download:

index.html

Full analysis: https://app.any.run/tasks/97d2f46d-c29e-4580-92d7-a6ca9e582d3c
Verdict: Malicious activity
Analysis date: May 14, 2018, 21:42:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/html
File info: HTML document, ASCII text, with very long lines
MD5:

BD943A0ED44F8916960E551D86EE5CF2

SHA1:

7F1594004CF5F69FFDC803E440C86CBE859C18CE

SHA256:

EDACC76B8A586BCD8E1E13B0E1696E675F2A9DB8852F7933064C39236A7E3D44

SSDEEP:

768:0A3bUGQU9WatmciGjAQtnIBDifIc5OcZAeTwIeln:0EQU9WSoGjpnIBDiw0OcRwIe1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Setup.exe (PID: 620)
      • Setup.exe (PID: 3072)
      • Setup.exe (PID: 2780)
      • Setup.exe (PID: 2820)
      • Setup.exe (PID: 3368)
      • Setup.exe (PID: 3864)
      • UpdPack.exe (PID: 3240)
      • InstUpd.exe (PID: 3968)
      • vcredist_x86.exe (PID: 3000)
      • vcredist_x86.exe (PID: 1532)
      • setup.exe (PID: 1544)
      • ICCProxy.exe (PID: 6004)
      • UpdPack_GService.exe (PID: 5644)
      • SetupICCS.exe (PID: 4952)
      • InstUpd.exe (PID: 4136)
      • Setup.exe (PID: 5972)
      • etSetupICC.exe (PID: 5492)
      • Setup.exe (PID: 3140)
      • ICCProxy.exe (PID: 5300)
      • AMDRyzenMasterDriverCmd.exe (PID: 5652)
      • vcredist_x64.exe (PID: 4764)
      • vcredist_x64.exe (PID: 2928)
      • AdjustService.exe (PID: 5428)
      • addfwrule.exe (PID: 5600)
      • GraphicsCardEngineStarter.exe (PID: 5324)
      • RunUpd.exe (PID: 2284)
      • RunUpd.exe (PID: 4180)
      • ApCent.exe (PID: 5012)
      • gcupd.exe (PID: 5500)
      • Run.exe (PID: 3568)
      • Run.exe (PID: 4588)
      • DLLs.exe (PID: 4384)
      • DrvUpd.exe (PID: 848)

    • Application loaded dropped or rewritten executable

      • setup.exe (PID: 1544)
      • vcredist_x86.exe (PID: 1532)
      • etSetupICC.exe (PID: 5492)
      • SetupICCS.exe (PID: 4952)
      • AMDRyzenMasterDriverCmd.exe (PID: 5652)
      • Setup.exe (PID: 3140)
      • vcredist_x64.exe (PID: 2928)
      • ApCent.exe (PID: 5012)
      • gcupd.exe (PID: 5500)
      • GraphicsCardEngineStarter.exe (PID: 5324)
      • DrvUpd.exe (PID: 848)
      • regsvr32.exe (PID: 2720)
      • regsvr32.exe (PID: 4680)
      • Run.exe (PID: 3568)
      • regsvr32.exe (PID: 5700)
      • regsvr32.exe (PID: 5584)
      • regsvr32.exe (PID: 5888)
      • Run.exe (PID: 4588)
      • regsvr32.exe (PID: 5332)

    • Changes the autorun value in the registry

      • vcredist_x86.exe (PID: 3000)
      • AdjustService.exe (PID: 5428)
      • Setup.exe (PID: 3140)

    • Uses Task Scheduler to run other applications

      • setup.exe (PID: 1544)

    • Loads the Task Scheduler COM API

      • schtasks.exe (PID: 3232)
      • mmc.exe (PID: 5344)

    • Adds new firewall rule via NETSH.EXE

      • addfwrule.exe (PID: 5600)

    • Changes settings of System certificates

      • gcupd.exe (PID: 5500)

