File name:

MovaviVideoConverterSetupS_W8dak1c_.exe

Full analysis: https://app.any.run/tasks/73a9502e-0d4f-49f0-abc7-3bf04c82a559
Verdict: Malicious activity
Analysis date: June 30, 2024, 20:47:56
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32+ executable (GUI) x86-64, for MS Windows
MD5:

6A609B304936946690A18FB199408AD1

SHA1:

F9F82EE1BE0CEC184AF8986DB23FCD30CFB4872B

SHA256:

FC51AA662126E720BAFAB907B75294DA6A73458ADA4B5260468DAD4CB8173691

SSDEEP:

98304:kE6EQETEqaNpqRiFIs2LVI1kz4jwZIww8eemT1ima2jt+8bUwkoO0tfaNGRpljbT:qZp3lIykzjU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • MovaviVideoConverterSetupS_W8dak1c_.exe (PID: 3392)
      • 1827551624_W8dak1c_.exe (PID: 4148)
      • InstallerGUI.exe (PID: 3124)

    • Changes the autorun value in the registry

      • InstallerGUI.exe (PID: 3124)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • MovaviVideoConverterSetupS_W8dak1c_.exe (PID: 3392)
      • 1827551624_W8dak1c_.exe (PID: 4148)
      • InstallerGUI.exe (PID: 3124)

    • Executable content was dropped or overwritten

      • MovaviVideoConverterSetupS_W8dak1c_.exe (PID: 3392)
      • 1827551624_W8dak1c_.exe (PID: 4148)
      • InstallerGUI.exe (PID: 3124)

    • The process creates files with name similar to system file names

      • MovaviVideoConverterSetupS_W8dak1c_.exe (PID: 3392)
      • 1827551624_W8dak1c_.exe (PID: 4148)
      • InstallerGUI.exe (PID: 3124)

    • The process drops C-runtime libraries

      • MovaviVideoConverterSetupS_W8dak1c_.exe (PID: 3392)
      • 1827551624_W8dak1c_.exe (PID: 4148)
      • InstallerGUI.exe (PID: 3124)

    • Starts CMD.EXE for commands execution

      • installer.exe (PID: 5060)

    • Hides command output

      • cmd.exe (PID: 2032)

    • Get information on the list of running processes

      • cmd.exe (PID: 2032)
      • installer.exe (PID: 5060)

    • Reads security settings of Internet Explorer

      • installer.exe (PID: 5060)
      • 1827551624_W8dak1c_.exe (PID: 4148)

    • Reads the date of Windows installation

      • installer.exe (PID: 5060)

    • Reads the BIOS version

      • InstallerGUI.exe (PID: 3124)
      • WebConfigLoader.exe (PID: 4820)
      • ConverterAgent.exe (PID: 256)

    • Creates a software uninstall entry

      • InstallerGUI.exe (PID: 3124)

    • Searches for installed software

      • installer.exe (PID: 5060)

  • INFO

    • Checks supported languages

      • MovaviVideoConverterSetupS_W8dak1c_.exe (PID: 3392)
      • installer.exe (PID: 5060)
      • 1827551624_W8dak1c_.exe (PID: 4148)
      • crashpad_handler.exe (PID: 900)
      • InstallerGUI.exe (PID: 3124)
      • crashpad_handler.exe (PID: 5832)
      • CoreChecker.exe (PID: 3940)
      • PluginChecker.exe (PID: 1852)
      • PluginChecker.exe (PID: 5116)
      • PluginChecker.exe (PID: 4220)
      • PluginChecker.exe (PID: 6020)
      • PluginChecker.exe (PID: 4024)
      • PluginChecker.exe (PID: 884)
      • PluginChecker.exe (PID: 2520)
      • PluginChecker.exe (PID: 2480)
      • PluginChecker.exe (PID: 5084)
      • PluginChecker.exe (PID: 8)
      • PluginChecker.exe (PID: 4052)
      • PluginChecker.exe (PID: 5564)
      • PluginChecker.exe (PID: 1832)
      • PluginChecker.exe (PID: 1060)
      • PluginChecker.exe (PID: 2928)
      • PluginChecker.exe (PID: 3756)
      • PluginChecker.exe (PID: 692)
      • PluginChecker.exe (PID: 4536)
      • PluginChecker.exe (PID: 4320)
      • PluginChecker.exe (PID: 2064)
      • PluginChecker.exe (PID: 3164)
      • PluginChecker.exe (PID: 3596)
      • PluginChecker.exe (PID: 1164)
      • PluginChecker.exe (PID: 2468)
      • PluginChecker.exe (PID: 4220)
      • PluginChecker.exe (PID: 5140)
      • PluginChecker.exe (PID: 3888)
      • PluginChecker.exe (PID: 3540)
      • PluginChecker.exe (PID: 3668)
      • CodecChecker.exe (PID: 2332)
      • CodecChecker.exe (PID: 5084)
      • CodecChecker.exe (PID: 1064)
      • CodecChecker.exe (PID: 3688)
      • CodecChecker.exe (PID: 1928)
      • CodecChecker.exe (PID: 4804)
      • CodecChecker.exe (PID: 2032)
      • ConverterAgent.exe (PID: 256)
      • crashpad_handler.exe (PID: 3188)
      • WebConfigLoader.exe (PID: 4820)

