File name:

[www.gigapurbalingga.com]_ZemAMPr250280.rar

Full analysis: https://app.any.run/tasks/20a071a5-db00-447b-9b27-0364e305d96d
Verdict: Malicious activity
Analysis date: December 18, 2018, 14:03:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

DFA6B92BBDEBAD06E8FCBC2E6C6101C3

SHA1:

CED7004FF2F7146D629B9A0CCA14C95FF6E3D6A1

SHA256:

037174C9A1B3C13AEA18951ED3484AD3112F8711E02D7B2DDB273CD282C3723C

SSDEEP:

196608:CR/8C3H0JqrwGddjtAFWZFYsHvWyaWNOzCA+vBRk+Br1UYej+CGkluIqinI:SH0UMEoWZusHuyjNOzKvPpWEJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ZAM.exe (PID: 3924)
      • ZAM.exe (PID: 3516)
      • ZAM.exe (PID: 128)
      • ZAM.exe (PID: 3812)
      • ZAM.exe (PID: 3492)
      • ZAM.exe (PID: 4080)
      • ZAM.exe (PID: 1912)
      • ZAM.exe (PID: 3800)
      • ZAM.exe (PID: 2556)
      • ZAM.exe (PID: 2972)
      • update_{3D3CF1D5-5B5E-46DD-AE63-C2B6BDAEC6B9}.exe (PID: 3952)
      • ZAM.exe (PID: 3116)
      • ZAM.exe (PID: 2976)
      • ZAM.exe (PID: 3092)

    • Loads dropped or rewritten executable

      • explorer.exe (PID: 116)
      • regsvr32.exe (PID: 3184)
      • svchost.exe (PID: 844)
      • regsvr32.exe (PID: 3160)
      • regsvr32.exe (PID: 4008)

    • Registers / Runs the DLL via REGSVR32.EXE

      • ZAM.exe (PID: 3924)
      • ZAM.exe (PID: 2976)

    • Changes the autorun value in the registry

      • ZAM.exe (PID: 3924)
      • ZAM.exe (PID: 3492)
      • ZAM.exe (PID: 2976)

  • SUSPICIOUS

    • Reads Internet Cache Settings

      • explorer.exe (PID: 116)
      • ZAM.exe (PID: 4080)

    • Executable content was dropped or overwritten

      • Zemana.AntiMalware.Setup.exe (PID: 4036)
      • Zemana.AntiMalware.Setup.exe (PID: 1420)
      • Zemana.AntiMalware.Setup.tmp (PID: 2500)
      • ZAM.exe (PID: 3924)
      • Zemana.AntiMalware.Setup.exe (PID: 3840)
      • DllHost.exe (PID: 3904)
      • Zemana.AntiMalware.Setup.exe (PID: 3848)
      • Zemana.AntiMalware.Setup.tmp (PID: 2188)
      • msdt.exe (PID: 3272)
      • csc.exe (PID: 3700)
      • DllHost.exe (PID: 3068)
      • ZAM.exe (PID: 4080)
      • update_{3D3CF1D5-5B5E-46DD-AE63-C2B6BDAEC6B9}.exe (PID: 3952)
      • update_{3D3CF1D5-5B5E-46DD-AE63-C2B6BDAEC6B9}.tmp (PID: 3212)
      • ZAM.exe (PID: 2976)

    • Reads the Windows organization settings

      • Zemana.AntiMalware.Setup.tmp (PID: 2500)
      • Zemana.AntiMalware.Setup.tmp (PID: 2188)
      • update_{3D3CF1D5-5B5E-46DD-AE63-C2B6BDAEC6B9}.tmp (PID: 3212)

    • Reads Windows owner or organization settings

      • Zemana.AntiMalware.Setup.tmp (PID: 2500)
      • Zemana.AntiMalware.Setup.tmp (PID: 2188)
      • update_{3D3CF1D5-5B5E-46DD-AE63-C2B6BDAEC6B9}.tmp (PID: 3212)

