File name:

ProjectXPlayerLauncher (1).exe

Full analysis: https://app.any.run/tasks/72b5f20e-362e-473e-8a5b-a504c676f56d
Verdict: Malicious activity
Analysis date: August 21, 2025, 01:19:38
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

CA6E50504BAAC68A645C94F71AE1C952

SHA1:

4875D24447EBEC03D14183965C79825A8B1ABC10

SHA256:

1CBD929D43396A399A6837CCEE871897BD70BFE3E15A21B39F7A03AEFB9D45DE

SSDEEP:

24576:570G2BpQOmEnw+f9iau3zOy+lCD0YHMXT:570G2BpQOmE9f9iaSzOy+lCD0YHMXT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • ProjectXPlayerLauncher (1).exe (PID: 2292)

    • Process drops legitimate windows executable

      • ProjectXPlayerLauncher (1).exe (PID: 2292)

    • Creates a software uninstall entry

      • ProjectXPlayerLauncher (1).exe (PID: 2292)

  • INFO

    • Reads the computer name

      • ProjectXPlayerLauncher (1).exe (PID: 2292)
      • identity_helper.exe (PID: 2276)

    • The sample compiled with english language support

      • ProjectXPlayerLauncher (1).exe (PID: 2292)

    • Checks supported languages

      • ProjectXPlayerLauncher (1).exe (PID: 2292)
      • identity_helper.exe (PID: 2276)

    • Creates files or folders in the user directory

      • ProjectXPlayerLauncher (1).exe (PID: 2292)

    • Checks proxy server information

      • ProjectXPlayerLauncher (1).exe (PID: 2292)
      • slui.exe (PID: 3112)

    • Create files in a temporary directory

      • ProjectXPlayerLauncher (1).exe (PID: 2292)

    • Manual execution by a user

      • mspaint.exe (PID: 4540)
      • mspaint.exe (PID: 6956)
      • mspaint.exe (PID: 3876)

    • Reads the software policy settings

      • slui.exe (PID: 3112)

    • Application launched itself

      • msedge.exe (PID: 6452)
      • msedge.exe (PID: 6796)

    • Reads Environment values

      • identity_helper.exe (PID: 2276)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:08:19 12:41:15+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.43
CodeSize: 409600
InitializedDataSize: 927744
UninitializedDataSize: -
EntryPoint: 0x39d50
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.7.0.0
ProductVersionNumber: 1.7.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Pekora Corporation
FileDescription: Pekora
FileVersion: 1, 7, 0, 0
LegalCopyright: (C) 2025 Pekora Corporation. All rights reserved.
OriginalFileName: Pekora.exe
ProductName: Pekora Bootstrapper
ProductVersion: 1, 7, 0, 0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
172
Monitored processes
24
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start projectxplayerlauncher (1).exe slui.exe mspaint.exe no specs mspaint.exe no specs mspaint.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
684"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x290,0x294,0x298,0x288,0x2a0,0x7ffc44b5f208,0x7ffc44b5f214,0x7ffc44b5f220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1480"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6600,i,7306133096882219181,7516564739057868386,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2240,i,7306133096882219181,7516564739057868386,262144 --variations-seed-version --mojo-platform-channel-handle=2600 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1852"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6080,i,7306133096882219181,7516564739057868386,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
2232"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2440,i,7306133096882219181,7516564739057868386,262144 --variations-seed-version --mojo-platform-channel-handle=2436 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2276"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6080,i,7306133096882219181,7516564739057868386,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2292"C:\Users\admin\AppData\Local\Temp\ProjectXPlayerLauncher (1).exe" C:\Users\admin\AppData\Local\Temp\ProjectXPlayerLauncher (1).exe
explorer.exe
User:
admin
Company:
Pekora Corporation
Integrity Level:
MEDIUM
Description:
Pekora
Exit code:
0
Version:
1, 7, 0, 0
Modules
Images
c:\users\admin\appdata\local\temp\projectxplayerlauncher (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2668"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5500,i,7306133096882219181,7516564739057868386,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3092"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5328,i,7306133096882219181,7516564739057868386,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3112C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
6 527
Read events
6 388
Write events
134
Delete events
5

Modification events

(PID) Process:(2292) ProjectXPlayerLauncher (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Pekora Corporation\Pekora
Operation:writeName:CPath
Value:
C:\Users\admin\AppData\LocalLow\rbxcsettings.rbx
(PID) Process:(2292) ProjectXPlayerLauncher (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Pekora Corporation\Pekora
Operation:delete valueName:curStudioVer
Value:
(PID) Process:(2292) ProjectXPlayerLauncher (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Pekora Corporation\Pekora
Operation:delete valueName:curStudioUrl
Value:
(PID) Process:(2292) ProjectXPlayerLauncher (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2292) ProjectXPlayerLauncher (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2292) ProjectXPlayerLauncher (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2292) ProjectXPlayerLauncher (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\PekoraReg
Operation:writeName:install host
Value:
setup.pekora.zip
(PID) Process:(2292) ProjectXPlayerLauncher (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\PekoraReg\ETags
Operation:writeName:ProjectXApp2020L.zip
Value:
43bedabb10e97155ec373a8225d4f620
(PID) Process:(2292) ProjectXPlayerLauncher (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\PekoraReg\ETags
Operation:writeName:ProjectXApp2018L.zip
Value:
1b7531b31bc9c44e4a638220212db5e8
(PID) Process:(2292) ProjectXPlayerLauncher (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\PekoraReg\ETags
Operation:writeName:ProjectXApp2017L.zip
Value:
89735b8a5edbf0d3d580a208617c935b
Executable files
15
Suspicious files
1 888
Text files
8 429
Unknown types
0

Dropped files

PID
Process
Filename
Type
2292ProjectXPlayerLauncher (1).exeC:\Users\admin\AppData\Local\Temp\PJX-21678B71.tmp
MD5:
SHA256:
2292ProjectXPlayerLauncher (1).exeC:\Users\admin\AppData\Local\Pekora\Downloads\43bedabb10e97155ec373a8225d4f620
MD5:
SHA256:
2292ProjectXPlayerLauncher (1).exeC:\Users\admin\AppData\LocalLow\rbxcsettings.rbxtext
MD5:818B469A34FD6BF9FF2C4FA463410A55
SHA256:2E81AD6E973D1B9C66E30393EFFCBE0302E15B54F183E149C1047799E88E0B1E
2292ProjectXPlayerLauncher (1).exeC:\Users\admin\AppData\Local\Pekora\Versions\version-29f22ac5f5de4484\2020L\content\avatar\character.rbxmtext
MD5:B7106E1F676AD375FDDB1E6A829A09E5
SHA256:1AC44417987479808D45B08CF501043A5DD887B82E00912E355CAC20F5F459BD
2292ProjectXPlayerLauncher (1).exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\WindowsBootstrapperSettings[1].jsonbinary
MD5:0C76F1BC86F79975295968E94D543308
SHA256:4B86084C41E9CE9A72539B1B9E04B900A320B24F75B1B882EC1412C539F4C9BC
2292ProjectXPlayerLauncher (1).exeC:\Users\admin\AppData\Local\Pekora\Versions\version-29f22ac5f5de4484\2020L\content\avatar\compositing\CompositFullAtlasOverlayTexture.meshbinary
MD5:2243450F9E99770623640A6BEFFD456D
SHA256:42387CAF97173D139B0420C72E5C77501DA1E5C47AC81F8AB0621BB5765A06C8
2292ProjectXPlayerLauncher (1).exeC:\Users\admin\AppData\Local\Pekora\Versions\version-29f22ac5f5de4484\2020L\AppSettings.xmlxml
MD5:07E79A25119EFE520FAAFFA2B9F38DC7
SHA256:4CF816642AB16FBB9D843195F9F6BAF6C0D1EA3A630D41E424DC9811EC50E479
2292ProjectXPlayerLauncher (1).exeC:\Users\admin\AppData\Local\Pekora\Versions\version-29f22ac5f5de4484\2020L\content\avatar\compositing\CompositLeftArmBase.meshbinary
MD5:AC5E64566ADD9A19BEDED31D0DE2B1A0
SHA256:8DA4DD4E1D265FE7A9E3A1A1244A716EA0589E197A191069A90215334F52538C
2292ProjectXPlayerLauncher (1).exeC:\Users\admin\AppData\Local\Pekora\Versions\version-29f22ac5f5de4484\2020L\content\avatar\characterR15.rbxmtext
MD5:862B25B659544510CA088BBA3469BE37
SHA256:1DA276692662D29A2F8D34A8EC6249F2C0978DA722CCB7E18F94191D6F414E57
2292ProjectXPlayerLauncher (1).exeC:\Users\admin\AppData\Local\Pekora\Versions\version-29f22ac5f5de4484\PekoraPlayerLauncher.exeexecutable
MD5:CA6E50504BAAC68A645C94F71AE1C952
SHA256:1CBD929D43396A399A6837CCEE871897BD70BFE3E15A21B39F7A03AEFB9D45DE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
33
TCP/UDP connections
97
DNS requests
68
Threats
40

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2292
ProjectXPlayerLauncher (1).exe
GET
200
104.21.95.120:80
http://setup.pekora.zip/version?guid26260
unknown
text
24 b
unknown
2292
ProjectXPlayerLauncher (1).exe
GET
104.21.95.120:80
http://www.pekora.zip/install/GetInstallerCdns.ashx
unknown
unknown
2292
ProjectXPlayerLauncher (1).exe
GET
200
104.21.95.120:80
http://setup.pekora.zip/version-29f22ac5f5de4484-ProjectXVersion.txt
unknown
text
10 b
unknown
2292
ProjectXPlayerLauncher (1).exe
GET
200
172.67.144.192:80
http://api.pekora.zip/Setting/QuietGet/WindowsBootstrapperSettings/?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
US
binary
77.2 Kb
unknown
2292
ProjectXPlayerLauncher (1).exe
GET
104.21.95.120:80
http://www.pekora.zip/install/GetInstallerCdns.ashx
unknown
unknown
2292
ProjectXPlayerLauncher (1).exe
GET
104.21.95.120:80
http://www.pekora.zip/install/GetInstallerCdns.ashx
unknown
unknown
2292
ProjectXPlayerLauncher (1).exe
GET
104.21.95.120:80
http://www.pekora.zip/install/GetInstallerCdns.ashx
unknown
unknown
2292
ProjectXPlayerLauncher (1).exe
GET
104.21.95.120:80
http://www.pekora.zip/install/GetInstallerCdns.ashx
unknown
unknown
2292
ProjectXPlayerLauncher (1).exe
GET
104.21.95.120:80
http://www.pekora.zip/install/GetInstallerCdns.ashx
unknown
unknown
2292
ProjectXPlayerLauncher (1).exe
GET
104.21.95.120:80
http://www.pekora.zip/install/GetInstallerCdns.ashx
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7032
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2292
ProjectXPlayerLauncher (1).exe
172.67.144.192:80
api.pekora.zip
CLOUDFLARENET
US
unknown
2292
ProjectXPlayerLauncher (1).exe
104.21.95.120:80
api.pekora.zip
CLOUDFLARENET
unknown
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.212.142
whitelisted
api.pekora.zip
  • 172.67.144.192
  • 104.21.95.120
unknown
setup.pekora.zip
  • 104.21.95.120
  • 172.67.144.192
unknown
www.pekora.zip
  • 104.21.95.120
  • 172.67.144.192
unknown
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
login.live.com
  • 20.190.159.4
  • 40.126.31.69
  • 40.126.31.73
  • 20.190.159.129
  • 40.126.31.3
  • 40.126.31.67
  • 40.126.31.131
  • 20.190.159.68
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 184.24.231.245
whitelisted
slscr.update.microsoft.com
  • 20.165.94.63
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
2292
ProjectXPlayerLauncher (1).exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
2200
svchost.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
2200
svchost.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
2292
ProjectXPlayerLauncher (1).exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
2292
ProjectXPlayerLauncher (1).exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
2292
ProjectXPlayerLauncher (1).exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
2292
ProjectXPlayerLauncher (1).exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
2292
ProjectXPlayerLauncher (1).exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
2292
ProjectXPlayerLauncher (1).exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ProjectXPlayerLauncher (1).exe