    • Create files in a temporary directory

      • MovaviVideoConverterSetupS_W8dak1c_.exe (PID: 3392)
      • installer.exe (PID: 5060)
      • 1827551624_W8dak1c_.exe (PID: 4148)
      • InstallerGUI.exe (PID: 3124)
      • ConverterAgent.exe (PID: 256)

    • Reads the machine GUID from the registry

      • installer.exe (PID: 5060)
      • PluginChecker.exe (PID: 5564)
      • CoreChecker.exe (PID: 3940)
      • CodecChecker.exe (PID: 2332)
      • CodecChecker.exe (PID: 3688)
      • CodecChecker.exe (PID: 1064)
      • CodecChecker.exe (PID: 4804)
      • CodecChecker.exe (PID: 5084)
      • CodecChecker.exe (PID: 2032)
      • CodecChecker.exe (PID: 1928)

    • Reads the computer name

      • installer.exe (PID: 5060)
      • InstallerGUI.exe (PID: 3124)
      • PluginChecker.exe (PID: 6020)
      • PluginChecker.exe (PID: 1852)
      • PluginChecker.exe (PID: 5116)
      • PluginChecker.exe (PID: 4220)
      • PluginChecker.exe (PID: 5084)
      • PluginChecker.exe (PID: 4024)
      • PluginChecker.exe (PID: 884)
      • PluginChecker.exe (PID: 2520)
      • PluginChecker.exe (PID: 2480)
      • PluginChecker.exe (PID: 5564)
      • PluginChecker.exe (PID: 8)
      • PluginChecker.exe (PID: 4052)
      • PluginChecker.exe (PID: 1832)
      • PluginChecker.exe (PID: 1060)
      • PluginChecker.exe (PID: 3756)
      • PluginChecker.exe (PID: 4536)
      • PluginChecker.exe (PID: 2928)
      • PluginChecker.exe (PID: 692)
      • PluginChecker.exe (PID: 4320)
      • PluginChecker.exe (PID: 2064)
      • PluginChecker.exe (PID: 3164)
      • PluginChecker.exe (PID: 3596)
      • PluginChecker.exe (PID: 1164)
      • PluginChecker.exe (PID: 2468)
      • PluginChecker.exe (PID: 4220)
      • PluginChecker.exe (PID: 3888)
      • PluginChecker.exe (PID: 3540)
      • CoreChecker.exe (PID: 3940)
      • PluginChecker.exe (PID: 3668)
      • PluginChecker.exe (PID: 5140)
      • CodecChecker.exe (PID: 2332)
      • CodecChecker.exe (PID: 3688)
      • CodecChecker.exe (PID: 5084)
      • CodecChecker.exe (PID: 1064)
      • CodecChecker.exe (PID: 1928)
      • CodecChecker.exe (PID: 4804)
      • CodecChecker.exe (PID: 2032)
      • WebConfigLoader.exe (PID: 4820)
      • ConverterAgent.exe (PID: 256)
      • 1827551624_W8dak1c_.exe (PID: 4148)