    • Creates files in the user directory

      • explorer.exe (PID: 116)

    • Creates files in the Windows directory

      • ZAM.exe (PID: 3924)
      • ZAM.exe (PID: 3516)
      • ZAM.exe (PID: 3812)
      • ZAM.exe (PID: 3800)
      • ZAM.exe (PID: 2972)
      • ZAM.exe (PID: 3116)

    • Creates files in the driver directory

      • ZAM.exe (PID: 3924)

    • Removes files from Windows directory

      • ZAM.exe (PID: 3516)
      • ZAM.exe (PID: 3812)
      • ZAM.exe (PID: 3800)
      • ZAM.exe (PID: 2972)
      • ZAM.exe (PID: 3116)

    • Creates files in the program directory

      • ZAM.exe (PID: 3924)
      • ZAM.exe (PID: 2976)

    • Application launched itself

      • taskmgr.exe (PID: 3888)
      • ZAM.exe (PID: 4080)
      • ZAM.exe (PID: 2976)

    • Creates COM task schedule object

      • regsvr32.exe (PID: 3184)
      • regsvr32.exe (PID: 4008)

    • Reads CPU info

      • ZAM.exe (PID: 3924)
      • ZAM.exe (PID: 3492)
      • ZAM.exe (PID: 4080)
      • ZAM.exe (PID: 3092)

    • Searches for installed software

      • Zemana.AntiMalware.Setup.tmp (PID: 2188)
      • update_{3D3CF1D5-5B5E-46DD-AE63-C2B6BDAEC6B9}.tmp (PID: 3212)

    • Creates or modifies windows services

      • ZAM.exe (PID: 2272)

    • Reads internet explorer settings

      • ZAM.exe (PID: 3092)

  • INFO

    • Application was dropped or rewritten from another process

      • Zemana.AntiMalware.Setup.tmp (PID: 2648)
      • Zemana.AntiMalware.Setup.tmp (PID: 2500)
      • ZAM.exe (PID: 3180)
      • ZAM.exe (PID: 3612)
      • ZAM.exe (PID: 3584)
      • ZAM.exe (PID: 3844)
      • ZAM.exe (PID: 2228)
      • ZAM.exe (PID: 3732)
      • Zemana.AntiMalware.Setup.tmp (PID: 2188)
      • Zemana.AntiMalware.Setup.tmp (PID: 3640)
      • ZAM.exe (PID: 3320)
      • ZAM.exe (PID: 3468)
      • ZAM.exe (PID: 3916)
      • ZAM.exe (PID: 2368)
      • ZAM.exe (PID: 3696)
      • ZAM.exe (PID: 2824)
      • update_{3D3CF1D5-5B5E-46DD-AE63-C2B6BDAEC6B9}.tmp (PID: 3212)
      • ZAM.exe (PID: 3216)
      • ZAM.exe (PID: 2948)
      • ZAM.exe (PID: 2272)
      • ZAM.exe (PID: 1432)
      • ZAM.exe (PID: 2432)
      • ZAM.exe (PID: 2828)
      • ZAM.exe (PID: 3148)

    • Loads dropped or rewritten executable

      • Zemana.AntiMalware.Setup.tmp (PID: 2500)
      • Zemana.AntiMalware.Setup.tmp (PID: 2188)
      • update_{3D3CF1D5-5B5E-46DD-AE63-C2B6BDAEC6B9}.tmp (PID: 3212)

    • Creates files in the program directory

      • Zemana.AntiMalware.Setup.tmp (PID: 2500)
      • Zemana.AntiMalware.Setup.tmp (PID: 2188)
      • update_{3D3CF1D5-5B5E-46DD-AE63-C2B6BDAEC6B9}.tmp (PID: 3212)

