Malware analysis fcpro_2.3.3.6635_web_installer.exe Malicious activity

Add for printing

File name:	fcpro_2.3.3.6635_web_installer.exe
Full analysis:	https://app.any.run/tasks/85af3e69-5141-41af-a886-037f0f30a6dc
Verdict:	Malicious activity
Analysis date:	February 24, 2024, 12:48:43
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	AD2075584B0FBF7479191D19741EB0E7
SHA1:	9D8C2F69BAEA60F5FA8DCCC0325F6EEE378338F7
SHA256:	DB61F83E41631D0710FE62BC3F1A67C21CED65D74FDA549BE4BFD6E8F3469161
SSDEEP:	49152:9BEZGDA+947lScGeQNTty6l/7LjpfYln4gl3f274+ERV49f5j881fhtj8B3F/oCm:ryGrqkA+TtyY/7pY5LleaRQ18KTkFlE7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - fcpro_2.3.3.6635_web_installer.exe (PID: 3240)
  - fcpro_2.3.3.6635_web_installer.exe (PID: 1776)
  - fcpro_2.3.3.6635_web_installer.tmp (PID: 2964)
  - WebInstallerEngine.exe (PID: 3180)
SUSPICIOUS
- Executable content was dropped or overwritten
  - fcpro_2.3.3.6635_web_installer.exe (PID: 3240)
  - fcpro_2.3.3.6635_web_installer.exe (PID: 1776)
  - fcpro_2.3.3.6635_web_installer.tmp (PID: 2964)
  - WebInstallerEngine.exe (PID: 3180)
- Process drops legitimate windows executable
  - fcpro_2.3.3.6635_web_installer.tmp (PID: 2964)
  - WebInstallerEngine.exe (PID: 3180)
- Reads the Windows owner or organization settings
  - fcpro_2.3.3.6635_web_installer.tmp (PID: 2964)
- Reads the Internet Settings
  - RegAsm.exe (PID: 2752)
  - WebInstallerEngine.exe (PID: 3180)
  - WebInstallerEngine.exe (PID: 2232)
- Creates/Modifies COM task schedule object
  - RegAsm.exe (PID: 2752)
- Uses NETSH.EXE to add a firewall rule or allowed programs
  - fcpro_2.3.3.6635_web_installer.tmp (PID: 2964)
- Reads settings of System Certificates
  - WebInstallerEngine.exe (PID: 2232)
  - WebInstallerEngine.exe (PID: 3180)
- Reads security settings of Internet Explorer
  - RegAsm.exe (PID: 2752)
- Drops a system driver (possible attempt to evade defenses)
  - WebInstallerEngine.exe (PID: 3180)
INFO
- Checks supported languages
  - fcpro_2.3.3.6635_web_installer.exe (PID: 3240)
  - fcpro_2.3.3.6635_web_installer.tmp (PID: 2964)
  - fcpro_2.3.3.6635_web_installer.exe (PID: 1776)
  - fcpro_2.3.3.6635_web_installer.tmp (PID: 3668)
  - RegAsm.exe (PID: 2752)
  - WebInstallerEngine.exe (PID: 2232)
  - WebInstallerEngine.exe (PID: 3180)
- Create files in a temporary directory
  - fcpro_2.3.3.6635_web_installer.exe (PID: 3240)
  - fcpro_2.3.3.6635_web_installer.exe (PID: 1776)
  - fcpro_2.3.3.6635_web_installer.tmp (PID: 2964)
  - WebInstallerEngine.exe (PID: 3180)
- Reads the computer name
  - fcpro_2.3.3.6635_web_installer.tmp (PID: 3668)
  - RegAsm.exe (PID: 2752)
  - fcpro_2.3.3.6635_web_installer.tmp (PID: 2964)
  - WebInstallerEngine.exe (PID: 2232)
  - WebInstallerEngine.exe (PID: 3180)
- Reads the machine GUID from the registry
  - RegAsm.exe (PID: 2752)
  - fcpro_2.3.3.6635_web_installer.tmp (PID: 2964)
  - WebInstallerEngine.exe (PID: 2232)
  - WebInstallerEngine.exe (PID: 3180)
- Reads the software policy settings
  - WebInstallerEngine.exe (PID: 2232)
  - WebInstallerEngine.exe (PID: 3180)
- Reads Environment values
  - WebInstallerEngine.exe (PID: 2232)
  - WebInstallerEngine.exe (PID: 3180)
- Creates files in the program directory
  - WebInstallerEngine.exe (PID: 3180)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Inno Setup installer (71.1)
.exe	\|	Win32 Executable Delphi generic (9.1)
.scr	\|	Windows screen saver (8.4)
.dll	\|	Win32 Dynamic Link Library (generic) (4.2)
.exe	\|	Win32 Executable (generic) (2.9)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	1992:06:19 22:22:17+00:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType:	PE32
LinkerVersion:	2.25
CodeSize:	40448
InitializedDataSize:	17920
UninitializedDataSize:	-
EntryPoint:	0xa5f8
OSVersion:	1
ImageVersion:	6
SubsystemVersion:	4
Subsystem:	Windows GUI
FileVersionNumber:	2.3.3.6635
ProductVersionNumber:	2.3.3.6635
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	This installation was built with Inno Setup.
CompanyName:	Viavi
FileDescription:
FileVersion:	2.3.3.6635
LegalCopyright:
ProductName:
ProductVersion:	2.3.3.6635