    • Checks proxy server information

      • installer.exe (PID: 5060)
      • InstallerGUI.exe (PID: 3124)
      • WebConfigLoader.exe (PID: 4820)

    • Creates files or folders in the user directory

      • installer.exe (PID: 5060)
      • crashpad_handler.exe (PID: 900)
      • InstallerGUI.exe (PID: 3124)
      • crashpad_handler.exe (PID: 5832)
      • PluginChecker.exe (PID: 4220)
      • PluginChecker.exe (PID: 1852)
      • PluginChecker.exe (PID: 5116)
      • PluginChecker.exe (PID: 6020)
      • PluginChecker.exe (PID: 5084)
      • PluginChecker.exe (PID: 4024)
      • PluginChecker.exe (PID: 2480)
      • PluginChecker.exe (PID: 884)
      • PluginChecker.exe (PID: 8)
      • PluginChecker.exe (PID: 4052)
      • PluginChecker.exe (PID: 5564)
      • PluginChecker.exe (PID: 2520)
      • PluginChecker.exe (PID: 1060)
      • PluginChecker.exe (PID: 2928)
      • PluginChecker.exe (PID: 3756)
      • PluginChecker.exe (PID: 1832)
      • PluginChecker.exe (PID: 4536)
      • PluginChecker.exe (PID: 692)
      • PluginChecker.exe (PID: 4320)
      • PluginChecker.exe (PID: 2064)
      • PluginChecker.exe (PID: 3164)
      • PluginChecker.exe (PID: 3596)
      • PluginChecker.exe (PID: 1164)
      • PluginChecker.exe (PID: 2468)
      • PluginChecker.exe (PID: 3888)
      • PluginChecker.exe (PID: 5140)
      • PluginChecker.exe (PID: 4220)
      • PluginChecker.exe (PID: 3540)
      • PluginChecker.exe (PID: 3668)
      • CoreChecker.exe (PID: 3940)
      • CodecChecker.exe (PID: 2332)
      • CodecChecker.exe (PID: 3688)
      • CodecChecker.exe (PID: 5084)
      • CodecChecker.exe (PID: 1064)
      • CodecChecker.exe (PID: 2032)
      • CodecChecker.exe (PID: 4804)
      • CodecChecker.exe (PID: 1928)
      • WebConfigLoader.exe (PID: 4820)
      • ConverterAgent.exe (PID: 256)
      • crashpad_handler.exe (PID: 3188)

    • Reads Environment values

      • installer.exe (PID: 5060)
      • InstallerGUI.exe (PID: 3124)
      • PluginChecker.exe (PID: 5084)
      • PluginChecker.exe (PID: 4024)
      • CoreChecker.exe (PID: 3940)
      • CodecChecker.exe (PID: 2332)
      • CodecChecker.exe (PID: 3688)
      • CodecChecker.exe (PID: 1064)
      • CodecChecker.exe (PID: 5084)
      • CodecChecker.exe (PID: 4804)
      • CodecChecker.exe (PID: 2032)
      • CodecChecker.exe (PID: 1928)
      • WebConfigLoader.exe (PID: 4820)

    • Process checks computer location settings

      • installer.exe (PID: 5060)

    • Creates files in the program directory

      • InstallerGUI.exe (PID: 3124)

    • Reads CPU info

      • CodecChecker.exe (PID: 5084)

    • Reads the software policy settings

      • WebConfigLoader.exe (PID: 4820)
      • InstallerGUI.exe (PID: 3124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:03:04 10:38:29+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.29
CodeSize: 733184
InitializedDataSize: 4378624
UninitializedDataSize: -
EntryPoint: 0x21910
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.6.0.0
ProductVersionNumber: 1.6.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Unknown (0009)
CharacterSet: Unicode
CompanyName: Movavi
FileDescription: Movavi installer
FileVersion: 1.6.0.0
InternalName: Movavi WebInstaller
LegalCopyright: Copyright (C) 2004 - 2023 movavi.com All rights reserved
OriginalFileName: MovaviWebInstallerSetup_6_0_x32_3172_HEAD_6f3b545_CyprusBuild003_NOPROTECT_setup.exe
ProductName: Movavi 1.6.0
ProductVersion: 1.6.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
220
Monitored processes
88
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start movavivideoconvertersetups_w8dak1c_.exe installer.exe crashpad_handler.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs 1827551624_w8dak1c_.exe installergui.exe crashpad_handler.exe no specs corechecker.exe no specs conhost.exe no specs pluginchecker.exe conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs pluginchecker.exe no specs conhost.exe no specs codecchecker.exe no specs codecchecker.exe no specs codecchecker.exe no specs codecchecker.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs codecchecker.exe no specs codecchecker.exe no specs conhost.exe no specs codecchecker.exe no specs conhost.exe no specs conhost.exe no specs webconfigloader.exe conhost.exe no specs crashpad_handler.exe no specs converteragent.exe

