File name:

Archivos1.zip

Full analysis: https://app.any.run/tasks/08b5d759-7b98-4051-bb3d-0db69ddafee3
Verdict: Malicious activity
Analysis date: May 26, 2025, 16:11:34
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
obfuscated-js
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

C17344E5A3AD06234A1E717AC044E899

SHA1:

5894539612EF8CF28E9DB4EF13E5FB9EDAF16B8E

SHA256:

12B43CE5A0D1F668751F743AB0A290844D26BD514F6468DCD182EAD920977D18

SSDEEP:

24576:Hyf1GeCbUIrrm4wg1+e7ZoPCb4MmJE+18NeIGE+18Nx1IziUvnE5Nm9nBnUFclVS:HyfceCbUIrrm4wg157ZoPCb4MmJE+18t

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 896)

    • UAC/LUA settings modification

      • reg.exe (PID: 8084)

    • Uses Task Scheduler to autorun other applications

      • cmd.exe (PID: 3364)

  • SUSPICIOUS

    • Uses ATTRIB.EXE to modify file attributes

      • cmd.exe (PID: 3268)
      • cmd.exe (PID: 3364)

    • Executing commands from a ".bat" file

      • WinRAR.exe (PID: 896)
      • mshta.exe (PID: 3768)
      • mshta.exe (PID: 2244)

    • Starts CMD.EXE for commands execution

      • mshta.exe (PID: 3768)
      • cmd.exe (PID: 3268)
      • WinRAR.exe (PID: 896)
      • mshta.exe (PID: 2244)
      • cmd.exe (PID: 3364)

    • Found IP address in command line

      • powershell.exe (PID: 5756)
      • powershell.exe (PID: 6404)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 896)
      • ShellExperienceHost.exe (PID: 7192)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 3268)
      • cmd.exe (PID: 3364)

    • Downloads file from URI via Powershell

      • powershell.exe (PID: 5756)
      • powershell.exe (PID: 6404)

    • Application launched itself

      • cmd.exe (PID: 3268)
      • cmd.exe (PID: 3364)
      • WinRAR.exe (PID: 896)

    • Connects to unusual port

      • powershell.exe (PID: 5756)
      • powershell.exe (PID: 6404)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 3268)
      • cmd.exe (PID: 3364)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 3268)
      • cmd.exe (PID: 3364)

  • INFO

    • Reads Microsoft Office registry keys

      • WinRAR.exe (PID: 896)

    • Checks proxy server information

      • mshta.exe (PID: 3768)
      • powershell.exe (PID: 5756)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 896)
      • msedge.exe (PID: 7996)

    • Reads Internet Explorer settings

      • mshta.exe (PID: 3768)

    • Manual execution by a user

      • msedge.exe (PID: 4812)
      • notepad++.exe (PID: 3976)
      • cmd.exe (PID: 6268)

    • Application launched itself

      • msedge.exe (PID: 4812)
      • msedge.exe (PID: 5260)

    • Disables trace logs

      • powershell.exe (PID: 5756)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 5756)

    • Uses Task Scheduler to autorun other applications (AUTOMATE)

      • cmd.exe (PID: 3268)

    • Failed to connect to remote server (POWERSHELL)

      • powershell.exe (PID: 5756)

    • Reads the computer name

      • ShellExperienceHost.exe (PID: 7192)
      • identity_helper.exe (PID: 8056)

    • Checks supported languages

      • ShellExperienceHost.exe (PID: 7192)
      • identity_helper.exe (PID: 8056)

    • Reads Environment values

      • identity_helper.exe (PID: 8056)

    • Reads the software policy settings

      • slui.exe (PID: 6300)

    • The sample compiled with english language support

      • msedge.exe (PID: 7996)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2025:05:25 00:09:30
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Archivos1/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
241
Monitored processes
101
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe sppextcomobj.exe no specs slui.exe cmd.exe no specs conhost.exe no specs mshta.exe no specs cmd.exe conhost.exe no specs cmd.exe no specs reg.exe no specs msedge.exe no specs attrib.exe no specs powershell.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe schtasks.exe no specs timeout.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs shellexperiencehost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notepad++.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs mshta.exe no specs cmd.exe conhost.exe no specs cmd.exe no specs reg.exe no specs msedge.exe no specs attrib.exe no specs powershell.exe msedge.exe no specs msedge.exe no specs msedge.exe rundll32.exe no specs schtasks.exe no specs timeout.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5908 --field-trial-handle=2352,i,10291331773145877841,349882033060100294,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
536"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=8080 --field-trial-handle=2352,i,10291331773145877841,349882033060100294,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
540"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5776 --field-trial-handle=2352,i,10291331773145877841,349882033060100294,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
684"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2ec,0x304,0x7ffc89b15fd8,0x7ffc89b15fe4,0x7ffc89b15ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
896"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Archivos1.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1088SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f C:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1388"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=6688 --field-trial-handle=2352,i,10291331773145877841,349882033060100294,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1628attrib +s +h d:\net C:\Windows\System32\attrib.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Attribute Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\attrib.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
1748"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3764 --field-trial-handle=2352,i,10291331773145877841,349882033060100294,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1812"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2344 --field-trial-handle=2352,i,10291331773145877841,349882033060100294,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
27 084
Read events
26 959
Write events
125
Delete events
0

