File name:

ZWFS.zip

Full analysis: https://app.any.run/tasks/fad95101-d720-4f8e-91d3-32bd870bd9da
Verdict: Malicious activity
Analysis date: August 13, 2024, 19:43:02
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

F7DA1697EA25CF045792D4FF8D6CDD41

SHA1:

210911B97947F35CD1816BD0949D513356E44893

SHA256:

08A86F498647A1FA2EA8E47D3A59155524E4D14DF3C9DBC5D62484287F2D445E

SSDEEP:

98304:wFqVlSjjmVUBob1OaUyfwzItXno0K0FreaUKSkEfdDkgZQS8Jm3MiU7T4iDCRhzx:9cVFDA3J6OWml4x

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 6616)
      • vbrun60sp6.exe (PID: 6204)
      • vbrun60sp6.exe (PID: 6404)

    • Starts a Microsoft application from unusual location

      • vbrun60sp6.exe (PID: 6984)
      • vbrun60sp6.exe (PID: 6204)
      • vbrun60sp6.exe (PID: 6404)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 6616)
      • vbrun60sp6.exe (PID: 6204)
      • vbrun60sp6.exe (PID: 6404)

    • Executable content was dropped or overwritten

      • vbrun60sp6.exe (PID: 6204)
      • vbrun60sp6.exe (PID: 6404)

    • Creates/Modifies COM task schedule object

      • vbrun60sp6.exe (PID: 6204)
      • vbrun60sp6.exe (PID: 6404)

  • INFO

    • Manual execution by a user

      • vbrun60sp6.exe (PID: 6984)
      • Lohpans-USB.exe (PID: 1664)
      • vbrun60sp6.exe (PID: 6204)
      • vbrun60sp6.exe (PID: 6404)
      • Lohpans-USB.exe (PID: 3540)
      • Acrobat.exe (PID: 3136)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6616)
      • AdobeARM.exe (PID: 2396)

    • Checks supported languages

      • Lohpans-USB.exe (PID: 1664)
      • vbrun60sp6.exe (PID: 6204)
      • vbrun60sp6.exe (PID: 6404)
      • Lohpans-USB.exe (PID: 3540)
      • acrobat_sl.exe (PID: 7172)

    • Create files in a temporary directory

      • Lohpans-USB.exe (PID: 1664)
      • vbrun60sp6.exe (PID: 6404)
      • vbrun60sp6.exe (PID: 6204)
      • Lohpans-USB.exe (PID: 3540)

    • Reads the computer name

      • Lohpans-USB.exe (PID: 1664)
      • vbrun60sp6.exe (PID: 6204)
      • Lohpans-USB.exe (PID: 3540)
      • vbrun60sp6.exe (PID: 6404)

    • Application launched itself

      • Acrobat.exe (PID: 3136)
      • AcroCEF.exe (PID: 6988)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2021:12:08 15:07:08
ZipCRC: 0xd4a3ece8
ZipCompressedSize: 445418
ZipUncompressedSize: 1597440
ZipFileName: ZWFS/Lohpans-USB.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
25
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs lohpans-usb.exe no specs vbrun60sp6.exe no specs vbrun60sp6.exe grpconv.exe no specs vbrun60sp6.exe grpconv.exe no specs lohpans-usb.exe no specs acrobat.exe acrobat.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs adobearm.exe acrobat_sl.exe no specs acrocef.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
300"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1584 --field-trial-handle=1600,i,12624710407873718070,1301647707117231387,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
840"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1600,i,12624710407873718070,1301647707117231387,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1664"C:\Users\admin\Desktop\ZWFS\Lohpans-USB.exe" C:\Users\admin\Desktop\ZWFS\Lohpans-USB.exeexplorer.exe
User:
admin
Company:
Zi Wei Feng Shui Academy
Integrity Level:
MEDIUM
Description:
Ver 2.0
Exit code:
0
Version:
2.00
Modules
Images
c:\users\admin\desktop\zwfs\lohpans-usb.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1716"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2588 --field-trial-handle=1600,i,12624710407873718070,1301647707117231387,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2396"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Acrobat /VERSION:23.0 /MODE:3C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Acrobat.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
Adobe Reader and Acrobat Manager
Version:
1.824.460.1042
Modules
Images
c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\psapi.dll
c:\windows\syswow64\user32.dll
2872"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2432 --field-trial-handle=1600,i,12624710407873718070,1301647707117231387,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3136"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\admin\Desktop\ZWFS\ZWFS-README.pdf"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
explorer.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrobat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3540"C:\Users\admin\Desktop\ZWFS\Lohpans-USB.exe" C:\Users\admin\Desktop\ZWFS\Lohpans-USB.exeexplorer.exe
User:
admin
Company:
Zi Wei Feng Shui Academy
Integrity Level:
MEDIUM
Description:
Ver 2.0
Exit code:
0
Version:
2.00
Modules
Images
c:\users\admin\desktop\zwfs\lohpans-usb.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvbvm60.dll
c:\windows\syswow64\user32.dll
4080"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" --type=renderer /prefetch:1 "C:\Users\admin\Desktop\ZWFS\ZWFS-README.pdf"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeAcrobat.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrobat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5064"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=renderer --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --first-renderer-process --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --touch-events=enabled --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1688 --field-trial-handle=1600,i,12624710407873718070,1301647707117231387,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
26 331
Read events
26 128
Write events
197
Delete events
6

Modification events

(PID) Process:(6616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(6616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(6616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\ZWFS.zip
(PID) Process:(6616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF070100007C000000C704000065020000
(PID) Process:(6616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
46
Suspicious files
152
Text files
17
Unknown types
2

Dropped files

PID
Process
Filename
Type
6616WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6616.964\ZWFS\ZWFS-README.pdf
MD5:
SHA256:
6616WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6616.964\ZWFS\Lohpans-USB.uzyexecutable
MD5:0D78963007F3AA214B7DB582A901A9E1
SHA256:07B09926BC01AEEA73780D3EE682F0F3F64C62711059A5C4FABA3C9F48635DD9
6616WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6616.964\ZWFS\setlohpans.iniini
MD5:529C313CC2309A6A02298AD04C149335
SHA256:2172B5C2F04A2E0E39BB0433CF14306BB49886DE6CE6001186D44ED11D9A9F98
6616WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6616.964\ZWFS\pwtext
MD5:A513CCC050FC5CE17058D05F051165D2
SHA256:DB284F86D4C6BF839D3681937A04E0C79ACDC5FDDBFE22F94424A3DF1CA4370B
6616WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6616.964\ZWFS\ZWFC2ttf
MD5:DE21715303A9069E14D328E3A71F216C
SHA256:550B0DBEFAD08960C7A429DF1FBCE8A17F8737C56171BF41D6C6D649C34AC46A
6616WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6616.964\ZWFS\vbrun60sp6.exeexecutable
MD5:899185DAA1572EC47DDAEFA1B9766136
SHA256:7F7BC59F453539194C2D38FD68FB2B4BEB3C1B5B5273CEC1B7DD1150B0EA929D
6204vbrun60sp6.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\comcat.dllexecutable
MD5:3B180DA2B50B954A55FE37AFBA58D428
SHA256:96D04CDFAF4F4D7B8722B139A15074975D4C244302F78034B7BE65DF1A92FD03
6616WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6616.964\ZWFS\lohpanusb.dattext
MD5:A56AE150DBDB829C7392E2E1EB049107
SHA256:4656B00F23B407D84124F184A3F2B1100A368475C76FA2823E86814B7A6A33F9
6204vbrun60sp6.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\asycfilt.dllexecutable
MD5:C89E401800DE62E5702E085D898EED20
SHA256:DE83C9D9203050B40C098E4143EF8F577AA90016C7A64D4F2931B57A4C43E566
6204vbrun60sp6.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLLexecutable
MD5:4BE7661C89897EAA9B28DAE290C3922F
SHA256:E5E9F7C8DBD47134815E155ED1C7B261805EDA6FDDEA6FA4EA78E0E4FB4F7FB5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
49
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
2396
AdobeARM.exe
GET
404
184.25.51.11:80
http://acroipm2.adobe.com/assets/Owner/arm/2024/8/UC/Other.txt
unknown
whitelisted
2396
AdobeARM.exe
GET
404
184.25.51.11:80
http://acroipm2.adobe.com/assets/Owner/arm/2024/8/OwnerAPI/Rdr.txt
unknown
whitelisted
2396
AdobeARM.exe
GET
404
184.25.51.11:80
http://acroipm2.adobe.com/assets/Owner/arm/2024/8/MRU/Rdr.txt
unknown
whitelisted
3136
Acrobat.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
2396
AdobeARM.exe
GET
304
184.25.51.11:80
http://acroipm2.adobe.com/assets/Owner/arm/ProcessMAU.txt
unknown
whitelisted
2396
AdobeARM.exe
GET
404
184.25.51.11:80
http://acroipm2.adobe.com/assets/Owner/arm/33/adnme/NoValidReasonForAdnme.txt
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA0aNA9419AA4In9uq1lIt8%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
532
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
104.126.37.153:443
www.bing.com
Akamai International B.V.
DE
unknown
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
40.126.32.74:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
www.bing.com
  • 104.126.37.153
  • 104.126.37.168
  • 104.126.37.176
  • 104.126.37.145
  • 104.126.37.155
  • 104.126.37.152
  • 104.126.37.162
  • 104.126.37.161
  • 104.126.37.147
  • 104.126.37.154
  • 104.126.37.177
  • 104.126.37.160
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.74
  • 40.126.32.76
  • 20.190.160.14
  • 40.126.32.134
  • 40.126.32.140
  • 40.126.32.133
  • 40.126.32.68
  • 20.190.160.22
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
  • 40.127.240.158
whitelisted
th.bing.com
  • 104.126.37.147
  • 104.126.37.130
  • 104.126.37.139
  • 104.126.37.129
  • 104.126.37.145
  • 104.126.37.123
  • 104.126.37.144
  • 104.126.37.186
  • 104.126.37.128
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
slscr.update.microsoft.com
  • 52.165.165.26
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ZWFS.zip