shared
2944
biclient.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2944
biclient.exe
216.58.206.67:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2944
biclient.exe
104.18.186.31:443
cdn.jsdelivr.net
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
bi.bisrv.com
  • 52.86.6.113
  • 3.94.41.167
malicious
www.hugedomains.com
  • 104.26.6.37
  • 104.26.7.37
  • 172.67.70.191
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.pki.goog
  • 216.58.206.67
whitelisted
www.googletagmanager.com
  • 142.250.186.40
whitelisted
cdn.jsdelivr.net
  • 104.18.186.31
  • 104.18.187.31
whitelisted
fonts.googleapis.com
  • 142.250.185.170
whitelisted
use.typekit.net
  • 2.19.126.206
  • 2.19.126.225
whitelisted
cdn-cookieyes.com
  • 172.67.20.8
  • 104.22.58.91
  • 104.22.59.91
whitelisted
static.hugedomains.com
  • 104.26.6.37
  • 104.26.7.37
  • 172.67.70.191
unknown

Threats

PID
Process
Class
Message
2944
biclient.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP BetterInstaller
1060
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GTA Vice City.exe