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1776

"C:\Users\admin\AppData\Local\Temp\fcpro_2.3.3.6635_web_installer.exe" /SPAWNWND=$1A01BC /NOTIFYWND=$E0170

C:\Users\admin\AppData\Local\Temp\fcpro_2.3.3.6635_web_installer.exe

fcpro_2.3.3.6635_web_installer.tmp

User:

admin

Company:

Viavi

Integrity Level:

HIGH

Description:

Exit code:

Version:

2.3.3.6635

Modules

Images
c:\users\admin\appdata\local\temp\fcpro_2.3.3.6635_web_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll

2232

"C:\Users\admin\AppData\Local\Temp\is-BBJPU.tmp\WebInstallerEngine.exe" /checkinternet

C:\Users\admin\AppData\Local\Temp\is-BBJPU.tmp\WebInstallerEngine.exe

fcpro_2.3.3.6635_web_installer.tmp

User:

admin

Company:

JDSU

Integrity Level:

HIGH

Description:

WebInstallerEngine

Exit code:

Version:

1.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-bbjpu.tmp\webinstallerengine.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

2752

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" /codebase "C:\Users\admin\AppData\Local\Temp\is-BBJPU.tmp\..\is-temp\InstallerUtils.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

—

fcpro_2.3.3.6635_web_installer.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft .NET Assembly Registration Utility

Exit code:

Version:

4.8.3761.0 built by: NET48REL1

Modules

Images
c:\windows\microsoft.net\framework\v4.0.30319\regasm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll

2964

"C:\Users\admin\AppData\Local\Temp\is-T17MB.tmp\fcpro_2.3.3.6635_web_installer.tmp" /SL5="$19013E,1271752,56832,C:\Users\admin\AppData\Local\Temp\fcpro_2.3.3.6635_web_installer.exe" /SPAWNWND=$1A01BC /NOTIFYWND=$E0170

C:\Users\admin\AppData\Local\Temp\is-T17MB.tmp\fcpro_2.3.3.6635_web_installer.tmp

fcpro_2.3.3.6635_web_installer.exe

User:

admin

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.52.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-t17mb.tmp\fcpro_2.3.3.6635_web_installer.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll

3180

"C:\Users\admin\AppData\Local\Temp\is-BBJPU.tmp\WebInstallerEngine.exe" download /log "C:\Program Files\Viavi\FiberChekPRO\WebInstaller.log" /dest "C:\Users\admin\AppData\Local\Temp\FiberChekPRO\WebInstaller" /urlbase "https://jdsufit.blob.core.windows.net/fiberchekpro/versions/2.3.3" /app "C:\Program Files\Viavi\FiberChekPRO" /index "C:\Users\admin\AppData\Local\Temp\is-BBJPU.tmp\InstallerFileIndex.xml" /title "Downloading Required Files" /edition STD /components FiberChekPRO Automation /ownerhandle 1900978

C:\Users\admin\AppData\Local\Temp\is-BBJPU.tmp\WebInstallerEngine.exe

fcpro_2.3.3.6635_web_installer.tmp

User:

admin

Company:

JDSU

Integrity Level:

HIGH

Description:

WebInstallerEngine

Exit code:

Version:

1.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-bbjpu.tmp\webinstallerengine.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

3212

"netsh.exe" advfirewall firewall add rule name=FCProWebInstaller dir=out program="C:\Users\admin\AppData\Local\Temp\is-BBJPU.tmp\WebInstallerEngine.exe" profile=any action=allow

C:\Windows\System32\netsh.exe

—

fcpro_2.3.3.6635_web_installer.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Network Command Shell

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll

3240

"C:\Users\admin\AppData\Local\Temp\fcpro_2.3.3.6635_web_installer.exe"

C:\Users\admin\AppData\Local\Temp\fcpro_2.3.3.6635_web_installer.exe

explorer.exe

User:

admin

Company:

Viavi

Integrity Level:

MEDIUM

Description:

Exit code:

Version:

2.3.3.6635

Modules

Images
c:\users\admin\appdata\local\temp\fcpro_2.3.3.6635_web_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll

3668

"C:\Users\admin\AppData\Local\Temp\is-6730I.tmp\fcpro_2.3.3.6635_web_installer.tmp" /SL5="$E0170,1271752,56832,C:\Users\admin\AppData\Local\Temp\fcpro_2.3.3.6635_web_installer.exe"

C:\Users\admin\AppData\Local\Temp\is-6730I.tmp\fcpro_2.3.3.6635_web_installer.tmp

—

fcpro_2.3.3.6635_web_installer.exe

User:

admin

Integrity Level:

MEDIUM

Description:

Setup/Uninstall

Exit code:

Version:

51.52.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-6730i.tmp\fcpro_2.3.3.6635_web_installer.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll

Add for printing

Total events

12 066

Read events

11 934

Write events

129

Delete events

Modification events


(PID) Process:	(2964) fcpro_2.3.3.6635_web_installer.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Owner
Value: 940B0000E8E032D31F67DA01
(PID) Process:	(2964) fcpro_2.3.3.6635_web_installer.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:	write	Name:	SessionHash
Value: 52E70411E43CFE14AFE85C3CCF9E4AC04AAE321EFCA5508F342E2016A73CE6A5
(PID) Process:	(2964) fcpro_2.3.3.6635_web_installer.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Sequence
Value: 1
(PID) Process:	(2752) RegAsm.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(2752) RegAsm.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(2752) RegAsm.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(2752) RegAsm.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(2752) RegAsm.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39275528-A2A6-4382-A040-2593C0E8D2A7}\InprocServer32
Operation:	write	Name:	ThreadingModel
Value: Both
(PID) Process:	(2752) RegAsm.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39275528-A2A6-4382-A040-2593C0E8D2A7}\InprocServer32
Operation:	write	Name:	Class
Value: JDSU.FIT.FiberChek.Installer.InstallerUtils
(PID) Process:	(2752) RegAsm.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39275528-A2A6-4382-A040-2593C0E8D2A7}\InprocServer32
Operation:	write	Name:	Assembly
Value: InstallerUtils, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null

Add for printing

Executable files

Suspicious files

Text files

116

Unknown types

Dropped files

PID	Process	Filename		Type
2964	fcpro_2.3.3.6635_web_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-temp\InstallerUtils.exe		executable
		MD5:A168DDB6468850FE27FF4FF8FA6702CA	SHA256:9367922593DED69C8D6D6F26B8F550BCF301B0E9A467209916D35ABB01787052
3180	WebInstallerEngine.exe	C:\Users\admin\AppData\Local\Temp\FiberChekPRO\WebInstaller\Database\ConnectorDefinitions\MPO 16x1.fccon		xml
		MD5:199376AD70A0F6519F07AE1744631EDE	SHA256:CAA441FE28CDCB65B4A4392D06D7D296C474472661525F439103937E67FCF7DB
2964	fcpro_2.3.3.6635_web_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-BBJPU.tmp\InstallerUtils.exe.config		xml
		MD5:B126772B9539EB6054A301E92CE94C0E	SHA256:3E943A74C70F7C89DD1D14F1F3084BAF6B4D4F79F6FAF7F0E2906EBD0AA06ED4
1776	fcpro_2.3.3.6635_web_installer.exe	C:\Users\admin\AppData\Local\Temp\is-T17MB.tmp\fcpro_2.3.3.6635_web_installer.tmp		executable
		MD5:2C10DB017057DCE22651243244E4FEE6	SHA256:E442E83C27E94BC37EB6C02411A88EDD8CB83777D50312B9EF7BFC214C4CC7B2
2964	fcpro_2.3.3.6635_web_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-BBJPU.tmp\InstallerUtils.exe		executable
		MD5:A168DDB6468850FE27FF4FF8FA6702CA	SHA256:9367922593DED69C8D6D6F26B8F550BCF301B0E9A467209916D35ABB01787052
2964	fcpro_2.3.3.6635_web_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-BBJPU.tmp\WebInstallerEngine.exe.config		xml
		MD5:B126772B9539EB6054A301E92CE94C0E	SHA256:3E943A74C70F7C89DD1D14F1F3084BAF6B4D4F79F6FAF7F0E2906EBD0AA06ED4
3180	WebInstallerEngine.exe	C:\Users\admin\AppData\Local\Temp\FiberChekPRO\WebInstaller\Database\ConnectorDefinitions\MPO 12x1.fccon		xml
		MD5:AEB32391A0F51BA7D4C78CE48F331474	SHA256:B703B02FD23E81EF08BBC4ACFB3AADEE17D9BAF77CA6EECEE8D7BE1A60CB8B7C
3180	WebInstallerEngine.exe	C:\Users\admin\AppData\Local\Temp\FiberChekPRO\WebInstaller\Database\ConnectorDefinitions\MPO 12x2.fccon		xml
		MD5:230009D0DB1A01ABFB9A06A07E6E58A9	SHA256:74D0B1C82673FEA24852CB7B518C48A0149F9071B48CCE751319AB35E3C3A4E3
3240	fcpro_2.3.3.6635_web_installer.exe	C:\Users\admin\AppData\Local\Temp\is-6730I.tmp\fcpro_2.3.3.6635_web_installer.tmp		executable
		MD5:2C10DB017057DCE22651243244E4FEE6	SHA256:E442E83C27E94BC37EB6C02411A88EDD8CB83777D50312B9EF7BFC214C4CC7B2
3180	WebInstallerEngine.exe	C:\Users\admin\AppData\Local\Temp\FiberChekPRO\WebInstaller\Database\ConnectorDefinitions\Simplex.fccon		xml
		MD5:A0E4BB95B890583C829626BBB730C576	SHA256:8FBB9668C68EA14B273C5E221D4FE824C1DC739DECA23D004C67933157A1ECB3