Process information

PID
CMD
Path
Indicators
Parent process
8"C:\Users\admin\AppData\Local\Temp\Movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\PluginChecker.exe" DecoderMF CodecFactoryC:\Users\admin\AppData\Local\Temp\Movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\PluginChecker.exeCoreChecker.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\pluginchecker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\users\admin\appdata\local\temp\movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\plugincheckfuncs.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
256"C:\Users\admin\AppData\Roaming\Movavi Video Converter\ConverterAgent.exe" C:\Users\admin\AppData\Roaming\Movavi Video Converter\ConverterAgent.exe
InstallerGUI.exe
User:
admin
Company:
Movavi
Integrity Level:
MEDIUM
Description:
Movavi Video Converter 24.0.0 Agent
Exit code:
4294967295
Version:
24.0.0.0
Modules
Images
c:\users\admin\appdata\roaming\movavi video converter\converteragent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\users\admin\appdata\roaming\movavi video converter\converteragentactions.dll
c:\users\admin\appdata\roaming\movavi video converter\activationhelper.dll
c:\users\admin\appdata\roaming\movavi video converter\launchtypeprocessor.dll
c:\users\admin\appdata\roaming\movavi video converter\openglswitcherapi.dll
428\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
692"C:\Users\admin\AppData\Local\Temp\Movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\PluginChecker.exe" Filters FilterFactoryC:\Users\admin\AppData\Local\Temp\Movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\PluginChecker.exeCoreChecker.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\pluginchecker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\users\admin\appdata\local\temp\movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\plugincheckfuncs.dll
884"C:\Users\admin\AppData\Local\Temp\Movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\PluginChecker.exe" EncoderAMF CodecFactoryC:\Users\admin\AppData\Local\Temp\Movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\PluginChecker.exeCoreChecker.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\pluginchecker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\plugincheckfuncs.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shell32.dll
884\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeCodecChecker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
900C:\Users\admin\AppData\Local\Temp\Movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\crashpad_handler.exe --no-rate-limit --database=C:\Users\admin\AppData\Local\Movavi\Sentry\WebInstaller\1.6.0\0.5.0 --metrics-dir=C:\Users\admin\AppData\Local\Movavi\Sentry\WebInstaller\1.6.0\0.5.0 --url=https://o474997.ingest.sentry.io:443/api/4504530105270272/minidump/?sentry_client=sentry.native/0.5.0&sentry_key=ef812734097cff75303ed065f77ac553 --attachment=C:\Users\admin\AppData\Local\Movavi\Sentry\WebInstaller\1.6.0\0.5.0\d1b41125-de63-471f-756e-08078abd6f07.run\__sentry-event --attachment=C:\Users\admin\AppData\Local\Movavi\Sentry\WebInstaller\1.6.0\0.5.0\d1b41125-de63-471f-756e-08078abd6f07.run\__sentry-breadcrumb1 --attachment=C:\Users\admin\AppData\Local\Movavi\Sentry\WebInstaller\1.6.0\0.5.0\d1b41125-de63-471f-756e-08078abd6f07.run\__sentry-breadcrumb2 --initial-client-data=0x358,0x35c,0x360,0x334,0x364,0x7ffda5a52048,0x7ffda5a52060,0x7ffda5a52078C:\Users\admin\AppData\Local\Temp\Movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\crashpad_handler.exeinstaller.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\appdata\local\temp\movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\crashpad_handler.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1060"C:\Users\admin\AppData\Local\Temp\Movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\PluginChecker.exe" EffectsFF EffectFactoryC:\Users\admin\AppData\Local\Temp\Movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\PluginChecker.exeCoreChecker.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\pluginchecker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\users\admin\appdata\local\temp\movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\plugincheckfuncs.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ucrtbase.dll
1060\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exePluginChecker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1064"C:\Users\admin\AppData\Local\Temp\Movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\CodecChecker.exe" DECODER MEDIA_FOUNDATION_IMPL CODEC_ID_AAC ""C:\Users\admin\AppData\Local\Temp\Movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\CodecChecker.exeCoreChecker.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\movavi-installer-725501ba-c8e7-4df5-8b5d-931c050c910c\codecchecker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
57 338
Read events
57 223
Write events
114
Delete events
1