    • Creates a software uninstall entry

      • Zemana.AntiMalware.Setup.tmp (PID: 2500)
      • Zemana.AntiMalware.Setup.tmp (PID: 2188)
      • update_{3D3CF1D5-5B5E-46DD-AE63-C2B6BDAEC6B9}.tmp (PID: 3212)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 4736260
UncompressedSize: 4736185
OperatingSystem: Win32
ModifyDate: 2016:09:28 08:52:27
PackingMethod: Stored
ArchivedFileName: [www.gigapurbalingga.com]_ZemAMPr250280\Crack.rar
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
124
Monitored processes
61
Malicious processes
12
Suspicious processes
7

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start winrar.exe no specs zemana.antimalware.setup.exe zemana.antimalware.setup.tmp no specs zemana.antimalware.setup.exe zemana.antimalware.setup.tmp zam.exe no specs winrar.exe no specs zam.exe no specs zam.exe no specs zam.exe no specs zam.exe no specs zam.exe no specs zam.exe zam.exe no specs regsvr32.exe no specs explorer.exe no specs svchost.exe taskmgr.exe no specs taskmgr.exe Copy/Move/Rename/Delete/Link Object zam.exe no specs notepad.exe no specs zemana.antimalware.setup.exe zemana.antimalware.setup.tmp no specs zemana.antimalware.setup.exe zemana.antimalware.setup.tmp zam.exe no specs zam.exe no specs zam.exe no specs zam.exe no specs zam.exe no specs zam.exe no specs zam.exe zam.exe no specs taskmgr.exe no specs pcwrun.exe no specs msdt.exe sdiagnhost.exe no specs csc.exe cvtres.exe no specs Copy/Move/Rename/Delete/Link Object zam.exe zam.exe zam.exe no specs taskmgr.exe no specs zam.exe zam.exe no specs update_{3d3cf1d5-5b5e-46dd-ae63-c2b6bdaec6b9}.exe update_{3d3cf1d5-5b5e-46dd-ae63-c2b6bdaec6b9}.tmp zam.exe no specs zam.exe no specs zam.exe no specs zam.exe no specs zam.exe no specs zam.exe no specs zam.exe no specs zam.exe zam.exe no specs regsvr32.exe no specs regsvr32.exe no specs zam.exe

Process information

PID
CMD
Path
Indicators
Parent process
116C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
128"C:\Program Files\Zemana AntiMalware\ZAM.exe" C:\Program Files\Zemana AntiMalware\ZAM.exeexplorer.exe
User:
admin
Company:
Zemana Ltd.
Integrity Level:
MEDIUM
Description:
ZAM UZ1
Exit code:
0
Modules
Images
c:\program files\zemana antimalware\zam.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
656C:\Windows\system32\pcwrun.exe "C:\Program Files\Zemana AntiMalware\ZAM.exe"C:\Windows\system32\pcwrun.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Program Compatibility Troubleshooter Invoker
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\pcwrun.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
844C:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1036"C:\Windows\system32\taskmgr.exe" /4C:\Windows\system32\taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Task Manager
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1420"C:\Users\admin\Desktop\[www.gigapurbalingga.com]_ZemAMPr250280\Zemana.AntiMalware.Setup.exe" /SPAWNWND=$10198 /NOTIFYWND=$10188 C:\Users\admin\Desktop\[www.gigapurbalingga.com]_ZemAMPr250280\Zemana.AntiMalware.Setup.exe
Zemana.AntiMalware.Setup.tmp
User:
admin
Company:
Integrity Level:
HIGH
Description:
Advanced Malware Protection
Exit code:
0
Version:
2.50.80
Modules
Images
c:\users\admin\desktop\[www.gigapurbalingga.com]_zemampr250280\zemana.antimalware.setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1432"C:\Users\admin\AppData\Local\Temp\is-Q58GI.tmp\ZAM.exe" /get_installer_product_idC:\Users\admin\AppData\Local\Temp\is-Q58GI.tmp\ZAM.exeupdate_{3D3CF1D5-5B5E-46DD-AE63-C2B6BDAEC6B9}.tmp
User:
SYSTEM
Company:
Copyright 2017.
Integrity Level:
HIGH
Description:
ZAM
Exit code:
2
Version:
2.74.0.150
Modules
Images
c:\users\admin\appdata\local\temp\is-q58gi.tmp\zam.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
1912"C:\Program Files\Zemana AntiMalware\ZAM.exe" /runserviceC:\Program Files\Zemana AntiMalware\ZAM.exe
ZAM.exe
User:
admin
Company:
Zemana Ltd.
Integrity Level:
HIGH
Description:
ZAM UZ1
Exit code:
0
Modules
Images
c:\program files\zemana antimalware\zam.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
2188"C:\Users\admin\AppData\Local\Temp\is-5T5I6.tmp\Zemana.AntiMalware.Setup.tmp" /SL5="$9017C,4761266,119296,C:\Users\admin\Desktop\[www.gigapurbalingga.com]_ZemAMPr250280\Zemana.AntiMalware.Setup.exe" /SPAWNWND=$6018A /NOTIFYWND=$601EA C:\Users\admin\AppData\Local\Temp\is-5T5I6.tmp\Zemana.AntiMalware.Setup.tmp
Zemana.AntiMalware.Setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-5t5i6.tmp\zemana.antimalware.setup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
2228"C:\Users\admin\AppData\Local\Temp\is-H1AHO.tmp\ZAM.exe" /is_safeonline_installedC:\Users\admin\AppData\Local\Temp\is-H1AHO.tmp\ZAM.exeZemana.AntiMalware.Setup.tmp
User:
admin
Company:
Zemana Ltd.
Integrity Level:
HIGH
Description:
ZAM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\is-h1aho.tmp\zam.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
Total events
14 815
Read events
13 756
Write events
1 006
Delete events
53