Modification events

(PID) Process:(896) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(896) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(896) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(896) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Archivos1.zip
(PID) Process:(896) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(896) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(896) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(896) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(896) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\OpenWithProgids
Operation:writeName:Windows.IsoFile
Value:
(PID) Process:(896) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Viewer
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3400000034000000F40300001D020000
Executable files
136
Suspicious files
1 069
Text files
232
Unknown types
0

Dropped files

PID
Process
Filename
Type
896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa896.22141\systemrescuecd-amd64-6.1.0.isobinary
MD5:0ADFDE60410C44EB2633679DF69E26F9
SHA256:C850747AF699BAE01A01FF7F907E80C47252ED436B944AFF2D35F0AAF678ED94
896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa896.23270\AV.screxecutable
MD5:F48530D1F74B26DFB220CC09553E4722
SHA256:0B2BCF467CE4BF8320893C3F88E9755DD64807B65A27C096A7F43F4E21FBE835
896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa896.23748\Archivos1\install_python3.shbinary
MD5:5BB146C4C35D29915E29DC34B82F9FE1
SHA256:1C4249B5FD7854F6BBEF52766857BBC8A52DA0E3048F821BE58F313877978C3D
896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa896.21645\Parted Magic 2019.12.24 [FileCR].isobinary
MD5:C1AD838C75C6F8BE21C8B47495106B96
SHA256:DEE6D64DCD86C2E76411226114875B37491D701117BDC3A078D55927F1B4BBDF
896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa896.23748\Archivos1\info.zipcompressed
MD5:5F2A85560DB65E2A9D2EB3243B45090A
SHA256:BB26B5D6DA90CBD14512B02CCE2CE2B6832D1C60EAAB7B860269C12DA1D6582D
896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa896.22513\Win10_21H1_English_x64.isobinary
MD5:6D8D1A7A60CA5A9994B744DCAD88F4A9
SHA256:613C897DB5889BFCBD292A1375CC888C3E0F5BF3DEFD24183AF5E020A2C79921
896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa896.23748\Archivos1\pornhub_downloader.exeexecutable
MD5:BA61B43047DA49A8F5388F3FEF452173
SHA256:4ADB6E562D80F21C761412FFFC04DC021100512A429BB4A7246082F50B2BF7BC
896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa896.23748\Archivos1\15M.binbinary
MD5:AF763DD4CA9B01961E0333650CCB3B0F
SHA256:0D2C7C9A9A14621448D748B9B06692EE391714E09909FD6C834309072EF3B095
896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa896.23748\Archivos1\Parted Magic 2019.12.24 [FileCR].isobinary
MD5:C1AD838C75C6F8BE21C8B47495106B96
SHA256:DEE6D64DCD86C2E76411226114875B37491D701117BDC3A078D55927F1B4BBDF
896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa896.23748\Archivos1\pornhub_downloader.battext
MD5:F1A33BB3CC5649D501E9DFDD5A32C9DC
SHA256:9EA9817895291FC38A8F7CB2EBD92D7605DEF1A61FC5C24F4BA8D43A246BD67C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
45
TCP/UDP connections
184
DNS requests
202
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5400
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5400
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7688
svchost.exe
GET
206
208.89.74.29:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1748306332&P2=404&P3=2&P4=PWKEtxwAikJYtlgwSGWD%2fsIzKTdiGbLInq3f90rX%2fA5cxeSY6ncuWdvdXhV6JHGDgJvHcRQXWeQHx3aQmn%2f5Kw%3d%3d
unknown
whitelisted
7688
svchost.exe
HEAD
200
208.89.74.29:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1748306332&P2=404&P3=2&P4=PWKEtxwAikJYtlgwSGWD%2fsIzKTdiGbLInq3f90rX%2fA5cxeSY6ncuWdvdXhV6JHGDgJvHcRQXWeQHx3aQmn%2f5Kw%3d%3d
unknown
whitelisted
7688
svchost.exe
GET
206
208.89.74.29:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1748306332&P2=404&P3=2&P4=PWKEtxwAikJYtlgwSGWD%2fsIzKTdiGbLInq3f90rX%2fA5cxeSY6ncuWdvdXhV6JHGDgJvHcRQXWeQHx3aQmn%2f5Kw%3d%3d
unknown
whitelisted
7688
svchost.exe
HEAD
200
208.89.74.29:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/51cb2782-01e8-472e-b29c-e0305135c81e?P1=1748434918&P2=404&P3=2&P4=N1KMqGcN9m%2fVyXCkIiiIHRV2VGecUAfKBlYYz4UZQaa3rA%2bHxMtCryn2EdXsj2r0d2irxNRNghxmS2qXeJxS2Q%3d%3d
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.31.69:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
5640
svchost.exe
95.100.186.9:443
go.microsoft.com
AKAMAI-AS
FR
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 23.35.229.160
whitelisted
google.com
  • 142.250.185.238
whitelisted
client.wns.windows.com
  • 172.211.123.249
  • 172.211.123.250
whitelisted
login.live.com
  • 40.126.31.69
  • 20.190.159.75
  • 20.190.159.131
  • 20.190.159.4
  • 40.126.31.0
  • 40.126.31.71
  • 20.190.159.64
  • 40.126.31.67
whitelisted
ocsp.digicert.com
  • 2.23.77.188
  • 2.17.190.73
whitelisted
go.microsoft.com
  • 95.100.186.9
  • 23.35.238.131
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted

Threats

PID
Process
Class
Message
5956
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
5956
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
5956
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
5956
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Archivos1.zip