Modification events

(PID) Process:(5060) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Movavi\User
Operation:writeName:WEBUID
Value:
8dak1c
(PID) Process:(5060) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(5060) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(5060) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(5060) installer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3124) InstallerGUI.exeKey:HKEY_CLASSES_ROOT\CLSID\C03A9F8B-5EB8-FC2E-E576-5CA295CB
Operation:writeName:InfoTip
Value:
04194342CABE277194E09B68CAEF31ECB08AE5B7
(PID) Process:(3124) InstallerGUI.exeKey:HKEY_CLASSES_ROOT\CLSID\E33E7C9C-1065-D92D-9901-C9B2A912
Operation:writeName:InfoTip
Value:
AF52C6DE0467EB7DE800DC8E04303D10479D8CE2
(PID) Process:(3124) InstallerGUI.exeKey:HKEY_CLASSES_ROOT\CLSID\9913B0CE-C553-2D28-5569-FB8BFAAD
Operation:writeName:InfoTip
Value:
F4286406B6D7708DEC1E609AB6BFBE9B0832B685
(PID) Process:(3124) InstallerGUI.exeKey:HKEY_CLASSES_ROOT\CLSID\476C8912-489C-6845-3409-804A8798
Operation:writeName:InfoTip
Value:
50CA2A2146167996FE1E7CA2467E4023DE7C1F0E
(PID) Process:(3124) InstallerGUI.exeKey:HKEY_CLASSES_ROOT\CLSID\9913B0CE-C553-2D28-5569-FB8BFAAD
Operation:writeName:InfoTip
Value:
04D55B2540F07899F8F8739D4058401E148C2115
Executable files
621
Suspicious files
540
Text files
819
Unknown types
67

