File name:

NjEwODU3MzcxMzA3MjEyOC56aXA=.zip

Full analysis: https://app.any.run/tasks/1d86c31b-6d2f-40ee-961e-0388c183698c
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: January 29, 2020, 15:52:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
pup
installcore
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

43AAABA35982F7CCFF6BABC0E6DDBD89

SHA1:

47791C6F922E18C5B66F6DA1A16CAD089AB4BAB6

SHA256:

41EC4D1DA5100C60D9BC7D0845EA07CD89B9C581C8389CB2F6564CA2ABE623C3

SSDEEP:

12288:fsG7oKWoExasbUYybEkcizCSfJWRw2LN1na1BQLyCWnYxmBLnPHtUzyqqTznPxPL:ECyJaWWxzPYDnsPPHtRDNmyYpuanJ8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 2384)
      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)
      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3804)
      • UpdateHelper.exe (PID: 3488)
      • FAHConsole.exe (PID: 564)
      • FAHWindow.exe (PID: 1024)
      • FAHConsole.exe (PID: 2552)
      • FAHConsole.exe (PID: 3248)
      • FAHWindow.exe (PID: 2876)
      • WINZIP32.EXE (PID: 1172)
      • WzPreviewer32.exe (PID: 3968)
      • WINZIP32.EXE (PID: 2104)
      • WINZIP32.EXE (PID: 2120)
      • adxregistrator.exe (PID: 1928)
      • WzPreloader.exe (PID: 3600)
      • FAHWindow32.exe (PID: 3204)
      • FAHConsole.exe (PID: 4036)
      • adxregistrator.exe (PID: 3852)

    • Renames files like Ransomware

      • explorer.exe (PID: 372)

    • INSTALLCORE was detected

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Connects to CnC server

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Loads dropped or rewritten executable

      • explorer.exe (PID: 372)
      • FAHWindow.exe (PID: 2876)
      • MsiExec.exe (PID: 1636)
      • FAHWindow.exe (PID: 1024)
      • WINZIP32.EXE (PID: 1172)
      • msiexec.exe (PID: 3192)
      • msiexec.exe (PID: 3380)
      • svchost.exe (PID: 860)
      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)
      • WINZIP32.EXE (PID: 2104)
      • adxregistrator.exe (PID: 3852)
      • csrss.exe (PID: 388)
      • WINZIP32.EXE (PID: 2120)
      • adxregistrator.exe (PID: 1928)
      • FAHWindow32.exe (PID: 3204)

    • Application was injected by another process

      • explorer.exe (PID: 372)

    • Runs injected code in another process

      • FAHWindow.exe (PID: 2876)

    • Writes to a start menu file

      • msiexec.exe (PID: 1676)

    • Changes settings of System certificates

      • msiexec.exe (PID: 1676)

  • SUSPICIOUS

    • Creates files in the user directory

      • explorer.exe (PID: 372)
      • WINZIP32.EXE (PID: 1172)
      • WINZIP32.EXE (PID: 2104)
      • WINZIP32.EXE (PID: 2120)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2524)
      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 2384)
      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)
      • msiexec.exe (PID: 1676)
      • WINZIP32.EXE (PID: 2104)

    • Application launched itself

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 2384)
      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Creates files in the program directory

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)
      • WINZIP32.EXE (PID: 2104)

    • Reads the machine GUID from the registry

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Reads Internet Cache Settings

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)
      • WINZIP32.EXE (PID: 2104)
      • WINZIP32.EXE (PID: 2120)

    • Reads internet explorer settings

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)
      • WINZIP32.EXE (PID: 2104)
      • WINZIP32.EXE (PID: 2120)

    • Starts Microsoft Installer

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Changes the autorun value in the registry

      • msiexec.exe (PID: 1676)

    • Creates COM task schedule object

      • MsiExec.exe (PID: 1636)
      • WINZIP32.EXE (PID: 1172)
      • adxregistrator.exe (PID: 3852)
      • MsiExec.exe (PID: 2908)
      • adxregistrator.exe (PID: 1928)