Modification events

(PID) Process:(3816) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3816) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3816) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3816) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\[www.gigapurbalingga.com]_ZemAMPr250280.rar
(PID) Process:(3816) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3816) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3816) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3816) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(116) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList
Operation:writeName:a
Value:
WinRAR.exe
(PID) Process:(116) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList
Operation:writeName:MRUList
Value:
a
Executable files
31
Suspicious files
82
Text files
162
Unknown types
27

Dropped files

PID
Process
Filename
Type
3816WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3816.32293\[www.gigapurbalingga.com]_ZemAMPr250280\Crack.rar
MD5:
SHA256:
3816WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3816.32293\[www.gigapurbalingga.com]_ZemAMPr250280\Forum.url
MD5:
SHA256:
3816WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3816.32293\[www.gigapurbalingga.com]_ZemAMPr250280\GigaPurbalingga.com_Free Download Software Full Version.url
MD5:
SHA256:
3816WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3816.32293\[www.gigapurbalingga.com]_ZemAMPr250280\Read Me!!!.txt
MD5:
SHA256:
3816WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3816.32293\[www.gigapurbalingga.com]_ZemAMPr250280\Zemana.AntiMalware.Setup.exe
MD5:
SHA256:
116explorer.exeC:\Users\admin\Desktop\[www.gigapurbalingga.com]_ZemAMPr250280
MD5:
SHA256:
2352WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2352.34126\Crack\Forum.url
MD5:
SHA256:
2352WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2352.34126\Crack\GigaPurbalingga.com_Free Download Software Full Version.url
MD5:
SHA256:
2352WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2352.34126\Crack\Install Instruction.txt
MD5:
SHA256:
2352WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2352.34126\Crack\Read Me!!!.txt
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
21
DNS requests
9
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4080
ZAM.exe
GET
45.79.153.218:80
http://dl12.zemana.com/AntiMalware/2.74.2.150/Zemana.AntiMalware.Setup.exe
US
whitelisted
3092
ZAM.exe
GET
45.79.154.56:80
http://cdn.go.zemana.com/?db=9128048&Operation=Download&cuid=122F47044D0197891995B5&vi=2074150
US
whitelisted
4080
ZAM.exe
GET
45.79.153.218:80
http://dl12.zemana.com/AntiMalware/2.74.2.150/Zemana.AntiMalware.Setup.exe
US
whitelisted
3924
ZAM.exe
POST
168.62.20.37:80
