File name:

Gather Proxy 9.0 Crack.rar

Full analysis: https://app.any.run/tasks/47aab079-1008-4ba2-8c65-f60fec60aa57
Verdict: Malicious activity
Analysis date: December 04, 2019, 22:34:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

B6A31020BD06D4C21FAECB38049BF449

SHA1:

E9D8FBD6FBEF9429FE37277EE1F972CBC1393B76

SHA256:

3261BE0EA550E9AEFABD2B6153E5E6974946D347590A43B90991F7423BC6AAC3

SSDEEP:

98304:yU++iXPIkR025SA38vCZMeUaf4rsd8kw3BxuxYKFGEK:yU+LIkRXEx9af4rs+N3HuvK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Internet Cache Settings

      • Gather Proxy.exe (PID: 3980)

  • INFO

    • Manual execution by user

      • Gather Proxy.exe (PID: 3980)

    • Reads settings of System Certificates

      • Gather Proxy.exe (PID: 3980)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs gather proxy.exe

Process information

PID
CMD
Path
Indicators
Parent process
584"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Gather Proxy 9.0 Crack.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3980"C:\Users\admin\Desktop\Gather Proxy 9.0\Gather Proxy.exe" C:\Users\admin\Desktop\Gather Proxy 9.0\Gather Proxy.exe
explorer.exe
User:
admin
Company:
GatherProxy.com
Integrity Level:
MEDIUM
Description:
Gather Proxy 9.0 - Free Pro Proxy and Socks Scraper
Exit code:
0
Version:
9.0.0.0
Modules
Images
c:\users\admin\desktop\gather proxy 9.0\gather proxy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
1 414
Read events
1 368
Write events
46
Delete events
0

Modification events

(PID) Process:(584) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(584) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(584) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(584) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Gather Proxy 9.0 Crack.rar
(PID) Process:(584) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(584) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(584) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(584) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(584) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(584) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
0
Suspicious files
25
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
584WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa584.41621\Gather Proxy 9.0\Data\agents.txt
MD5:
SHA256:
584WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa584.41621\Gather Proxy 9.0\Data\autosp.ini
MD5:
SHA256:
584WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa584.41621\Gather Proxy 9.0\Data\configs.gp
MD5:
SHA256:
584WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa584.41621\Gather Proxy 9.0\Data\country.txt
MD5:
SHA256:
584WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa584.41621\Gather Proxy 9.0\Data\cv
MD5:
SHA256:
584WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa584.41621\Gather Proxy 9.0\Data\geo.mmdb
MD5:
SHA256:
584WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa584.41621\Gather Proxy 9.0\Data\planetlab.txt
MD5:
SHA256:
584WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa584.41621\Gather Proxy 9.0\Data\ref.ref
MD5:
SHA256:
584WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa584.41621\Gather Proxy 9.0\Data\referrals.txt
MD5:
SHA256:
584WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa584.41621\Gather Proxy 9.0\FacebookAPIClass.dll
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
314
TCP/UDP connections
296
DNS requests
54
Threats
18

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3980
Gather Proxy.exe
GET
200
97.74.233.74:80
http://update.snaware.com/auth/?k=zWue1mKw4%2betce6aZ4VJMjmwIMIZprGkuutFPLBOBeIRHTTSC6TNNhSo36Zit8oqET9eJoiyHRDVRzqxY1sxLMdhfBtGIV6HmPAnrjVTOVI%2bvEJzxCSRxGjnLfBOAwgRIAV1%2bdBLl%2fv6AFX86e9%2fVK3aB0PuUuDyhN93%2bAcFcCrftOz2q8Zj8hApyqrtUZ%2fW
US
text
1.36 Kb
malicious
3980
Gather Proxy.exe
GET
200
216.58.206.19:80
http://www.proxyserverlist24.top/
US
html
55.6 Kb
whitelisted
3980
Gather Proxy.exe
GET
301
172.217.16.161:80
http://proxyserverlist-24.blogspot.com/
US
html
215 b
whitelisted
3980
Gather Proxy.exe
GET
301
69.164.218.141:80
http://www.proxynova.com/proxy-server-list/country-nl/
US
html
346 b
malicious
3980
Gather Proxy.exe
GET
301
69.164.218.141:80
http://www.proxynova.com/proxy-server-list/country-ar/
US
html
346 b
malicious
3980
Gather Proxy.exe
GET
301
69.164.218.141:80
http://www.proxynova.com/proxy-server-list/country-br/
US
html
346 b
malicious
3980
Gather Proxy.exe
GET
301
69.164.218.141:80
http://www.proxynova.com/proxy-server-list/country-az/
US
html
346 b
malicious
3980
Gather Proxy.exe
GET
301
69.164.218.141:80
http://www.proxynova.com/proxy-server-list/country-gb/
US
html
346 b
malicious
3980
Gather Proxy.exe
GET
301
69.164.218.141:80
http://www.proxynova.com/proxy-server-list/country-my/
US
html
346 b
malicious
3980
Gather Proxy.exe
GET
301
69.164.218.141:80
http://www.proxynova.com/proxy-server-list/country-iq/
US
html
346 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3980
Gather Proxy.exe
97.74.233.74:80
update.snaware.com
GoDaddy.com, LLC
US
unknown
3980
Gather Proxy.exe
216.58.208.36:80
www.google.com
Google Inc.
US
whitelisted
3980
Gather Proxy.exe
216.58.206.19:80
www.proxyserverlist24.top
Google Inc.
US
whitelisted
3980
Gather Proxy.exe
69.164.218.141:80
www.proxynova.com
Linode, LLC
US
malicious
3980
Gather Proxy.exe
69.164.218.141:443
www.proxynova.com
Linode, LLC
US
malicious
3980
Gather Proxy.exe
172.217.18.100:80
www.google.com
Google Inc.
US
whitelisted
3980
Gather Proxy.exe
134.119.217.244:80
spys.ru
velia.net Internetdienste GmbH
FR
malicious
3980
Gather Proxy.exe
104.27.148.235:443
free-proxy-list.net
Cloudflare Inc
US
shared
3980
Gather Proxy.exe
104.27.148.235:80
free-proxy-list.net
Cloudflare Inc
US
shared
3980
Gather Proxy.exe
104.24.98.135:443
www.us-proxy.org
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
update.snaware.com
  • 97.74.233.74
malicious
gp.snaware.com
  • 97.74.233.74
unknown
www.google.com
  • 172.217.18.100
  • 216.58.208.36
malicious
proxyserverlist-24.blogspot.com
  • 172.217.16.161
whitelisted
www.proxyserverlist24.top
  • 216.58.206.19
whitelisted
www.proxynova.com
  • 69.164.218.141
malicious
www.aliveproxy.com
  • 89.208.212.2
suspicious
www.us-proxy.org
  • 104.24.98.135
  • 104.24.99.135
whitelisted
www.sslproxies.org
  • 104.28.30.59
  • 104.28.31.59
malicious
free-proxy-list.net
  • 104.27.148.235
  • 104.27.149.235
unknown

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
A Network Trojan was detected
ET MALWARE Fun Web Products Spyware User-Agent (FunWebProducts)
A Network Trojan was detected
ET MALWARE SpamBlockerUtility Fake Anti-Spyware User-Agent (SpamBlockerUtility x.x.x)
A Network Trojan was detected
ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar)
Potentially Bad Traffic
ET WEB_CLIENT Hex Obfuscation of document.write % Encoding
Potentially Bad Traffic
ET WEB_CLIENT Hex Obfuscation of document.write % Encoding
A Network Trojan was detected
ET MALWARE Zango Seekmo Bar Spyware User-Agent (Seekmo Toolbar)
Potentially Bad Traffic
ET WEB_CLIENT Hex Obfuscation of document.write % Encoding
A Network Trojan was detected
ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Gather Proxy 9.0 Crack.rar