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

No HTTP requests

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
2232	WebInstallerEngine.exe	52.238.56.180:443	jdsufit.blob.core.windows.net	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
3180	WebInstallerEngine.exe	52.238.56.180:443	jdsufit.blob.core.windows.net	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted

DNS requests

Domain	IP	Reputation
jdsufit.blob.core.windows.net	52.238.56.180	unknown

Threats

No threats detected

Add for printing

Process	Message
WebInstallerEngine.exe	WebInstallerEngine: 2024-02-24 12:48:55.520 DEBUG: Starting WebInstallerEngine.exe
WebInstallerEngine.exe	WebInstallerEngine: 2024-02-24 12:49:20.740 DEBUG: Starting WebInstallerEngine.exe
WebInstallerEngine.exe	WebInstallerEngine: 2024-02-24 12:49:20.905 DEBUG: FileIndex has 491 files. Determined that 487 files are needed:
WebInstallerEngine.exe	WebInstallerEngine: 2024-02-24 12:49:20.907 DEBUG: "Database\ConnectorDefinitions\MPO 12x1.fccon"
WebInstallerEngine.exe	WebInstallerEngine: 2024-02-24 12:49:20.907 DEBUG: "Database\ConnectorDefinitions\MPO 12x2.fccon"
WebInstallerEngine.exe	WebInstallerEngine: 2024-02-24 12:49:20.907 DEBUG: "Database\ConnectorDefinitions\MPO 16x1.fccon"
WebInstallerEngine.exe	WebInstallerEngine: 2024-02-24 12:49:20.907 DEBUG: "Database\ConnectorDefinitions\MPO 16x2.fccon"
WebInstallerEngine.exe	WebInstallerEngine: 2024-02-24 12:49:20.907 DEBUG: "Database\ConnectorDefinitions\MPO 8x1.fccon"
WebInstallerEngine.exe	WebInstallerEngine: 2024-02-24 12:49:20.907 DEBUG: "Database\ConnectorDefinitions\MPO 8x2 [24].fccon"
WebInstallerEngine.exe	WebInstallerEngine: 2024-02-24 12:49:20.907 DEBUG: "Database\ConnectorDefinitions\Simplex.fccon"

General Info

fcpro_2.3.3.6635_web_installer.exe

AD2075584B0FBF7479191D19741EB0E7

9D8C2F69BAEA60F5FA8DCCC0325F6EEE378338F7

DB61F83E41631D0710FE62BC3F1A67C21CED65D74FDA549BE4BFD6E8F3469161

49152:9BEZGDA+947lScGeQNTty6l/7LjpfYln4gl3f274+ERV49f5j881fhtj8B3F/oCm:ryGrqkA+TtyY/7pY5LleaRQ18KTkFlE7

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Executable content was dropped or overwritten

Process drops legitimate windows executable

Reads the Windows owner or organization settings

Reads the Internet Settings

Creates/Modifies COM task schedule object

Uses NETSH.EXE to add a firewall rule or allowed programs

Reads settings of System Certificates

Reads security settings of Internet Explorer

Drops a system driver (possible attempt to evade defenses)

INFO

Checks supported languages

Create files in a temporary directory

Reads the computer name

Reads the machine GUID from the registry

Reads the software policy settings

Reads Environment values

Creates files in the program directory

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings