File name:

EA DLC Unlocker v2.zip

Full analysis: https://app.any.run/tasks/307ac7c8-6f61-4f90-b25a-6a6a5ba098e8
Verdict: Malicious activity
Analysis date: February 14, 2025, 20:55:34
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
obfuscated-js
python
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

803697E8C1ABC76F3AA20839D49ADA86

SHA1:

BDFF54EE0ED782BBD9774F054449EAE6ECE4BD03

SHA256:

14F817DB4A367A008502E4B1A7482F063CE0B5DFF9F182B186932D8BAE987046

SSDEEP:

12288:sDBo3GiOUloC1vuxCodMwEQlS3HtHLEwzFZ:sDBo3GlUcxCodM5HLdzFZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6344)

    • Changes the autorun value in the registry

      • EAappInstaller.exe (PID: 4392)

  • SUSPICIOUS

    • Executing commands from a ".bat" file

      • explorer.exe (PID: 4488)

    • Starts CMD.EXE for commands execution

      • explorer.exe (PID: 4488)
      • cmd.exe (PID: 4556)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 4556)

    • Application launched itself

      • cmd.exe (PID: 4556)
      • sims-4-updater-v1.4.2.exe (PID: 6164)

    • Possibly malicious use of IEX has been detected

      • cmd.exe (PID: 4556)

    • The process bypasses the loading of PowerShell profile settings

      • cmd.exe (PID: 4556)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 4556)

    • Executable content was dropped or overwritten

      • EAappInstaller.exe (PID: 1828)
      • EAappInstaller.exe (PID: 6596)
      • sims-4-updater-v1.4.2.exe (PID: 6164)
      • EAappInstaller.exe (PID: 4392)
      • rundll32.exe (PID: 3172)
      • rundll32.exe (PID: 5200)
      • rundll32.exe (PID: 3260)
      • rundll32.exe (PID: 3052)
      • rundll32.exe (PID: 5080)
      • rundll32.exe (PID: 3416)

    • Starts itself from another location

      • EAappInstaller.exe (PID: 1828)
      • EAappInstaller.exe (PID: 6596)

    • Reads security settings of Internet Explorer

      • EAappInstaller.exe (PID: 6596)
      • sims-4-updater-v1.4.2.exe (PID: 2904)

    • Searches for installed software

      • EAappInstaller.exe (PID: 6596)
      • dllhost.exe (PID: 6948)

    • Reads Microsoft Outlook installation path

      • EAappInstaller.exe (PID: 6596)

    • Reads Internet Explorer settings

      • EAappInstaller.exe (PID: 6596)

    • Checks Windows Trust Settings

      • EAappInstaller.exe (PID: 6596)
      • msiexec.exe (PID: 5920)

    • Executes as Windows Service

      • VSSVC.exe (PID: 5392)

    • The process drops C-runtime libraries

      • sims-4-updater-v1.4.2.exe (PID: 6164)
      • msiexec.exe (PID: 5920)

    • Process drops python dynamic module

      • sims-4-updater-v1.4.2.exe (PID: 6164)

    • Creates a software uninstall entry

      • EAappInstaller.exe (PID: 4392)

    • Process drops legitimate windows executable

      • sims-4-updater-v1.4.2.exe (PID: 6164)
      • msiexec.exe (PID: 5920)

    • Loads Python modules

      • sims-4-updater-v1.4.2.exe (PID: 2904)

    • Reads the date of Windows installation

      • sims-4-updater-v1.4.2.exe (PID: 2904)

    • Start notepad (likely ransomware note)

      • sims-4-updater-v1.4.2.exe (PID: 2904)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 5920)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 5920)

  • INFO

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 4488)
      • notepad.exe (PID: 900)
      • Taskmgr.exe (PID: 4400)

    • Manual execution by a user

      • WinRAR.exe (PID: 5536)
      • cmd.exe (PID: 4556)
      • msedge.exe (PID: 6588)
      • WinRAR.exe (PID: 6340)

    • Reads Microsoft Office registry keys

      • explorer.exe (PID: 4488)
      • sims-4-updater-v1.4.2.exe (PID: 2904)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 5536)
      • msedge.exe (PID: 6792)
      • WinRAR.exe (PID: 6340)
      • msedge.exe (PID: 6588)
      • msiexec.exe (PID: 5920)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 5536)
      • msedge.exe (PID: 6792)
      • msedge.exe (PID: 6588)
      • EAappInstaller.exe (PID: 1828)
      • EAappInstaller.exe (PID: 6596)
      • sims-4-updater-v1.4.2.exe (PID: 6164)
      • EAappInstaller.exe (PID: 4392)
      • msiexec.exe (PID: 5920)

    • Checks supported languages

      • identity_helper.exe (PID: 6480)
      • identity_helper.exe (PID: 2292)
      • EAappInstaller.exe (PID: 1828)
      • EAappInstaller.exe (PID: 6596)
      • EAappInstaller.exe (PID: 4392)
      • sims-4-updater-v1.4.2.exe (PID: 2904)
      • sims-4-updater-v1.4.2.exe (PID: 6164)
      • aria2c.exe (PID: 6512)
      • msiexec.exe (PID: 5920)
      • msiexec.exe (PID: 3828)
      • msiexec.exe (PID: 6556)

    • Reads Environment values

      • identity_helper.exe (PID: 6480)
      • identity_helper.exe (PID: 2292)

    • Reads the computer name

      • identity_helper.exe (PID: 6480)
      • identity_helper.exe (PID: 2292)
      • EAappInstaller.exe (PID: 6596)
      • EAappInstaller.exe (PID: 4392)
      • sims-4-updater-v1.4.2.exe (PID: 6164)
      • sims-4-updater-v1.4.2.exe (PID: 2904)
      • msiexec.exe (PID: 5920)
      • aria2c.exe (PID: 6512)
      • msiexec.exe (PID: 3828)
      • msiexec.exe (PID: 6556)

    • Application launched itself

      • msedge.exe (PID: 6588)
      • msedge.exe (PID: 5040)

    • Creates files or folders in the user directory

      • explorer.exe (PID: 4488)
      • EAappInstaller.exe (PID: 6596)
      • sims-4-updater-v1.4.2.exe (PID: 2904)

    • Reads the software policy settings

      • explorer.exe (PID: 4488)
      • EAappInstaller.exe (PID: 6596)
      • msiexec.exe (PID: 5920)

    • Checks proxy server information

      • explorer.exe (PID: 4488)
      • EAappInstaller.exe (PID: 6596)
      • sims-4-updater-v1.4.2.exe (PID: 2904)

    • Create files in a temporary directory

      • EAappInstaller.exe (PID: 1828)
      • EAappInstaller.exe (PID: 6596)
      • sims-4-updater-v1.4.2.exe (PID: 6164)
      • EAappInstaller.exe (PID: 4392)
      • sims-4-updater-v1.4.2.exe (PID: 2904)

    • Process checks computer location settings

      • EAappInstaller.exe (PID: 6596)
      • sims-4-updater-v1.4.2.exe (PID: 2904)

    • Process checks whether UAC notifications are on

      • EAappInstaller.exe (PID: 6596)

    • Reads the machine GUID from the registry

      • EAappInstaller.exe (PID: 6596)
      • sims-4-updater-v1.4.2.exe (PID: 2904)
      • EAappInstaller.exe (PID: 4392)
      • aria2c.exe (PID: 6512)
      • msiexec.exe (PID: 5920)

    • Manages system restore points

      • SrTasks.exe (PID: 6212)

    • Creates files in the program directory

      • EAappInstaller.exe (PID: 4392)
      • rundll32.exe (PID: 3172)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2025:01:05 21:04:48
ZipCRC: 0xee8619b1
ZipCompressedSize: 204
ZipUncompressedSize: 302
ZipFileName: EA DLC Unlocker v2/g_STAR WARS Jedi Survivor.ini
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
263
Monitored processes
121
Malicious processes
8
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe no specs rundll32.exe no specs winrar.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs powershell.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe explorer.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs eaappinstaller.exe eaappinstaller.exe eaappinstaller.exe SPPSurrogate no specs vssvc.exe no specs sims-4-updater-v1.4.2.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs sims-4-updater-v1.4.2.exe notepad.exe no specs taskmgr.exe no specs taskmgr.exe msedge.exe no specs svchost.exe aria2c.exe conhost.exe no specs msiexec.exe msedge.exe no specs msiexec.exe no specs msedge.exe no specs rundll32.exe msedge.exe no specs msiexec.exe no specs rundll32.exe rundll32.exe rundll32.exe rundll32.exe rundll32.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
396"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2656 --field-trial-handle=2300,i,16847941177007917493,7449303143921554323,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
900"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Downloads\sims-4-updater-v1.4.2\sims-4-updater-v1.4.2\updater_readme.txtC:\Windows\System32\notepad.exesims-4-updater-v1.4.2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
900"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5772 --field-trial-handle=2300,i,16847941177007917493,7449303143921554323,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5192 --field-trial-handle=2300,i,16847941177007917493,7449303143921554323,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1224"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=5636 --field-trial-handle=2452,i,4942926463123298268,10533296952163438699,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1348"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4500 --field-trial-handle=2452,i,4942926463123298268,10533296952163438699,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1412"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5468 --field-trial-handle=2300,i,16847941177007917493,7449303143921554323,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1540"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5984 --field-trial-handle=2300,i,16847941177007917493,7449303143921554323,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1580"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7788 --field-trial-handle=2452,i,4942926463123298268,10533296952163438699,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1828"C:\Users\admin\Downloads\EAappInstaller.exe" C:\Users\admin\Downloads\EAappInstaller.exe
explorer.exe
User:
admin
Company:
Electronic Arts
Integrity Level:
MEDIUM
Description:
EA app
Version:
13.396.0.5909
Modules
Images
c:\users\admin\downloads\eaappinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
81 606
Read events
79 947
Write events
1 615
Delete events
44

Modification events

(PID) Process:(4488) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000802CC
Operation:writeName:VirtualDesktop
Value:
1000000030304456A48A294F7A40804AB924005FF030B61F
(PID) Process:(6344) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6344) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6344) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6344) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\EA DLC Unlocker v2.zip
(PID) Process:(6344) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6344) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6344) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6344) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(4488) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch
Operation:writeName:Microsoft.Windows.Explorer
Value:
51
Executable files
513
Suspicious files
1 510
Text files
1 607
Unknown types
0

Dropped files

PID
Process
Filename
Type
5536WinRAR.exeC:\Users\admin\Downloads\EA DLC Unlocker v2\EA DLC Unlocker v2\g_My Time at Portia.initext
MD5:EDE7B7058E8C95575EF5517D36784FE2
SHA256:D7812CD7633CBC13521C9D7A862541EB13A93A8F42D1E56137D4BE8D7225F90A
5536WinRAR.exeC:\Users\admin\Downloads\EA DLC Unlocker v2\EA DLC Unlocker v2\g_STAR WARS Jedi Fallen Order.initext
MD5:473C794E2D9CE2A2A68879595B0E7F04
SHA256:06C8F383E8383C4B17362710E666D76BBC90FEAB913D0B85C96588BFB8E84C02
5536WinRAR.exeC:\Users\admin\Downloads\EA DLC Unlocker v2\EA DLC Unlocker v2\g_The Sims 4.initext
MD5:B61B180BC1A7A24FE35DD2640E76426E
SHA256:04AB49D5EAC0C6B723B51F56EAD7B6AFBD565A5F5B14D3788C9BD5020FD220F9
5536WinRAR.exeC:\Users\admin\Downloads\EA DLC Unlocker v2\EA DLC Unlocker v2\g_Dead Space 2023.initext
MD5:FC3F0C4D744A4310C775B2879399C468
SHA256:934211FE00D6151381796B7001D7AEF5BC883DAA9F1B1F68AF60A7AF93EB1835
5536WinRAR.exeC:\Users\admin\Downloads\EA DLC Unlocker v2\EA DLC Unlocker v2\g_STAR WARS Jedi Survivor.initext
MD5:85EC254324D2B9B8BD33FC7E1023D873
SHA256:F66F3E8899C43A8433AF80DD9F3FD6C9C196418FBC19EB340ABE4C31513E60D6
5536WinRAR.exeC:\Users\admin\Downloads\EA DLC Unlocker v2\EA DLC Unlocker v2\g_SimCity 2013.initext
MD5:2A83A1D376BD05D4C5516AA75C9D7786
SHA256:87DF6F4F1C246E0E5D43448929E577775983DAAFF4A016D84D2AAF89BA215052
5536WinRAR.exeC:\Users\admin\Downloads\EA DLC Unlocker v2\EA DLC Unlocker v2\setup.battext
MD5:DCC9950B262C57C2F7CB5CF62D079099
SHA256:D57693F225F6CB6DB126F7F5159A7D2B5631B11A1B4659FAEFCF6572E55517C0
5536WinRAR.exeC:\Users\admin\Downloads\EA DLC Unlocker v2\EA DLC Unlocker v2\g_The Surge.initext
MD5:7B0CFFC89D868888402003BE8D94C0E7
SHA256:F4930E222BBBF8815E12700B425CCC5DBC5F013573CBF9616B950D33F2C2976A
5536WinRAR.exeC:\Users\admin\Downloads\EA DLC Unlocker v2\EA DLC Unlocker v2\g_Cities Skylines.initext
MD5:B7F9BF30D6947AFF647B416DA0FD551F
SHA256:CCB99A4A44EAB034B26811D5E0902857667A73D113A246A67CCBF42517C3D65E
5536WinRAR.exeC:\Users\admin\Downloads\EA DLC Unlocker v2\EA DLC Unlocker v2\g_Mutant Year Zero.initext
MD5:D2DF62135AF50232E599C5BE5F1105B3
SHA256:20340C025AF9A426C6D25A74910FA63CAD2318A87495FF131CA26999313BAD82
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
46
TCP/UDP connections
256
DNS requests
239
Threats
23

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7068
SIHClient.exe
GET
200
104.119.109.218:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
DE
binary
408 b
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
104.119.109.218:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
104.124.11.17:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
1.01 Kb
whitelisted
5064
SearchApp.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
DE
binary
313 b
whitelisted
6792
msedge.exe
GET
304
2.23.77.188:80
http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
DE
whitelisted
4428
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
DE
binary
471 b
whitelisted
1176
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
DE
binary
471 b
whitelisted
4328
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1739985706&P2=404&P3=2&P4=U6%2b%2fyAxFQD1%2fmIb2cG5%2brbITj2SU2E%2bu%2bcFHNu7uZRkinUe21F0IXJdGIt9NC3h61QWzhn7uRxHo5fqnXjPt%2bg%3d%3d
US
binary
27.5 Kb
whitelisted
4328
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1739985706&P2=404&P3=2&P4=U6%2b%2fyAxFQD1%2fmIb2cG5%2brbITj2SU2E%2bu%2bcFHNu7uZRkinUe21F0IXJdGIt9NC3h61QWzhn7uRxHo5fqnXjPt%2bg%3d%3d
US
binary
23.1 Kb
whitelisted
4328
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1739985706&P2=404&P3=2&P4=U6%2b%2fyAxFQD1%2fmIb2cG5%2brbITj2SU2E%2bu%2bcFHNu7uZRkinUe21F0IXJdGIt9NC3h61QWzhn7uRxHo5fqnXjPt%2bg%3d%3d
US
binary
238 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
104.124.11.17:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
104.119.109.218:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
184.86.251.22:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5064
SearchApp.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
40.126.31.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1076
svchost.exe
2.19.106.8:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 104.124.11.17
  • 104.124.11.58
whitelisted
google.com
  • 142.250.185.110
whitelisted
www.microsoft.com
  • 104.119.109.218
  • 2.23.246.101
whitelisted
www.bing.com
  • 184.86.251.22
  • 184.86.251.27
  • 104.126.37.179
  • 104.126.37.137
  • 104.126.37.145
  • 104.126.37.185
  • 104.126.37.160
  • 104.126.37.153
  • 104.126.37.131
  • 104.126.37.139
  • 104.126.37.154
  • 23.15.178.179
  • 23.15.178.226
  • 23.15.178.234
  • 23.15.178.200
  • 104.126.37.144
  • 104.126.37.129
  • 104.126.37.170
  • 104.126.37.176
  • 104.126.37.177
  • 104.126.37.178
whitelisted
ocsp.digicert.com
  • 2.23.77.188
  • 23.54.109.203
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.71
  • 20.190.159.129
  • 40.126.31.0
  • 20.190.159.4
  • 20.190.159.131
  • 20.190.159.64
  • 40.126.31.130
whitelisted
go.microsoft.com
  • 2.19.106.8
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted

Threats

PID
Process
Class
Message
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6792
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
EA DLC Unlocker v2.zip