    • Changes IE settings (feature browser emulation)

      • msiexec.exe (PID: 1676)
      • MsiExec.exe (PID: 2908)

    • Creates files in the Windows directory

      • MsiExec.exe (PID: 2908)

    • Modifies the open verb of a shell class

      • msiexec.exe (PID: 1676)
      • WINZIP32.EXE (PID: 1172)
      • WINZIP32.EXE (PID: 2104)

    • Creates a software uninstall entry

      • WINZIP32.EXE (PID: 1172)

    • Loads DLL from Mozilla Firefox

      • csrss.exe (PID: 388)

    • Searches for installed software

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Removes files from Windows directory

      • MsiExec.exe (PID: 2908)

    • Starts Internet Explorer

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 3664)

    • Adds / modifies Windows certificates

      • msiexec.exe (PID: 1676)

  • INFO

    • Manual execution by user

      • db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe (PID: 2384)

    • Reads settings of System Certificates

      • msiexec.exe (PID: 1676)
      • WINZIP32.EXE (PID: 2120)
      • iexplore.exe (PID: 3740)

    • Application launched itself

      • msiexec.exe (PID: 1676)
      • iexplore.exe (PID: 3188)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 1676)

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 2908)
      • msiexec.exe (PID: 1676)

    • Creates files in the program directory

      • msiexec.exe (PID: 1676)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3188)
      • iexplore.exe (PID: 3740)

    • Changes internet zones settings

      • iexplore.exe (PID: 3188)

    • Creates files in the user directory

      • iexplore.exe (PID: 3740)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3740)

    • Dropped object may contain Bitcoin addresses

      • WINZIP32.EXE (PID: 2104)
      • WINZIP32.EXE (PID: 2120)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3740)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0009
ZipCompression: Deflated
ZipModifyDate: 1980:00:00 00:00:00
ZipCRC: 0xdf8eca14
ZipCompressedSize: 849960
ZipUncompressedSize: 906024
ZipFileName: db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
71
Monitored processes
31
Malicious processes
12
Suspicious processes
2

Behavior graph

Click at the process to see the details

Process information

PID
CMD
Path
Indicators
Parent process
372C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\winanr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
388%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exeexplorer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
564"C:\Program Files\File Association Helper\FAHConsole.exe" unregisterC:\Program Files\File Association Helper\FAHConsole.exeMsiExec.exe
User:
admin
Company:
Nico Mak Computing
Integrity Level:
HIGH
Description:
File Association Helper
Exit code:
0
Version:
1.2.225.65451
Modules
Images
c:\program files\file association helper\fahconsole.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
860C:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\windanr.exe
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1024"C:\Program Files\File Association Helper\FAHWindow.exe" unregisterC:\Program Files\File Association Helper\FAHWindow.exeFAHConsole.exe
User:
admin
Company:
Nico Mak Computing
Integrity Level:
HIGH
Description:
File Association Helper
Exit code:
0
Version:
1.2.225.65451
Modules
Images
c:\program files\file association helper\fahwindow.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\file association helper\fahdll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1172"C:\Program Files\WinZip\WINZIP32.EXE" /noqp /nodesktop /nostartmenu /nomenugroup /autoinstall /lang 1033C:\Program Files\WinZip\WINZIP32.EXEmsiexec.exe
User:
admin
Company:
WinZip Computing, S.L.
Integrity Level:
HIGH
Description:
WinZip
Exit code:
0
Version:
30.0 (32-bit)
Modules
Images
c:\program files\winzip\winzip32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1636"C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files\File Association Helper\FAHDll.dll"C:\Windows\system32\MsiExec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1676C:\Windows\system32\msiexec.exe /VC:\Windows\system32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1928"C:\Program Files\WinZip\adxregistrator.exe" /install="C:\Program Files\WinZip\WinZipExpressForOffice.dll" /privileges=adminC:\Program Files\WinZip\adxregistrator.exeMsiExec.exe
User:
admin
Company:
Add-in Express Ltd.
Integrity Level:
HIGH
Description:
adxregistrator
Exit code:
0
Version:
7, 2, 4055, 0
Modules
Images
c:\program files\winzip\adxregistrator.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2104"C:\Program Files\WinZip\WINZIP32.EXE" C:\Program Files\WinZip\WINZIP32.EXE
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
User:
admin
Company:
WinZip Computing, S.L.
Integrity Level:
HIGH
Description:
WinZip
Exit code:
0
Version:
30.0 (32-bit)
Modules
Images
c:\program files\winzip\winzip32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
16 412
Read events
13 376
Write events
2 992
Delete events
44

Modification events

(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2524) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\NjEwODU3MzcxMzA3MjEyOC56aXA=.zip
(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2524) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(372) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList
Operation:writeName:a
Value:
WinRAR.exe
(PID) Process:(372) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList
Operation:writeName:MRUList
Value:
a
Executable files
172
Suspicious files
41
Text files
274
Unknown types
50

Dropped files

PID
Process
Filename
Type
2384db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exeC:\Users\admin\AppData\Local\Temp\00A70553.log
MD5:
SHA256:
372explorer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\Downloads.lnklnk
MD5:9753E334CE8CE50EEE804388ECD0013A
SHA256:C453BC1AABF7AFA99E8A9B324C2362311BD8673D8DAF873FC1EDBDB5650B7750
372explorer.exeC:\Users\admin\Desktop\db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exeexecutable
MD5:D2522CF4F532E201320BE4A5B8BF1B94
SHA256:DB237CA3AA696B3E83DC249BC1FCD99903610FEE05B3D331459A5410D23371CC
860svchost.exeC:\Windows\appcompat\programs\RecentFileCache.bcftxt
MD5:9D8FC6D7D4BE05ECA3CFDA3A4290AD3D
SHA256:A3000F6B5ECDEA78C06CA08B65791B1DFD94A6F41A0A734F9817DAE59D098D69
372explorer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\290532160612e071.automaticDestinations-msautomaticdestinations-ms
MD5:BC9104AF1AC518A183BCDC946E964825
SHA256:3ECF3640CD855AAF5C856D4C4B741433CECBC53C01FD22081E821DCF6F3BC60A
372explorer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-msautomaticdestinations-ms
MD5:3324D77C09CE9339ADB4F24BA2232DC8
SHA256:D8D3CCF2B25F8E8E11AC97EF69CFCB4713074F5D9F6A3F8A8BA823D8C7CA5ECE
2524WinRAR.exeC:\Users\admin\Desktop\db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371ccexecutable
MD5:D2522CF4F532E201320BE4A5B8BF1B94
SHA256:DB237CA3AA696B3E83DC249BC1FCD99903610FEE05B3D331459A5410D23371CC
2384db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exeC:\Users\admin\AppData\Local\Temp\ish10945875\css\sdk-ui\images\progress-bg-corner.pngimage
MD5:608F1F20CD6CA9936EAA7E8C14F366BE
SHA256:86B6E6826BCDE2955D64D4600A4E01693522C1FDDF156CE31C4BA45B3653A7BD
2384db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exeC:\Users\admin\AppData\Local\Temp\ish10945875\css\sdk-ui\button.csstext
MD5:37E1FF96E084EC201F0D95FEEF4D5E94
SHA256:8E806F5B94FC294E918503C8053EF1284E4F4B1E02C7DA4F4635E33EC33E0534
2384db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exeC:\Users\admin\AppData\Local\Temp\ish10945875\css\sdk-ui\progress-bar.csstext
MD5:5335F1C12201B5F7CF5F8B4F5692E3D1
SHA256:974CD89E64BDAA85BF36ED2A50AF266D245D781A8139F5B45D7C55A0B0841DDA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
730
TCP/UDP connections
118
DNS requests
48
Threats
19

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
POST
200
52.16.29.135:80
http://info.dinipip.com/?v=1.02&c=e6bbc0f7&at=360511915&cntr=0
IE
text
364 b
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
POST
200
52.51.217.55:80
http://rp.dinipip.com/?pcrc=751963059&v=2.0
IE
text
4 b
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
POST
404
52.212.215.62:80
http://os.dinipip.com/WinZip/?v=5.0&c=1002826639
IE
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
POST
200
52.51.217.55:80
http://rp.dinipip.com/?pcrc=2141886685&v=2.0
IE
text
4 b
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
HEAD
200
2.21.140.85:80
http://download.winzip.com/nkln/19/winzip_en_32.msi
unknown
whitelisted
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
POST
404
52.50.98.206:80
http://os2.dinipip.com/WinZip/?v=5.0&c=1002826639
IE
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
GET
206
2.21.140.85:80
http://download.winzip.com/nkln/19/winzip_en_32.msi
unknown
binary
100 Kb
whitelisted
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
GET
206
146.185.27.53:80
http://cdneu.dinipip.com/app/WinZip/FAH32.cis
GB
binary
699 Kb
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
HEAD
200
146.185.27.53:80
http://cdneu.dinipip.com/app/WinZip/FAH32.cis
GB
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
POST
404
52.212.215.62:80
http://os.dinipip.com/WinZip/?v=5.0&c=1002826639
IE
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
52.51.217.55:80
rp.dinipip.com
Amazon.com, Inc.
IE
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
52.16.29.135:80
info.dinipip.com
Amazon.com, Inc.
IE
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
52.212.215.62:80
os.dinipip.com
Amazon.com, Inc.
IE
malicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
2.21.140.85:80
download.winzip.com
Telia Company AB
suspicious
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
146.185.27.53:80
cdneu.dinipip.com
UK-2 Limited
GB
malicious
3740
iexplore.exe
216.58.205.226:443
www.googleadservices.com
Google Inc.
US
whitelisted
3740
iexplore.exe
172.217.16.202:443
ajax.googleapis.com
Google Inc.
US
whitelisted
3740
iexplore.exe
104.114.131.176:443
download.winzip.com
Akamai Technologies, Inc.
NL
unknown
3188
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2104
WINZIP32.EXE
104.114.131.176:80
download.winzip.com
Akamai Technologies, Inc.
NL
unknown

DNS requests

Domain
IP
Reputation
rp.dinipip.com
  • 52.51.217.55
  • 52.215.31.191
malicious
info.dinipip.com
  • 52.16.29.135
  • 52.19.168.111
  • 54.246.196.116
malicious
os.dinipip.com
  • 52.212.215.62
  • 52.51.129.59
  • 52.50.98.206
malicious
download.winzip.com
  • 2.21.140.85
  • 104.114.131.176
whitelisted
cdneu.dinipip.com
  • 146.185.27.53
malicious
cdnus.dinipip.com
  • 209.95.37.242
malicious
os2.dinipip.com
  • 52.50.98.206
  • 52.51.129.59
  • 52.212.215.62
malicious
client-api.yuntusoft.com
unknown
www.winzip.com
  • 104.114.131.176
whitelisted
update.winzip.com
  • 23.20.80.55
  • 52.2.204.106
unknown

Threats

PID
Process
Class
Message
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
A Network Trojan was detected
ET MALWARE DealPly Adware CnC Beacon
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
Misc activity
ADWARE [PTsecurity] InstallCore Initial Install Artifact
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
A Network Trojan was detected
MALWARE [PTsecurity] InstallCore.Gen Check-in POST
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
A Network Trojan was detected
ET MALWARE DealPly Adware CnC Beacon
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M3
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
A Network Trojan was detected
ET MALWARE DealPly Adware CnC Beacon
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M4
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
A Network Trojan was detected
MALWARE [PTsecurity] InstallCore.Gen Check-in POST
3664
db237ca3aa696b3e83dc249bc1fcd99903610fee05b3d331459a5410d23371cc.exe
A Network Trojan was detected
MALWARE [PTsecurity] InstallCore.Gen Check-in POST
5 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
NjEwODU3MzcxMzA3MjEyOC56aXA=.zip