Dropped files

PID
Process
Filename
Type
3392MovaviVideoConverterSetupS_W8dak1c_.exeC:\Users\admin\AppData\Local\Temp\Movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\api-ms-win-core-localization-l1-2-0.dllexecutable
MD5:1ED0B196AB58EDB58FCF84E1739C63CE
SHA256:8664222823E122FCA724620FD8B72187FC5336C737D891D3CEF85F4F533B8DE2
3392MovaviVideoConverterSetupS_W8dak1c_.exeC:\Users\admin\AppData\Local\Temp\Movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\api-ms-win-core-errorhandling-l1-1-0.dllexecutable
MD5:2DB5666D3600A4ABCE86BE0099C6B881
SHA256:46079C0A1B660FC187AAFD760707F369D0B60D424D878C57685545A3FCE95819
3392MovaviVideoConverterSetupS_W8dak1c_.exeC:\Users\admin\AppData\Local\Temp\Movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\InstallerData.7zcompressed
MD5:19B31FC549B005E6A225AF45FB46BA33
SHA256:2B5DC46FB5512CF73B43F6E1DA6F94FBF6BBD813CD9C065D01C6A435ED9D8B83
3392MovaviVideoConverterSetupS_W8dak1c_.exeC:\Users\admin\AppData\Local\Temp\Movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\api-ms-win-core-datetime-l1-1-0.dllexecutable
MD5:557405C47613DE66B111D0E2B01F2FDB
SHA256:913EAAA7997A6AEE53574CFFB83F9C9C1700B1D8B46744A5E12D76A1E53376FD
3392MovaviVideoConverterSetupS_W8dak1c_.exeC:\Users\admin\AppData\Local\Temp\Movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\api-ms-win-core-file-l1-1-0.dllexecutable
MD5:0F7D418C05128246AFA335A1FB400CB9
SHA256:5C9BC70586AD538B0DF1FCF5D6F1F3527450AE16935AA34BD7EB494B4F1B2DB9
3392MovaviVideoConverterSetupS_W8dak1c_.exeC:\Users\admin\AppData\Local\Temp\Movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\api-ms-win-core-memory-l1-1-0.dllexecutable
MD5:721BAEA26A27134792C5CCC613F212B2
SHA256:5D9767D8CCA0FBFD5801BFF2E0C2ADDDD1BAAAA8175543625609ABCE1A9257BD
3392MovaviVideoConverterSetupS_W8dak1c_.exeC:\Users\admin\AppData\Local\Temp\Movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\api-ms-win-core-debug-l1-1-0.dllexecutable
MD5:624401F31A706B1AE2245EB19264DC7F
SHA256:58A8D69DF60ECBEE776CD9A74B2A32B14BF2B0BD92D527EC5F19502A0D3EB8E9
3392MovaviVideoConverterSetupS_W8dak1c_.exeC:\Users\admin\AppData\Local\Temp\Movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\api-ms-win-core-file-l1-2-0.dllexecutable
MD5:5A72A803DF2B425D5AAFF21F0F064011
SHA256:629E52BA4E2DCA91B10EF7729A1722888E01284EED7DDA6030D0A1EC46C94086
3392MovaviVideoConverterSetupS_W8dak1c_.exeC:\Users\admin\AppData\Local\Temp\Movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\api-ms-win-core-namedpipe-l1-1-0.dllexecutable
MD5:B3F887142F40CB176B59E58458F8C46D
SHA256:8E015CDF2561450ED9A0773BE1159463163C19EAB2B6976155117D16C36519DA
3392MovaviVideoConverterSetupS_W8dak1c_.exeC:\Users\admin\AppData\Local\Temp\Movavi-installer-7dd60797-9711-4f3e-9a53-7b4ff7b170fa\api-ms-win-core-handle-l1-1-0.dllexecutable
MD5:D1DF480505F2D23C0B5C53DF2E0E2A1A
SHA256:0B3DFB8554EAD94D5DA7859A12DB353942406F9D1DFE3FAC3D48663C233EA99D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
107
DNS requests
25
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2468
svchost.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
3040
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
unknown
2468
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
1544
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
4656
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
unknown
2412
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
2412
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
4904
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
4680
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2468
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3508
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3868
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5060
installer.exe
84.16.252.107:443
webuid.movavi.com
Leaseweb Deutschland GmbH
DE
unknown
4032
svchost.exe
239.255.255.250:1900
whitelisted
5060
installer.exe
78.159.122.198:443
static.movavi.com
Leaseweb Deutschland GmbH
DE
unknown
2468
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2468
svchost.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
2468
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
unknown

DNS requests

Domain
IP
Reputation
webuid.movavi.com
  • 84.16.252.107
unknown
static.movavi.com
  • 78.159.122.198
whitelisted
dl.movavi.com
  • 78.159.122.198
unknown
proxysss.movavi.com
  • 84.16.252.107
unknown
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
self.events.data.microsoft.com
  • 20.42.65.93
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.bing.com
  • 23.15.178.200
  • 23.15.178.234
  • 23.15.178.147
  • 23.15.178.226
whitelisted

