File name:

Aviator-Predictor-FULL-main (1).zip

Full analysis: https://app.any.run/tasks/5a43a5a9-bfec-4cb3-b2b4-48b2d7f1e176
Verdict: Malicious activity
Analysis date: September 02, 2024, 07:32:55
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

2AD477B9C4FE0AC1F42E8D3FDBB5568A

SHA1:

6DEAEEF8409DCCD218EAA4C69CB1B52E104F7D84

SHA256:

05C3F1186CE7E2E82F2D6CE4770FFDC1D170CDABC1298595D8A6EA26BC230829

SSDEEP:

49152:ZJR8Em3mNAIhOR+wwehGP/bzLFfolk/Ml753S7BOuW6R5TR54tPa9m8ES0A5K4/v:zR8TmNAIhORhdM/LFfEk/Ml13A1PTRSo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7568)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 6168)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 940)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7568)
      • msiexec.exe (PID: 3028)

    • Reads security settings of Internet Explorer

      • Aviator-Hack.exe (PID: 6748)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 940)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7568)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7568)

    • Reads the date of Windows installation

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)

    • Drops the executable file immediately after the start

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 940)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7568)
      • msiexec.exe (PID: 3028)

    • Starts itself from another location

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)

    • Searches for installed software

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7568)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7568)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 3028)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 3028)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 3028)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 3028)

  • INFO

    • Manual execution by a user

      • Aviator-Hack.exe (PID: 6748)
      • Aviator-Hack.exe (PID: 5712)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 6168)
      • msedge.exe (PID: 7772)
      • msedge.exe (PID: 6308)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)

    • Checks supported languages

      • Aviator-Hack.exe (PID: 6748)
      • identity_helper.exe (PID: 7472)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 940)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7568)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)
      • msiexec.exe (PID: 3028)
      • msiexec.exe (PID: 5692)
      • msiexec.exe (PID: 6948)
      • msiexec.exe (PID: 2132)
      • Aviator-Hack.exe (PID: 5712)
      • msiexec.exe (PID: 2360)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6168)
      • msedge.exe (PID: 6308)
      • msiexec.exe (PID: 3028)

    • Reads the computer name

      • Aviator-Hack.exe (PID: 6748)
      • identity_helper.exe (PID: 7472)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7568)
      • msiexec.exe (PID: 3028)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)
      • msiexec.exe (PID: 5692)
      • Aviator-Hack.exe (PID: 5712)
      • msiexec.exe (PID: 6948)
      • msiexec.exe (PID: 2360)
      • msiexec.exe (PID: 2132)

    • Reads Microsoft Office registry keys

      • Aviator-Hack.exe (PID: 6748)
      • msedge.exe (PID: 6308)

    • Reads Environment values

      • identity_helper.exe (PID: 7472)

    • Create files in a temporary directory

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 940)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7568)

    • Reads the software policy settings

      • slui.exe (PID: 7904)
      • msiexec.exe (PID: 3028)
      • slui.exe (PID: 6324)

    • Application launched itself

      • msedge.exe (PID: 6308)

    • Process checks computer location settings

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 3040)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7568)
      • msiexec.exe (PID: 3028)

    • Creates files in the program directory

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 7568)
      • Aviator-Hack.exe (PID: 5712)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 3028)

    • Checks proxy server information

      • slui.exe (PID: 6324)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:09:02 00:17:16
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Aviator-Predictor-FULL-main/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
204
Monitored processes
68
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs aviator-hack.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs windowsdesktop-runtime-6.0.33-win-x64 (1).exe windowsdesktop-runtime-6.0.33-win-x64 (1).exe windowsdesktop-runtime-6.0.33-win-x64.exe msiexec.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs aviator-hack.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
252"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=6992 --field-trial-handle=2360,i,9969674977196351859,17619899063040639157,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
940"C:\Users\admin\Downloads\windowsdesktop-runtime-6.0.33-win-x64 (1).exe" C:\Users\admin\Downloads\windowsdesktop-runtime-6.0.33-win-x64 (1).exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Desktop Runtime - 6.0.33 (x64)
Exit code:
0
Version:
6.0.33.33916
Modules
Images
c:\users\admin\downloads\windowsdesktop-runtime-6.0.33-win-x64 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5956 --field-trial-handle=2360,i,9969674977196351859,17619899063040639157,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1224C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
1332"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7480 --field-trial-handle=2360,i,9969674977196351859,17619899063040639157,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1436"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5396 --field-trial-handle=2360,i,9969674977196351859,17619899063040639157,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1780"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5544 --field-trial-handle=2360,i,9969674977196351859,17619899063040639157,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2132C:\Windows\syswow64\MsiExec.exe -Embedding 4B9C4D80675A2267DF934D279757A9A4C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2228"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6628 --field-trial-handle=2360,i,9969674977196351859,17619899063040639157,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2360C:\Windows\syswow64\MsiExec.exe -Embedding 4AA06F8EB8BC5461C37D946333A5D0C4C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
36 358
Read events
35 248
Write events
1 062
Delete events
48