    • Registers / Runs the DLL via REGSVR32.EXE

      • Run.exe (PID: 3568)
      • Run.exe (PID: 4588)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 7zFM.exe (PID: 2596)
      • UpdPack.exe (PID: 3240)
      • 7zG.exe (PID: 3936)
      • setup.exe (PID: 1544)
      • MsiExec.exe (PID: 1944)
      • vcredist_x86.exe (PID: 1532)
      • vcredist_x86.exe (PID: 3000)
      • SetupICCS.exe (PID: 4952)
      • UpdPack_GService.exe (PID: 5644)
      • Setup.exe (PID: 5972)
      • Setup.exe (PID: 3140)
      • MsiExec.exe (PID: 5512)
      • msiexec.exe (PID: 1744)
      • vcredist_x64.exe (PID: 2928)
      • ApCent.exe (PID: 5012)
      • DLLs.exe (PID: 4384)
      • Run.exe (PID: 3568)
      • regsvr32.exe (PID: 5700)
      • Run.exe (PID: 4588)
      • regsvr32.exe (PID: 5584)
      • DrvUpd.exe (PID: 848)
      • regsvr32.exe (PID: 5888)

    • Searches for installed software

      • vcredist_x86.exe (PID: 1532)
      • vcredist_x86.exe (PID: 3000)
      • setup.exe (PID: 1544)
      • vcredist_x64.exe (PID: 2928)
      • Setup.exe (PID: 3140)

    • Application launched itself

      • software_reporter_tool.exe (PID: 1088)

    • Creates or modifies windows services

      • vcredist_x86.exe (PID: 3000)
      • setup.exe (PID: 1544)
      • InstUpd.exe (PID: 4136)
      • Setup.exe (PID: 3140)
      • AdjustService.exe (PID: 5428)
      • RunUpd.exe (PID: 2284)
      • ApCent.exe (PID: 5012)
      • gcupd.exe (PID: 5500)

    • Creates a software uninstall entry

      • vcredist_x86.exe (PID: 3000)
      • setup.exe (PID: 1544)
      • Setup.exe (PID: 3140)

    • Creates files in the program directory

      • vcredist_x86.exe (PID: 3000)
      • setup.exe (PID: 1544)
      • SetupICCS.exe (PID: 4952)
      • Setup.exe (PID: 3140)
      • DrvUpd.exe (PID: 848)
      • DLLs.exe (PID: 4384)

    • Creates files in the Windows directory

      • vcredist_x86.exe (PID: 3000)
      • SetupICCS.exe (PID: 4952)
      • setup.exe (PID: 1544)
      • ApCent.exe (PID: 5012)

    • Removes files from Windows directory

      • SetupICCS.exe (PID: 4952)

    • Starts Microsoft Installer

      • Setup.exe (PID: 5972)

    • Uses NETSH.EXE for network configuration

      • addfwrule.exe (PID: 5600)

    • Adds / modifies Windows certificates

      • gcupd.exe (PID: 5500)

  • INFO

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2112)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2112)
      • iexplore.exe (PID: 2528)

    • Application launched itself

      • iexplore.exe (PID: 2212)
      • chrome.exe (PID: 2652)
      • msiexec.exe (PID: 1744)

    • Changes internet zones settings

      • iexplore.exe (PID: 2212)

    • Creates files in the user directory

      • iexplore.exe (PID: 2112)
      • iexplore.exe (PID: 2528)
      • iexplore.exe (PID: 2212)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2112)

    • Dropped object may contain URL's

      • iexplore.exe (PID: 2112)
      • iexplore.exe (PID: 2528)
      • 7zFM.exe (PID: 2596)
      • chrome.exe (PID: 2652)
      • 7zG.exe (PID: 3936)
      • UpdPack.exe (PID: 3240)
      • setup.exe (PID: 1544)
      • vcredist_x86.exe (PID: 1532)
      • vcredist_x86.exe (PID: 3000)
      • SetupICCS.exe (PID: 4952)
      • UpdPack_GService.exe (PID: 5644)
      • Setup.exe (PID: 5972)
      • Setup.exe (PID: 3140)
      • MsiExec.exe (PID: 5512)
      • msiexec.exe (PID: 1744)
      • vcredist_x64.exe (PID: 2928)
      • chrome.exe (PID: 2260)
      • ApCent.exe (PID: 5012)
      • Run.exe (PID: 3568)
      • regsvr32.exe (PID: 5700)
      • Run.exe (PID: 4588)
      • regsvr32.exe (PID: 5584)
      • DLLs.exe (PID: 4384)
      • DrvUpd.exe (PID: 848)
      • regsvr32.exe (PID: 5888)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2112)
      • iexplore.exe (PID: 2528)
      • chrome.exe (PID: 2652)

    • Dropped object may contain Bitcoin addresses

      • 7zFM.exe (PID: 2596)
      • 7zG.exe (PID: 3936)

    • Loads the Task Scheduler COM API

      • software_reporter_tool.exe (PID: 1088)

    • Low-level read access rights to disk partition

      • vssvc.exe (PID: 4084)

    • Application loaded dropped or rewritten executable

      • MsiExec.exe (PID: 1944)
      • MsiExec.exe (PID: 4132)
      • MsiExec.exe (PID: 5512)
      • MsiExec.exe (PID: 5820)

    • Creates or modifies windows services

      • msiexec.exe (PID: 1744)
      • vssvc.exe (PID: 4084)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 1744)

    • Searches for installed software

      • msiexec.exe (PID: 1744)

    • Reads settings of System Certificates

      • Setup.exe (PID: 3140)
      • ApCent.exe (PID: 5012)
      • gcupd.exe (PID: 5500)

    • Creates files in the program directory

      • msiexec.exe (PID: 1744)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.html | HyperText Markup Language (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
133
Monitored processes
72
Malicious processes
21
Suspicious processes
7