http://zamcloud.zemana.com/api/client/settings/122F47044D0197891995B5/2/2/2050080
US
whitelisted
4080
ZAM.exe
GET
200
45.79.153.218:80
http://cdn9.zemana.com/CacheControl.bin
US
text
12 b
whitelisted
3924
ZAM.exe
GET
200
45.79.153.218:80
http://cdn9.zemana.com/CacheControl.bin
US
text
12 b
whitelisted
4080
ZAM.exe
POST
200
168.62.20.37:80
http://zamcloud.zemana.com/api/client/settings/122F47044D0197891995B5/2/2/2050080
US
text
1.41 Kb
whitelisted
4080
ZAM.exe
POST
200
168.62.20.37:80
http://zamcloud.zemana.com/api/ig2/check/2050080
US
text
211 b
whitelisted
3492
ZAM.exe
GET
200
45.79.153.218:80
http://cdn9.zemana.com/CacheControl.bin
US
text
12 b
whitelisted
4080
ZAM.exe
POST
200
168.62.20.37:80
http://zamcloud.zemana.com/api/client/settings/122F47044D0197891995B5/2/2/2050080
US
text
1.41 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3924
ZAM.exe
45.79.153.218:80
cdn9.zemana.com
Linode, LLC
US
suspicious
3924
ZAM.exe
168.62.20.37:80
zamcloud.zemana.com
Microsoft Corporation
US
whitelisted
3092
ZAM.exe
168.62.20.37:80
zamcloud.zemana.com
Microsoft Corporation
US
whitelisted
3092
ZAM.exe
45.79.153.218:80
cdn9.zemana.com
Linode, LLC
US
suspicious
3092
ZAM.exe
52.160.40.218:80
check.zemana.com
Microsoft Corporation
US
unknown
3092
ZAM.exe
45.79.154.56:80
cdn.go.zemana.com
Linode, LLC
US
malicious
4080
ZAM.exe
45.79.154.56:80
cdn.go.zemana.com
Linode, LLC
US
malicious
3092
ZAM.exe
208.67.220.220:53
OpenDNS, LLC
US
suspicious
3092
ZAM.exe
40.112.143.140:80
www.zemana.com
Microsoft Corporation
US
unknown
3492
ZAM.exe
168.62.20.37:80
zamcloud.zemana.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
cdn9.zemana.com
  • 45.79.153.218
whitelisted
zamcloud.zemana.com
  • 168.62.20.37
whitelisted
dl12.zemana.com
  • 45.79.153.218
whitelisted
cdn.go.zemana.com
  • 45.79.154.56
whitelisted
check.zemana.com
  • 52.160.40.218
whitelisted
www.zemana.com
  • 40.112.143.140
whitelisted

Threats

PID
Process
Class
Message
3924
ZAM.exe
A Network Trojan was detected
MALWARE [PTsecurity] FakeAV.C1773776 Request
4080
ZAM.exe
A Network Trojan was detected
MALWARE [PTsecurity] FakeAV.C1773776 Request
4080
ZAM.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4080
ZAM.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4080
ZAM.exe
A Network Trojan was detected
MALWARE [PTsecurity] FakeAV.C1773776 Request
4080
ZAM.exe
A Network Trojan was detected
MALWARE [PTsecurity] FakeAV.C1773776 Request
3092
ZAM.exe
A Network Trojan was detected
MALWARE [PTsecurity] FakeAV.C1773776 Request
3092
ZAM.exe
A Network Trojan was detected
MALWARE [PTsecurity] FakeAV.C1773776 Response
Process
Message
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
[www.gigapurbalingga.com]_ZemAMPr250280.rar