Modification events

(PID) Process:(6168) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(6168) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(6168) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6168) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Aviator-Predictor-FULL-main (1).zip
(PID) Process:(6168) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6168) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6168) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6168) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6168) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB800000053000000780400003C020000
(PID) Process:(6168) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
539
Suspicious files
319
Text files
178
Unknown types
33

Dropped files

PID
Process
Filename
Type
6168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6168.19947\Aviator-Predictor-FULL-main\.github\FUNDING.ymltext
MD5:CDCF4932A00EC9CDC5594370B1C01CC6
SHA256:5D2C7E9D077858F4E12AB03B26C9C00EE883655700E50AE4D8DB88E9A9F05938
6168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6168.19947\Aviator-Predictor-FULL-main\Aviator Predictor\Aviator-Hack.slntext
MD5:0DC582BB5CFDE19A2F9F2887280976EE
SHA256:3FA44811C7E0A827CA7E1A00618610B46F64951F694E59B3B327CAFDA058646F
6168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6168.19947\Aviator-Predictor-FULL-main\Aviator Predictor\Form1.resxxml
MD5:2CE6C7E58691711024D5F31AB05A58D1
SHA256:C0F405542304A8EA089DD209CFBBBE9704113D8EA1644CC5829A4F0C606002D7
6168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6168.19947\Aviator-Predictor-FULL-main\Aviator Predictor\Form2.Designer.cstext
MD5:0DBF28755BF69EF0773B2B5B1F4B8B6B
SHA256:0947B86CEA1778D012850A9FE9E0B165B778281597D4371DEAC241BE975AEB35
6168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6168.19947\Aviator-Predictor-FULL-main\Aviator Predictor\FrmContactus.cstext
MD5:9923196D7753F30ADF60E1F117E46BF7
SHA256:3095F9E84E9DB3508BF62AB8208B417AAF909E26F0132C0C85E642CDB6089641
6168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6168.19947\Aviator-Predictor-FULL-main\Aviator Predictor\FrmAviator.resxxml
MD5:6E2A14E7B342AAD5EE2297A90C34C7E4
SHA256:FD1D580684DF408A7FF06726F30598C23B20F7D2E9DEC38289503ABE7FCA5088
6168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6168.19947\Aviator-Predictor-FULL-main\Aviator Predictor\Form1.Designer.cstext
MD5:BC522051EF448DECB383305FCF54618F
SHA256:C88B8225B2A844EDFFDD43B865595083D75328C9CC138CC4EC7117D6026D5E1C
6168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6168.19947\Aviator-Predictor-FULL-main\Aviator Predictor\FrmContactus.Designer.cstext
MD5:B546BE0F1019385C306EA3CFEA9F772D
SHA256:736CCA72B3139893D5C5E6A2D6299AF5E7B844C097BECE1E846004A7A325F975
6168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6168.19947\Aviator-Predictor-FULL-main\Aviator Predictor\FrmAviator.cstext
MD5:1C0879D0CBD8AA840A8E590FB0956FAB
SHA256:6E0BC22047D3462D7A85EB5C99A0BCA062E8FC6BC6303488DC763D3BB9D3915A
6168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6168.19947\Aviator-Predictor-FULL-main\.gitignoretext
MD5:7603A8B5FBCB989107B494DFFF70AE97
SHA256:F0CCB88E17018CAD6016FACA27FEE574CC327C9975FA30CC0EECA1C62DE008D2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
33
TCP/UDP connections
87
DNS requests
93
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7952
svchost.exe
GET
206
23.48.23.41:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/7b9cac0d-9ca2-42ef-9c46-ce975d51335a?P1=1725571404&P2=404&P3=2&P4=jIiXxLAKc2FnIsjQRRuTASoRbmTTQbl8TbvPOzTr%2bMZgGyZXY9uCv8%2bqlniCDtcT3PDNPoiVtXVsm1xUvjjYNg%3d%3d
unknown
whitelisted
7952
svchost.exe
HEAD
200
23.48.23.41:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/7b9cac0d-9ca2-42ef-9c46-ce975d51335a?P1=1725571404&P2=404&P3=2&P4=jIiXxLAKc2FnIsjQRRuTASoRbmTTQbl8TbvPOzTr%2bMZgGyZXY9uCv8%2bqlniCDtcT3PDNPoiVtXVsm1xUvjjYNg%3d%3d
unknown
whitelisted
7952
svchost.exe
GET
206
23.48.23.41:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9e987a3f-7b8b-495b-a173-197137c9bbfc?P1=1725571405&P2=404&P3=2&P4=kiC%2b7fXcrKSEO%2f6NVMSV4zXYlhsBv7BUgc4vQiNYa3Mw6e38MXcBCowkS6und3oLFJqXp29%2f8P%2fIbnWDVqtNXw%3d%3d
unknown
whitelisted
7952
svchost.exe
GET
206
23.48.23.41:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/7b9cac0d-9ca2-42ef-9c46-ce975d51335a?P1=1725571404&P2=404&P3=2&P4=jIiXxLAKc2FnIsjQRRuTASoRbmTTQbl8TbvPOzTr%2bMZgGyZXY9uCv8%2bqlniCDtcT3PDNPoiVtXVsm1xUvjjYNg%3d%3d
unknown
whitelisted
7952
svchost.exe
HEAD
200
23.48.23.41:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9e987a3f-7b8b-495b-a173-197137c9bbfc?P1=1725571405&P2=404&P3=2&P4=kiC%2b7fXcrKSEO%2f6NVMSV4zXYlhsBv7BUgc4vQiNYa3Mw6e38MXcBCowkS6und3oLFJqXp29%2f8P%2fIbnWDVqtNXw%3d%3d
unknown
whitelisted
7952
svchost.exe
HEAD
200
23.48.23.41:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a8f7bbde-6f97-4c85-954e-cada2f86bf6f?P1=1725781533&P2=404&P3=2&P4=WHvquftSGImf7dre9o5efT%2fssFjvf0kboR%2bkSxCD4zBA6M2Z%2bbJtybU%2bMs5cX76FeQSybVq7HMUCuXIagbLFvA%3d%3d
unknown
whitelisted
7952
svchost.exe
GET
206
23.48.23.41:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9e987a3f-7b8b-495b-a173-197137c9bbfc?P1=1725571405&P2=404&P3=2&P4=kiC%2b7fXcrKSEO%2f6NVMSV4zXYlhsBv7BUgc4vQiNYa3Mw6e38MXcBCowkS6und3oLFJqXp29%2f8P%2fIbnWDVqtNXw%3d%3d
unknown
whitelisted
7952
svchost.exe
GET
206
23.48.23.41:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9e987a3f-7b8b-495b-a173-197137c9bbfc?P1=1725571405&P2=404&P3=2&P4=kiC%2b7fXcrKSEO%2f6NVMSV4zXYlhsBv7BUgc4vQiNYa3Mw6e38MXcBCowkS6und3oLFJqXp29%2f8P%2fIbnWDVqtNXw%3d%3d
unknown
whitelisted
7952
svchost.exe
GET
206
23.48.23.41:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9e987a3f-7b8b-495b-a173-197137c9bbfc?P1=1725571405&P2=404&P3=2&P4=kiC%2b7fXcrKSEO%2f6NVMSV4zXYlhsBv7BUgc4vQiNYa3Mw6e38MXcBCowkS6und3oLFJqXp29%2f8P%2fIbnWDVqtNXw%3d%3d
unknown
whitelisted
7952
svchost.exe
GET
206
23.48.23.41:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9e987a3f-7b8b-495b-a173-197137c9bbfc?P1=1725571405&P2=404&P3=2&P4=kiC%2b7fXcrKSEO%2f6NVMSV4zXYlhsBv7BUgc4vQiNYa3Mw6e38MXcBCowkS6und3oLFJqXp29%2f8P%2fIbnWDVqtNXw%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6876
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6020
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
6876
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3260
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1944
svchost.exe
20.190.160.14:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1944
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6308
msedge.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.46
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
  • 51.124.78.146
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
login.live.com
  • 20.190.160.14
  • 40.126.32.74
  • 20.190.160.22
  • 40.126.32.136
  • 40.126.32.76
  • 40.126.32.140
  • 40.126.32.133
  • 40.126.32.138
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
aka.ms
  • 2.22.34.124
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
api.edgeoffer.microsoft.com
  • 52.153.155.231
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted

Threats

No threats detected
Process
Message
Aviator-Hack.exe
A fatal error occurred. The required library hostfxr.dll could not be found. If this is a self-contained application, that library should exist in [C:\Users\admin\Desktop\Aviator-Predictor-FULL-main\net6.0-windows\]. If this is a framework-dependent application, install the runtime in the global location [C:\Program Files\dotnet] or use the DOTNET_ROOT environment variable to specify the runtime location or register the runtime location in [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x64\InstallLocation].
Aviator-Hack.exe
The .NET runtime can be found at:
Aviator-Hack.exe
- https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.2
Aviator-Hack.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 5712. Message ID: [0x2509].
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Aviator-Predictor-FULL-main (1).zip