File name:

AimmyV2.1.5.zip

Full analysis: https://app.any.run/tasks/12238ede-47e4-4606-9490-a323b12740f1
Verdict: Malicious activity
Analysis date: August 17, 2024, 22:58:18
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

5F253F81377176B9091AE669ACD1451C

SHA1:

AC69F0836B4F07292F026ABD64097C48BEE33139

SHA256:

12C8A9AB93649F8C75399B6B96F4C54E7454CD0EAA25090DC53C223788C85222

SSDEEP:

786432:HgKfa50IVnfdK9FkqPqqS/+zCfGsP+zLTd/Xb:HgKQfdK/LPqqSGuusWnTd/Xb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 8088)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 6544)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7996)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7972)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 8088)
      • msiexec.exe (PID: 2648)

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 6544)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7996)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7972)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 8088)
      • msiexec.exe (PID: 2648)

    • Reads security settings of Internet Explorer

      • TotallyNotAimmyV2.exe (PID: 4924)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7996)
      • TotallyNotAimmyV2.exe (PID: 2208)
      • TotallyNotAimmyV2.exe (PID: 6872)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7972)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7996)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 8088)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7996)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 8088)

    • Starts itself from another location

      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7996)

    • Searches for installed software

      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7996)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 8088)

    • Reads the date of Windows installation

      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7996)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 8088)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 2648)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 2648)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 2648)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 2648)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6544)
      • msedge.exe (PID: 6908)
      • msiexec.exe (PID: 2648)

    • Checks supported languages

      • AimmyLauncher.exe (PID: 6160)
      • TotallyNotAimmyV2.exe (PID: 4924)
      • identity_helper.exe (PID: 7196)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7972)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7996)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 8088)
      • msiexec.exe (PID: 2648)
      • msiexec.exe (PID: 7276)
      • msiexec.exe (PID: 876)
      • msiexec.exe (PID: 7408)
      • identity_helper.exe (PID: 6936)
      • TotallyNotAimmyV2.exe (PID: 2208)
      • msiexec.exe (PID: 7476)
      • AimmyLauncher.exe (PID: 6952)
      • AimmyLauncher.exe (PID: 7736)
      • TotallyNotAimmyV2.exe (PID: 6872)

    • Reads the computer name

      • AimmyLauncher.exe (PID: 6160)
      • TotallyNotAimmyV2.exe (PID: 4924)
      • identity_helper.exe (PID: 7196)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7996)
      • msiexec.exe (PID: 2648)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 8088)
      • msiexec.exe (PID: 7408)
      • msiexec.exe (PID: 876)
      • msiexec.exe (PID: 7476)
      • identity_helper.exe (PID: 6936)
      • msiexec.exe (PID: 7276)
      • AimmyLauncher.exe (PID: 7736)
      • TotallyNotAimmyV2.exe (PID: 6872)
      • TotallyNotAimmyV2.exe (PID: 2208)
      • AimmyLauncher.exe (PID: 6952)

    • Manual execution by a user

      • AimmyLauncher.exe (PID: 6160)
      • TotallyNotAimmyV2.exe (PID: 4924)
      • TotallyNotAimmyV2.exe (PID: 2208)
      • AimmyLauncher.exe (PID: 6952)
      • AimmyLauncher.exe (PID: 7736)
      • TotallyNotAimmyV2.exe (PID: 6872)

    • Reads Microsoft Office registry keys

      • TotallyNotAimmyV2.exe (PID: 4924)
      • msedge.exe (PID: 6908)
      • msedge.exe (PID: 7572)

    • Reads Environment values

      • identity_helper.exe (PID: 7196)
      • identity_helper.exe (PID: 6936)

    • The process uses the downloaded file

      • msedge.exe (PID: 7860)
      • msedge.exe (PID: 6908)

    • Create files in a temporary directory

      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7972)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7996)
      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 8088)
      • TotallyNotAimmyV2.exe (PID: 2208)

    • Application launched itself

      • msedge.exe (PID: 6908)
      • msedge.exe (PID: 7572)

    • Process checks computer location settings

      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 7996)

    • Creates files in the program directory

      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 8088)
      • TotallyNotAimmyV2.exe (PID: 2208)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-8.0.8-win-x64.exe (PID: 8088)
      • msiexec.exe (PID: 2648)

    • Reads the software policy settings

      • msiexec.exe (PID: 2648)
      • TotallyNotAimmyV2.exe (PID: 6872)
      • TotallyNotAimmyV2.exe (PID: 2208)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2648)

    • Checks proxy server information

      • TotallyNotAimmyV2.exe (PID: 6872)
      • TotallyNotAimmyV2.exe (PID: 2208)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2023:12:08 15:27:56
ZipCRC: 0x5784f8ff
ZipCompressedSize: 72356
ZipUncompressedSize: 165862
ZipFileName: AimmyLauncher.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
218
Monitored processes
83
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs aimmylauncher.exe conhost.exe no specs totallynotaimmyv2.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-8.0.8-win-x64.exe windowsdesktop-runtime-8.0.8-win-x64.exe windowsdesktop-runtime-8.0.8-win-x64.exe msiexec.exe msiexec.exe no specs msedge.exe no specs msedge.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs totallynotaimmyv2.exe aimmylauncher.exe conhost.exe no specs aimmylauncher.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs totallynotaimmyv2.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
304"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=7048 --field-trial-handle=2488,i,7758603838216838778,9017666315024456964,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
360"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3740 --field-trial-handle=2368,i,6933088441113685894,16802651383419740858,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
876C:\Windows\syswow64\MsiExec.exe -Embedding 0FA0CDE91898333AF787C7DF15DED37CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
936"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1532 --field-trial-handle=2368,i,6933088441113685894,16802651383419740858,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2664 --field-trial-handle=2488,i,7758603838216838778,9017666315024456964,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2492 --field-trial-handle=2488,i,7758603838216838778,9017666315024456964,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1140"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5832 --field-trial-handle=2368,i,6933088441113685894,16802651383419740858,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1236"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3528 --field-trial-handle=2488,i,7758603838216838778,9017666315024456964,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2092"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4500 --field-trial-handle=2488,i,7758603838216838778,9017666315024456964,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2136"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=2488,i,7758603838216838778,9017666315024456964,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
42 192
Read events
41 113
Write events
1 030
Delete events
49

Modification events

(PID) Process:(6544) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(6544) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(6544) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6544) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\AimmyV2.1.5.zip
(PID) Process:(6544) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6544) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6544) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6544) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6544) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
(PID) Process:(6544) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\Desktop
Executable files
504
Suspicious files
393
Text files
153
Unknown types
5

Dropped files

PID
Process
Filename
Type
6544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6544.34987\bin\models\PhantomForces_Hamsta_v1.onnx
MD5:
SHA256:
6544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6544.34987\bin\models\Universal_Hamsta_v4.onnx
MD5:
SHA256:
6544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6544.34987\DirectML.dllexecutable
MD5:7982CE756C6E8C8F6BAB62EB1902B714
SHA256:5AB77CC5DB8E1544D386FD28586598317DA8DCBEF098FB86D8D8A60E739E0E5D
6544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6544.34987\bin\configs\Default.cfgbinary
MD5:9CF7B6C406085DFBB03992F2FECE703D
SHA256:4965F889ED04FC3716961D36538F81ACFC05FE47EB6D33BE928F0FBE45227467
6544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6544.34987\bin\dropdown.cfgbinary
MD5:A299260259D7F5F5D95124FCCA933260
SHA256:DE3475C3315A6FABE07F1E37E5AC8C8007EDAB946C72F96ED33630FA8ECD751F
6544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6544.34987\bin\binding.cfgbinary
MD5:35869A56ED85525FBDCBDD5F9DED7F98
SHA256:8425289B6075C0BE636B57160B31A870BBF0E344189089BE98573AB731724BC0
6544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6544.34987\bin\labels\labels.txttext
MD5:8C6D21187FB58B7A079D70030686B33E
SHA256:0021D5FE20A08754DD965D947E4830740633AA94B4555D03067AAA6A3E6E1214
6544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6544.34987\bin\filelocations.cfgbinary
MD5:550F662AB7BD788C310A3FEAE8F216A4
SHA256:82CDD247D97761FEC303C591A06DF278B7896C194F4375DB1FC176D9E45711A1
6544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6544.34987\bin\minimize.cfgbinary
MD5:584078DEF15682C4984CD4E4351253FD
SHA256:C9C2B8DE91FE8E0034B07C7EABCCE35977E6E8695453778F323FAF731CD896C5
6544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6544.34987\bin\repoList.cfgbinary
MD5:7899A6DEC021C9A0F02FF669615093EF
SHA256:F2870B6174BFEFA3BD25D993733AFB7B32961581EB5324ECCBB678B48B94B7B8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
82
DNS requests
91
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2240
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/47f9eec4-45e7-4567-b813-2cac77a54a3d?P1=1724412985&P2=404&P3=2&P4=JTAUkTYV5LXOvo5p7WLdcy8aPhqWdeETIzSfnuLs%2bS%2fmw2mNwIQ2%2b3oV9p2NM8TlJkNdgczxLBr1SDTjh62T6g%3d%3d
unknown
whitelisted
640
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6360
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6680
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
2240
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/47f9eec4-45e7-4567-b813-2cac77a54a3d?P1=1724412985&P2=404&P3=2&P4=JTAUkTYV5LXOvo5p7WLdcy8aPhqWdeETIzSfnuLs%2bS%2fmw2mNwIQ2%2b3oV9p2NM8TlJkNdgczxLBr1SDTjh62T6g%3d%3d
unknown
whitelisted
2240
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/47f9eec4-45e7-4567-b813-2cac77a54a3d?P1=1724412985&P2=404&P3=2&P4=JTAUkTYV5LXOvo5p7WLdcy8aPhqWdeETIzSfnuLs%2bS%2fmw2mNwIQ2%2b3oV9p2NM8TlJkNdgczxLBr1SDTjh62T6g%3d%3d
unknown
whitelisted
2240
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/47f9eec4-45e7-4567-b813-2cac77a54a3d?P1=1724412985&P2=404&P3=2&P4=JTAUkTYV5LXOvo5p7WLdcy8aPhqWdeETIzSfnuLs%2bS%2fmw2mNwIQ2%2b3oV9p2NM8TlJkNdgczxLBr1SDTjh62T6g%3d%3d
unknown
whitelisted
2240
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/47f9eec4-45e7-4567-b813-2cac77a54a3d?P1=1724412985&P2=404&P3=2&P4=JTAUkTYV5LXOvo5p7WLdcy8aPhqWdeETIzSfnuLs%2bS%2fmw2mNwIQ2%2b3oV9p2NM8TlJkNdgczxLBr1SDTjh62T6g%3d%3d
unknown
whitelisted
6908
msedge.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
2240
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/47f9eec4-45e7-4567-b813-2cac77a54a3d?P1=1724412985&P2=404&P3=2&P4=JTAUkTYV5LXOvo5p7WLdcy8aPhqWdeETIzSfnuLs%2bS%2fmw2mNwIQ2%2b3oV9p2NM8TlJkNdgczxLBr1SDTjh62T6g%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
svchost.exe
239.255.255.250:1900
whitelisted
192.168.100.255:138
whitelisted
3904
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:137
whitelisted
3260
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
640
svchost.exe
40.126.31.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
640
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.142
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.2
  • 40.126.31.69
  • 20.190.159.68
  • 20.190.159.0
  • 40.126.31.73
  • 20.190.159.23
  • 20.190.159.4
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
slscr.update.microsoft.com
  • 40.68.123.157
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

No threats detected
Process
Message
AimmyLauncher.exe
You must install .NET to run this application. App: C:\Users\admin\Desktop\AimmyLauncher.exe Architecture: x64 App host version: 7.0.14 .NET location: Not found Learn about runtime installation: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=7.0.14
TotallyNotAimmyV2.exe
You must install .NET to run this application. App: C:\Users\admin\Desktop\TotallyNotAimmyV2.exe Architecture: x64 App host version: 8.0.2 .NET location: Not found Learn more: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_version=8.0.2
AimmyLauncher.exe
You must install or update .NET to run this application. App: C:\Users\admin\Desktop\AimmyLauncher.exe Architecture: x64
AimmyLauncher.exe
Framework: 'Microsoft.NETCore.App', version '7.0.0' (x64)
AimmyLauncher.exe
.NET location: C:\Program Files\dotnet\
AimmyLauncher.exe
The following frameworks were found:
AimmyLauncher.exe
8.0.8 at [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
AimmyLauncher.exe
Learn more: https://aka.ms/dotnet/app-launch-failed To install missing framework, download: https://aka.ms/dotnet-core-applaunch?framework=Microsoft.NETCore.App&framework_version=7.0.0&arch=x64&rid=win-x64&os=win10
AimmyLauncher.exe
You must install or update .NET to run this application. App: C:\Users\admin\Desktop\AimmyLauncher.exe Architecture: x64
AimmyLauncher.exe
Framework: 'Microsoft.NETCore.App', version '7.0.0' (x64)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AimmyV2.1.5.zip