File name:

NjEwODU3MzcxMzA3MjEyOC56aXA=.zip

Full analysis: https://app.any.run/tasks/1d86c31b-6d2f-40ee-961e-0388c183698c
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: January 29, 2020, 15:52:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
pup
installcore
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

43AAABA35982F7CCFF6BABC0E6DDBD89

SHA1:

47791C6F922E18C5B66F6DA1A16CAD089AB4BAB6

SHA256:

41EC4D1DA5100C60D9BC7D0845EA07CD89B9C581C8389CB2F6564CA2ABE623C3

SSDEEP:

12288:fsG7oKWoExasbUYybEkcizCSfJWRw2LN1na1BQLyCWnYxmBLnPHtUzyqqTznPxPL:ECyJaWWxzPYDnsPPHtRDNmyYpuanJ8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Renames files like Ransomware

      • explorer.exe (PID: 372)

    • Application was dropped or rewritten from another process

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 2384)
      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)
      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3804)
      • FAHWindow.exe (PID: 2876)
      • FAHConsole.exe (PID: 2552)
      • FAHWindow.exe (PID: 1024)
      • FAHConsole.exe (PID: 3248)
      • UpdateHelper.exe (PID: 3488)
      • FAHConsole.exe (PID: 564)
      • WINZIP32.EXE (PID: 1172)
      • WzPreviewer32.exe (PID: 3968)
      • WINZIP32.EXE (PID: 2104)
      • WINZIP32.EXE (PID: 2120)
      • WzPreloader.exe (PID: 3600)
      • FAHWindow32.exe (PID: 3204)
      • FAHConsole.exe (PID: 4036)
      • adxregistrator.exe (PID: 1928)
      • adxregistrator.exe (PID: 3852)

    • INSTALLCORE was detected

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Connects to CnC server

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Loads dropped or rewritten executable

      • FAHWindow.exe (PID: 2876)
      • MsiExec.exe (PID: 1636)
      • explorer.exe (PID: 372)
      • FAHWindow.exe (PID: 1024)
      • WINZIP32.EXE (PID: 1172)
      • msiexec.exe (PID: 3380)
      • msiexec.exe (PID: 3192)
      • svchost.exe (PID: 860)
      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)
      • WINZIP32.EXE (PID: 2104)
      • WINZIP32.EXE (PID: 2120)
      • csrss.exe (PID: 388)
      • adxregistrator.exe (PID: 3852)
      • adxregistrator.exe (PID: 1928)
      • FAHWindow32.exe (PID: 3204)

    • Runs injected code in another process

      • FAHWindow.exe (PID: 2876)

    • Application was injected by another process

      • explorer.exe (PID: 372)

    • Writes to a start menu file

      • msiexec.exe (PID: 1676)

    • Changes settings of System certificates

      • msiexec.exe (PID: 1676)

  • SUSPICIOUS

    • Creates files in the user directory

      • explorer.exe (PID: 372)
      • WINZIP32.EXE (PID: 1172)
      • WINZIP32.EXE (PID: 2104)
      • WINZIP32.EXE (PID: 2120)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2524)
      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 2384)
      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)
      • msiexec.exe (PID: 1676)
      • WINZIP32.EXE (PID: 2104)

    • Reads the machine GUID from the registry

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Application launched itself

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 2384)
      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Creates files in the program directory

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)
      • WINZIP32.EXE (PID: 2104)

    • Reads Internet Cache Settings

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)
      • WINZIP32.EXE (PID: 2120)
      • WINZIP32.EXE (PID: 2104)

    • Reads internet explorer settings

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)
      • WINZIP32.EXE (PID: 2120)
      • WINZIP32.EXE (PID: 2104)

    • Starts Microsoft Installer

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Changes the autorun value in the registry

      • msiexec.exe (PID: 1676)

    • Creates COM task schedule object

      • MsiExec.exe (PID: 1636)
      • WINZIP32.EXE (PID: 1172)
      • adxregistrator.exe (PID: 3852)
      • adxregistrator.exe (PID: 1928)
      • MsiExec.exe (PID: 2908)

    • Changes IE settings (feature browser emulation)

      • msiexec.exe (PID: 1676)
      • MsiExec.exe (PID: 2908)

    • Creates files in the Windows directory

      • MsiExec.exe (PID: 2908)

    • Modifies the open verb of a shell class

      • msiexec.exe (PID: 1676)
      • WINZIP32.EXE (PID: 1172)
      • WINZIP32.EXE (PID: 2104)

    • Loads DLL from Mozilla Firefox

      • csrss.exe (PID: 388)

    • Creates a software uninstall entry

      • WINZIP32.EXE (PID: 1172)

    • Searches for installed software

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Starts Internet Explorer

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Removes files from Windows directory

      • MsiExec.exe (PID: 2908)

    • Adds / modifies Windows certificates

      • msiexec.exe (PID: 1676)

  • INFO

    • Manual execution by user

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 2384)

    • Reads settings of System Certificates

      • msiexec.exe (PID: 1676)
      • WINZIP32.EXE (PID: 2120)
      • iexplore.exe (PID: 3740)

    • Application launched itself

      • msiexec.exe (PID: 1676)
      • iexplore.exe (PID: 3188)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 1676)

    • Creates files in the program directory

      • msiexec.exe (PID: 1676)

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 2908)
      • msiexec.exe (PID: 1676)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3188)
      • iexplore.exe (PID: 3740)

    • Changes internet zones settings

      • iexplore.exe (PID: 3188)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3740)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3740)

    • Dropped object may contain Bitcoin addresses

      • WINZIP32.EXE (PID: 2104)
      • WINZIP32.EXE (PID: 2120)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3740)

    • Creates files in the user directory

      • iexplore.exe (PID: 3740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0009
ZipCompression: Deflated
ZipModifyDate: 1980:00:00 00:00:00
ZipCRC: 0xdf8eca14
ZipCompressedSize: 849960
ZipUncompressedSize: 906024
ZipFileName: db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
71
Monitored processes
31
Malicious processes
12
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start inject winrar.exe db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe #INSTALLCORE db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe no specs msiexec.exe no specs msiexec.exe msiexec.exe no specs fahconsole.exe no specs fahconsole.exe no specs fahwindow.exe no specs updatehelper.exe no specs explorer.exe msiexec.exe no specs msiexec.exe no specs fahconsole.exe no specs fahwindow.exe no specs winzip32.exe no specs wzpreviewer32.exe no specs fahconsole.exe no specs fahwindow32.exe no specs msiexec.exe no specs msiexec.exe no specs adxregistrator.exe no specs adxregistrator.exe no specs svchost.exe wzpreloader.exe no specs iexplore.exe winzip32.exe iexplore.exe winzip32.exe csrss.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
372C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\winanr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
388%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exeexplorer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
564"C:\Program Files\File Association Helper\FAHConsole.exe" unregisterC:\Program Files\File Association Helper\FAHConsole.exeMsiExec.exe
User:
admin
Company:
Nico Mak Computing
Integrity Level:
HIGH
Description:
File Association Helper
Exit code:
0
Version:
1.2.225.65451
Modules
Images
c:\program files\file association helper\fahconsole.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
860C:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\windanr.exe
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1024"C:\Program Files\File Association Helper\FAHWindow.exe" unregisterC:\Program Files\File Association Helper\FAHWindow.exeFAHConsole.exe
User:
admin
Company:
Nico Mak Computing
Integrity Level:
HIGH
Description:
File Association Helper
Exit code:
0
Version:
1.2.225.65451
Modules
Images
c:\program files\file association helper\fahwindow.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\file association helper\fahdll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1172"C:\Program Files\WinZip\WINZIP32.EXE" /noqp /nodesktop /nostartmenu /nomenugroup /autoinstall /lang 1033C:\Program Files\WinZip\WINZIP32.EXEmsiexec.exe
User:
admin
Company:
WinZip Computing, S.L.
Integrity Level:
HIGH
Description:
WinZip
Exit code:
0
Version:
30.0 (32-bit)
Modules
Images
c:\program files\winzip\winzip32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1636"C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files\File Association Helper\FAHDll.dll"C:\Windows\system32\MsiExec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1676C:\Windows\system32\msiexec.exe /VC:\Windows\system32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1928"C:\Program Files\WinZip\adxregistrator.exe" /install="C:\Program Files\WinZip\WinZipExpressForOffice.dll" /privileges=adminC:\Program Files\WinZip\adxregistrator.exeMsiExec.exe
User:
admin
Company:
Add-in Express Ltd.
Integrity Level:
HIGH
Description:
adxregistrator
Exit code:
0
Version:
7, 2, 4055, 0
Modules
Images
c:\program files\winzip\adxregistrator.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2104"C:\Program Files\WinZip\WINZIP32.EXE" C:\Program Files\WinZip\WINZIP32.EXE
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
User:
admin
Company:
WinZip Computing, S.L.
Integrity Level:
HIGH
Description:
WinZip
Exit code:
0
Version:
30.0 (32-bit)
Modules
Images
c:\program files\winzip\winzip32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
16 412
Read events
13 376
Write events
2 992
Delete events
44

Modification events

(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2524) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\NjEwODU3MzcxMzA3MjEyOC56aXA=.zip
(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(372) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList
Operation:writeName:a
Value:
WinRAR.exe
(PID) Process:(372) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList
Operation:writeName:MRUList
Value:
a
Executable files
172
Suspicious files
41
Text files
274
Unknown types
50

Dropped files

PID
Process
Filename
Type
2384db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exeC:\Users\admin\AppData\Local\Temp\00A70553.log
MD5:
SHA256:
372explorer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-msautomaticdestinations-ms
MD5:3324D77C09CE9339ADB4F24BA2232DC8
SHA256:D8D3CCF2B25F8E8E11AC97EF69CFCB4713074F5D9F6A3F8A8BA823D8C7CA5ECE
860svchost.exeC:\Windows\appcompat\programs\RecentFileCache.bcftxt
MD5:9D8FC6D7D4BE05ECA3CFDA3A4290AD3D
SHA256:A3000F6B5ECDEA78C06CA08B65791B1DFD94A6F41A0A734F9817DAE59D098D69
372explorer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\NjEwODU3MzcxMzA3MjEyOC56aXA=.zip.lnklnk
MD5:53A7268D668BAAD3EE7CB2CEAFBD7115
SHA256:B51145FF9A9577A53A5473B5A78291E64E5DC061A774B4D7991B412A0D801486
2524WinRAR.exeC:\Users\admin\Desktop\db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371ccexecutable
MD5:D2522CF4F532E201320BE4A5B8BF1B94
SHA256:DB237CA3AA696B3E83DC249BC1FCD99903610FEE05B3D331459A5410D23371CC
372explorer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\290532160612e071.automaticDestinations-msautomaticdestinations-ms
MD5:BC9104AF1AC518A183BCDC946E964825
SHA256:3ECF3640CD855AAF5C856D4C4B741433CECBC53C01FD22081E821DCF6F3BC60A
372explorer.exeC:\Users\admin\Desktop\db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exeexecutable
MD5:D2522CF4F532E201320BE4A5B8BF1B94
SHA256:DB237CA3AA696B3E83DC249BC1FCD99903610FEE05B3D331459A5410D23371CC
372explorer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\Downloads.lnklnk
MD5:9753E334CE8CE50EEE804388ECD0013A
SHA256:C453BC1AABF7AFA99E8A9B324C2362311BD8673D8DAF873FC1EDBDB5650B7750
2384db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exeC:\Users\admin\AppData\Local\Temp\ish10945875\css\sdk-ui\browse.csstext
MD5:6009D6E864F60AEA980A9DF94C1F7E1C
SHA256:5EF48A8C8C3771B4F233314D50DD3B5AFDCD99DD4B74A9745C8FE7B22207056D
2384db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exeC:\Users\admin\AppData\Local\Temp\ish10945875\css\sdk-ui\button.csstext
MD5:37E1FF96E084EC201F0D95FEEF4D5E94
SHA256:8E806F5B94FC294E918503C8053EF1284E4F4B1E02C7DA4F4635E33EC33E0534
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
730
TCP/UDP connections
118
DNS requests
48
Threats
19

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
POST
200
52.51.217.55:80
http://rp.dinipip.com/?pcrc=751963059&v=2.0
IE
text
4 b
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
POST
404
52.212.215.62:80
http://os.dinipip.com/WinZip/?v=5.0&c=1002826639
IE
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
HEAD
200
2.21.140.85:80
http://download.winzip.com/nkln/19/winzip_en_32.msi
unknown
whitelisted
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
HEAD
200
146.185.27.53:80
http://cdneu.dinipip.com/app/WinZip/FAH32.cis
GB
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
POST
200
52.51.217.55:80
http://rp.dinipip.com/?pcrc=2141886685&v=2.0
IE
text
4 b
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
GET
206
2.21.140.85:80
http://download.winzip.com/nkln/19/winzip_en_32.msi
unknown
binary
100 Kb
whitelisted
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
POST
200
52.51.217.55:80
http://rp.dinipip.com/?pcrc=1404063444&v=2.0
IE
text
4 b
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
GET
206
2.21.140.85:80
http://download.winzip.com/nkln/19/winzip_en_32.msi
unknown
binary
100 Kb
whitelisted
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
GET
2.21.140.85:80
http://download.winzip.com/nkln/19/winzip_en_32.msi
unknown
whitelisted
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
POST
404
52.50.98.206:80
http://os2.dinipip.com/WinZip/?v=5.0&c=1002826639
IE
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
146.185.27.53:80
cdneu.dinipip.com
UK-2 Limited
GB
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
52.51.217.55:80
rp.dinipip.com
Amazon.com, Inc.
IE
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
52.16.29.135:80
info.dinipip.com
Amazon.com, Inc.
IE
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
209.95.37.242:80
cdnus.dinipip.com
WestHost, Inc.
US
suspicious
3740
iexplore.exe
104.114.131.176:80
download.winzip.com
Akamai Technologies, Inc.
NL
unknown
2104
WINZIP32.EXE
23.20.80.55:80
update.winzip.com
Amazon.com, Inc.
US
unknown
3740
iexplore.exe
216.58.205.226:443
www.googleadservices.com
Google Inc.
US
whitelisted
3740
iexplore.exe
104.114.131.176:443
download.winzip.com
Akamai Technologies, Inc.
NL
unknown
3740
iexplore.exe
172.217.16.202:443
ajax.googleapis.com
Google Inc.
US
whitelisted
2104
WINZIP32.EXE
104.114.131.176:80
download.winzip.com
Akamai Technologies, Inc.
NL
unknown

DNS requests

Domain
IP
Reputation
rp.dinipip.com
  • 52.51.217.55
  • 52.215.31.191
malicious
info.dinipip.com
  • 52.16.29.135
  • 52.19.168.111
  • 54.246.196.116
malicious
os.dinipip.com
  • 52.212.215.62
  • 52.51.129.59
  • 52.50.98.206
malicious
download.winzip.com
  • 2.21.140.85
  • 104.114.131.176
whitelisted
cdneu.dinipip.com
  • 146.185.27.53
malicious
cdnus.dinipip.com
  • 209.95.37.242
malicious
os2.dinipip.com
  • 52.50.98.206
  • 52.51.129.59
  • 52.212.215.62
malicious
client-api.yuntusoft.com
unknown
www.winzip.com
  • 104.114.131.176
whitelisted
update.winzip.com
  • 23.20.80.55
  • 52.2.204.106
unknown

Threats

PID
Process
Class
Message
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
A Network Trojan was detected
ET MALWARE DealPly Adware CnC Beacon
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
Misc activity
ADWARE [PTsecurity] InstallCore Initial Install Artifact
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
A Network Trojan was detected
MALWARE [PTsecurity] InstallCore.Gen Check-in POST
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
A Network Trojan was detected
ET MALWARE DealPly Adware CnC Beacon
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M3
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
A Network Trojan was detected
ET MALWARE DealPly Adware CnC Beacon
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M4
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
A Network Trojan was detected
MALWARE [PTsecurity] InstallCore.Gen Check-in POST
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
A Network Trojan was detected
MALWARE [PTsecurity] InstallCore.Gen Check-in POST
5 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
NjEwODU3MzcxMzA3MjEyOC56aXA=.zip