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe iexplore.exe 7zfm.exe setup.exe no specs setup.exe setup.exe no specs setup.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs software_reporter_tool.exe no specs chrome.exe no specs software_reporter_tool.exe no specs chrome.exe no specs 7zg.exe setup.exe no specs setup.exe updpack.exe instupd.exe no specs setup.exe msiexec.exe msiexec.exe vcredist_x86.exe vcredist_x86.exe vssvc.exe no specs chrome.exe no specs msiexec.exe no specs chrome.exe no specs etsetupicc.exe no specs setupiccs.exe schtasks.exe no specs amdryzenmasterdrivercmd.exe no specs iccproxy.exe no specs iccproxy.exe no specs updpack_gservice.exe instupd.exe no specs setup.exe msiexec.exe no specs msiexec.exe no specs setup.exe msiexec.exe mmc.exe no specs mmc.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs vcredist_x64.exe no specs vcredist_x64.exe msiexec.exe no specs adjustservice.exe addfwrule.exe no specs netsh.exe no specs netsh.exe no specs graphicscardenginestarter.exe no specs runupd.exe no specs runupd.exe apcent.exe gcupd.exe drvupd.exe dlls.exe run.exe regsvr32.exe regsvr32.exe no specs run.exe regsvr32.exe regsvr32.exe no specs regsvr32.exe regsvr32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
620"C:\Users\admin\AppData\Local\Temp\7zO42A5845C\Setup.exe" C:\Users\admin\AppData\Local\Temp\7zO42A5845C\Setup.exe7zFM.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SetupETEng
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\7zo42a5845c\setup.exe
c:\systemroot\system32\ntdll.dll
648"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14414815118044416444,18346699837538409754,131072 --service-pipe-token=2D3FD13C43982773753BB156DEEE1DB8 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=2D3FD13C43982773753BB156DEEE1DB8 --renderer-client-id=5 --mojo-platform-channel-handle=3272 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
61.0.3163.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\61.0.3163.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
848"C:\Program Files\GIGABYTE\AppCenter\drvUpd\DrvUpd.exe" C:\Program Files\GIGABYTE\AppCenter\drvUpd\DrvUpd.exe
gcupd.exe
User:
admin
Integrity Level:
HIGH
Description:
DrvUpd
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\program files\gigabyte\appcenter\drvupd\drvupd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1088"C:\Users\admin\AppData\Local\Google\Chrome\User Data\SwReporter\23.129.0\software_reporter_tool.exe" --session-id=cmfvx4K3P+klRnlnFyUOSFRTTrBs1Oz+h0e6C/W/C:\Users\admin\AppData\Local\Google\Chrome\User Data\SwReporter\23.129.0\software_reporter_tool.exechrome.exe
User:
admin
Company:
Google
Integrity Level:
MEDIUM
Description:
Software Reporter Tool
Exit code:
2
Version:
23.129.0
Modules
Images
c:\users\admin\appdata\local\google\chrome\user data\swreporter\23.129.0\software_reporter_tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
1316C:\Windows\system32\MsiExec.exe -Embedding DF71316EF4AB494D3489387D17BB5EA3C:\Windows\system32\MsiExec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1380"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=61.0.3163.100 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6d537d7c,0x6d537da4,0x6d537d8cC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
61.0.3163.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\61.0.3163.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1532"C:\Users\admin\AppData\Local\Temp\{4D3A4094-882B-4DDB-AB8E-E91FD72CE1AB}\vcredist_x86.exe" /quiet /norestart /install -burn.unelevated BurnPipe.{CF949FCE-4D5F-4DB9-A382-BEC8B71F2544} {10A8181A-0591-4B86-8D4D-BDBAE83D4B41} 3000C:\Users\admin\AppData\Local\Temp\{4D3A4094-882B-4DDB-AB8E-E91FD72CE1AB}\vcredist_x86.exe
vcredist_x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Exit code:
0
Version:
11.0.61030.0
Modules
Images
c:\users\admin\appdata\local\temp\{4d3a4094-882b-4ddb-ab8e-e91fd72ce1ab}\vcredist_x86.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
1544"C:\Users\admin\AppData\Local\Temp\7zS1137.tmp\EasyTuneEngineService\setup.exe" -s -f1"C:\Users\admin\AppData\Local\Temp\7zS1137.tmp\EasyTuneEngineService\proginstall.iss"C:\Users\admin\AppData\Local\Temp\7zS1137.tmp\EasyTuneEngineService\setup.exe
InstUpd.exe
User:
admin
Company:
GIGABYTE
Integrity Level:
HIGH
Description:
Setup Launcher Unicode
Exit code:
0
Version:
1.18.0412.1
Modules
Images
c:\users\admin\appdata\local\temp\7zs1137.tmp\easytuneengineservice\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1712"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14414815118044416444,18346699837538409754,131072 --service-pipe-token=F3DA753DF4A387E6CED6FFCD69A5553F --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=F3DA753DF4A387E6CED6FFCD69A5553F --renderer-client-id=12 --mojo-platform-channel-handle=2540 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
61.0.3163.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\61.0.3163.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1744C:\Windows\system32\msiexec.exe /VC:\Windows\system32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
7 394
Read events
5 035
Write events
2 246
Delete events
113

Modification events

(PID) Process:(2212) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2212) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2212) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2212) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2212) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2212) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000063000000090000000000000000000000000000000400000000000000400C35B347C7D301000000000000000000000000020000001700000000000000FE80000000000000D45917EAB3ED3D860B000000000000001700000000000000FE80000000000000D45917EAB3ED3D860B000000000000001C00000000000000000000000000000000000000000000000000000000000000170000000000000000000000000000000000FFFFC0A8640B000000000000000002000000C0A801640000000000000000000000000000000000000000000000000C00000C37D0000010A73800D8703600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081F800009000230090002300380023000000000000702C000A00000000000000F8412C00
(PID) Process:(2212) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{DD8C92AF-57BF-11E8-B27F-5254004AAD21}
Value:
0
(PID) Process:(2212) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2212) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(2212) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E207050001000E0015002B002900D001
Executable files
207
Suspicious files
69
Text files
492
Unknown types
18

Dropped files

PID
Process
Filename
Type
2212iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LKO8ICX\favicon[1].ico
MD5:
SHA256:
2212iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2112iexplore.exeC:\Users\admin\AppData\Local\Temp\CabE895.tmp
MD5:
SHA256:
2112iexplore.exeC:\Users\admin\AppData\Local\Temp\TarE896.tmp
MD5:
SHA256:
2528iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WF2FXMJU\mb_utility_appcenter_B18.0301.1[1].zip
MD5:
SHA256:
25967zFM.exeC:\Users\admin\AppData\Local\Temp\7zO42A5845C\Setup.exeexecutable
MD5:
SHA256:
25967zFM.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WF2FXMJU\AppCenteB18.0301.1\Files\UpdPack.exeexecutable
MD5:
SHA256:
25967zFM.exeC:\Users\admin\AppData\Local\Temp\7zO42A55C5C\Setup.exeexecutable
MD5:
SHA256:
2112iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_FDB452422670E72EDD3FB3D65568F821binary
MD5:
SHA256:
2112iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F5F320A94D4D2B4465D8F17E2BB2D351_CE5427FC14BD9BB78C9AA19858B6AE4Bder
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
12
DNS requests
11
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2652
chrome.exe
GET
200
152.199.20.1:80
http://download.gigabyte.us/FileList/Utility/mb_utility_appcenter_B18.0301.1.zip
US
62.3 Mb
suspicious
2112
iexplore.exe
GET
200
216.58.207.78:80
http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCFpZKs4JmgKI
US
der
463 b
whitelisted
2528
iexplore.exe
GET
200
152.199.20.1:80
http://download.gigabyte.us/FileList/Utility/mb_utility_appcenter_B18.0301.1.zip
US
compressed
62.3 Mb
suspicious
2112
iexplore.exe
GET
200
216.58.207.78:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D
US
der
468 b
whitelisted
2212
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2212
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2112
iexplore.exe
172.217.16.195:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2112
iexplore.exe
216.58.207.78:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2528
iexplore.exe
152.199.20.1:80
download.gigabyte.us
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2652
chrome.exe
172.217.22.35:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2652
chrome.exe
216.58.207.67:443
www.google.ru
Google Inc.
US
whitelisted
2652
chrome.exe
172.217.16.195:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2652
chrome.exe
172.217.18.174:443
apis.google.com
Google Inc.
US
whitelisted
2652
chrome.exe
216.58.205.228:443
www.google.com
Google Inc.
US
whitelisted
2652
chrome.exe
152.199.20.1:80
download.gigabyte.us
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ssl.gstatic.com
  • 172.217.16.195
whitelisted
ocsp.pki.goog
  • 216.58.207.78
whitelisted
download.gigabyte.us
  • 152.199.20.1
suspicious
clientservices.googleapis.com
  • 172.217.22.35
whitelisted
www.google.ru
  • 216.58.207.67
whitelisted
www.gstatic.com
  • 172.217.22.35
whitelisted
apis.google.com
  • 172.217.18.174
whitelisted
www.google.com
  • 216.58.205.228
malicious

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
Process
Message
mmc.exe
Constructor: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
mmc.exe
OnInitialize: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
mmc.exe
AddIcons: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
mmc.exe
ProcessCommandLineArguments: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
regsvr32.exe
Detected memory leaks!
regsvr32.exe
Dumping objects ->
regsvr32.exe
{205}
regsvr32.exe
normal block at 0x01A9EF90, 128 bytes long.
regsvr32.exe
Data: < > CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD
regsvr32.exe
{204}
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
index.html