Threats

PID
Process
Class
Message
2168
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] An application monitoring request to sentry .io
Process
Message
installer.exe
E0630 20:48:05.208988 5124 WebUidManager.cpp:66] Can't find WebUid by RegistryKey. Key: User, error: Cannot read string from registry. Return empty.
installer.exe
E0630 20:48:05.208988 5124 WebUidManager.cpp:66] Can't find WebUid by RegistryKey. Key: VideoConverter24, error: Cannot read string from registry. Return empty.
PluginChecker.exe
qt.qpa.gl: QWindowsIntegration::createPlatformOpenGLContext QSurfaceFormat(version 4.6, options QFlags<QSurfaceFormat::FormatOption>(DeprecatedFunctions), depthBufferSize -1, redBufferSize -1, greenBufferSize -1, blueBufferSize -1, alphaBufferSize -1, stencilBufferSize -1, samples -1, swapBehavior QSurfaceFormat::DefaultSwapBehavior, swapInterval 1, colorSpace QSurfaceFormat::DefaultColorSpace, profile QSurfaceFormat::CompatibilityProfile)
PluginChecker.exe
qt.qpa.gl: Qt: Using WGL and OpenGL from "opengl32.dll"
PluginChecker.exe
qt.qpa.gl: QOpenGLStaticContext::create OpenGL: "Microsoft Corporation","GDI Generic" default ContextFormat: v1.1 profile: QSurfaceFormat::NoProfile options: QFlags<QSurfaceFormat::FormatOption>(DeprecatedFunctions) Extensions: 3
PluginChecker.exe
qt.qpa.gl: GPU features: QSet()
PluginChecker.exe
qt.qpa.gl: QWindowsOpenGLTester::supportedRenderers GpuDescription(vendorId=0x1414, deviceId=0x8c, subSysId=0x0, revision=0, driver: "d3d10warp.dll", version=10.0.19041.3636, "Microsoft Basic Render Driver""") 1 renderer: QFlags(0x1|0x2|0x4|0x8|0x20)
PluginChecker.exe
qt.qpa.gl: QWindowsGLContext::QWindowsGLContext 0x1b9d908c870 GDI requested: QSurfaceFormat(version 4.6, options QFlags<QSurfaceFormat::FormatOption>(DeprecatedFunctions), depthBufferSize -1, redBufferSize -1, greenBufferSize -1, blueBufferSize -1, alphaBufferSize -1, stencilBufferSize -1, samples -1, swapBehavior QSurfaceFormat::DefaultSwapBehavior, swapInterval 1, colorSpace QSurfaceFormat::DefaultColorSpace, profile QSurfaceFormat::CompatibilityProfile) obtained # 7 GDI QSurfaceFormat(version 1.1, options QFlags<QSurfaceFormat::FormatOption>(DeprecatedFunctions), depthBufferSize 32, redBufferSize 8, greenBufferSize 8, blueBufferSize 8, alphaBufferSize 8, stencilBufferSize 8, samples -1, swapBehavior QSurfaceFormat::DoubleBuffer, swapInterval 1, colorSpace QSurfaceFormat::DefaultColorSpace, profile QSurfaceFormat::NoProfile) PIXELFORMATDESCRIPTOR dwFlags=0x8465 PFD_DRAW_TO_WINDOW PFD_SUPPORT_OPENGL PFD_SUPPORT_COMPOSITION PFD_GENERIC_FORMAT PFD_DOUBLEBUFFER iPixelType=0 cColorBits=32 cRedBits=8 cRedShift=16 cGreenBits=8 cGreenShift=8 cBlueBits=8 cBlueShift=0 cDepthBits=32 cStencilBits=8 iLayerType=0 cAlphaBits=8 cAlphaShift=0 cAccumBits=64 cAccumRedBits=16 cAccumGreenBits=16 cAccumBlueBits=16 cAccumAlphaBits=16 swap interval: -1 default: ContextFormat: v1.1 profile: QSurfaceFormat::NoProfile options: QFlags<QSurfaceFormat::FormatOption>(DeprecatedFunctions) HGLRC= 0x20000
ConverterAgent.exe
qt.qpa.gl: QWindowsIntegration::createPlatformOpenGLContext QSurfaceFormat(version 4.6, options QFlags<QSurfaceFormat::FormatOption>(DeprecatedFunctions), depthBufferSize -1, redBufferSize -1, greenBufferSize -1, blueBufferSize -1, alphaBufferSize -1, stencilBufferSize -1, samples -1, swapBehavior QSurfaceFormat::DefaultSwapBehavior, swapInterval 1, colorSpace QSurfaceFormat::DefaultColorSpace, profile QSurfaceFormat::CompatibilityProfile)
ConverterAgent.exe
qt.qpa.gl: Qt: Using WGL and OpenGL from "opengl32.dll"
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MovaviVideoConverterSetupS_W8dak1c_.exe