File name:

JDownloader2Setup_windows-amd64_v21_0_6.exe

Full analysis: https://app.any.run/tasks/c83b8967-c8f4-4b79-b9ad-7fb4d611455e
Verdict: Malicious activity
Analysis date: March 22, 2025, 20:22:57
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
antivm
arch-scr
arch-doc
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
MD5:

2660E4F15ECDDE073AC5E743BDEC6680

SHA1:

691EB453844C9E73AE4F6CF916BA090958932DF5

SHA256:

5F81C61F11CA820C5CD1E98AD525CDAE5E44DE0BAD5620C18138EE995FC3BA75

SSDEEP:

393216:+EHsKsxIt4IYUcLtzzCpLhf79TpTIhzente8bVc5jDKO5sTfayj2SGCgY0H:+owImIvcLtz+plfJA28kVkjDKTf3FGx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • The process creates files with name similar to system file names

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Process drops legitimate windows executable

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • The process drops C-runtime libraries

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • There is functionality for VM detection VMWare (YARA)

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • There is functionality for VM detection VirtualBox (YARA)

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • There is functionality for VM detection antiVM strings (YARA)

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Reads security settings of Internet Explorer

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Starts CMD.EXE for commands execution

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • There is functionality for taking screenshot (YARA)

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

  • INFO

    • Reads the computer name

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)
      • identity_helper.exe (PID: 7764)

    • Checks supported languages

      • java.exe (PID: 5892)
      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)
      • identity_helper.exe (PID: 7764)

    • The sample compiled with english language support

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Creates files or folders in the user directory

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Reads CPU info

      • java.exe (PID: 5892)
      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Reads Environment values

      • java.exe (PID: 5892)
      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)
      • identity_helper.exe (PID: 7764)

    • Create files in a temporary directory

      • java.exe (PID: 5892)
      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Process checks computer location settings

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Reads the machine GUID from the registry

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Checks operating system version

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Reads the software policy settings

      • slui.exe (PID: 8068)

    • Checks proxy server information

      • reg.exe (PID: 7332)
      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)
      • slui.exe (PID: 8068)

    • Manual execution by a user

      • msedge.exe (PID: 4988)
      • notepad.exe (PID: 1324)
      • wscript.exe (PID: 3024)
      • OpenWith.exe (PID: 5952)
      • OpenWith.exe (PID: 7584)
      • OpenWith.exe (PID: 7568)
      • OpenWith.exe (PID: 7288)
      • OpenWith.exe (PID: 7924)
      • OpenWith.exe (PID: 4696)
      • rundll32.exe (PID: 7556)
      • OpenWith.exe (PID: 7836)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 1324)

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 5952)
      • OpenWith.exe (PID: 7584)
      • OpenWith.exe (PID: 4696)
      • OpenWith.exe (PID: 7568)
      • OpenWith.exe (PID: 7288)
      • OpenWith.exe (PID: 7836)
      • OpenWith.exe (PID: 7924)

    • Application launched itself

      • msedge.exe (PID: 6808)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:12:20 10:26:38+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.4
CodeSize: 443392
InitializedDataSize: 485888
UninitializedDataSize: -
EntryPoint: 0x39aa0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.0.53709.0
ProductVersionNumber: 2.0.53709.0
FileFlagsMask: 0x0017
FileFlags: Debug
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: AppWork GmbH
FileDescription: JDownloader
FileVersion: 2.0.250317
LegalCopyright: AppWork GmbH
ProductName: JDownloader
ProductVersion: 2.0.250317
OriginalFileName: JDownloader2Setup_windows-amd64_v21_0_6.exe
InternalName: jd2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
179
Monitored processes
59
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start jdownloader2setup_windows-amd64_v21_0_6.exe java.exe no specs conhost.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs notepad.exe no specs openwith.exe no specs msedge.exe no specs openwith.exe no specs msedge.exe no specs openwith.exe no specs msedge.exe no specs openwith.exe no specs openwith.exe no specs rundll32.exe no specs openwith.exe no specs openwith.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1020"C:\Users\admin\Desktop\JDownloader2Setup_windows-amd64_v21_0_6.exe" C:\Users\admin\Desktop\JDownloader2Setup_windows-amd64_v21_0_6.exe
explorer.exe
User:
admin
Company:
AppWork GmbH
Integrity Level:
MEDIUM
Description:
JDownloader
Version:
2.0.250317
Modules
Images
c:\users\admin\desktop\jdownloader2setup_windows-amd64_v21_0_6.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1324"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\combocompletions.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3512 --field-trial-handle=2140,i,11246819145314537535,16011254622754498808,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2096"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x338,0x33c,0x340,0x330,0x348,0x7ffc89a35fd8,0x7ffc89a35fe4,0x7ffc89a35ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3640 --field-trial-handle=2140,i,11246819145314537535,16011254622754498808,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2656"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=2140,i,11246819145314537535,16011254622754498808,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2908"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1968 --field-trial-handle=2140,i,11246819145314537535,16011254622754498808,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3024"C:\Windows\System32\WScript.exe" C:\Users\admin\Desktop\insertdate.jsC:\Windows\System32\wscript.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3180\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3332"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2532 --field-trial-handle=2140,i,11246819145314537535,16011254622754498808,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
13 167
Read events
13 127
Write events
39
Delete events
1

Modification events

(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\ej-technologies\exe4j\pids
Operation:writeName:c:\users\admin\desktop\jdownloader2setup_windows-amd64_v21_0_6.exe
Value:
1020
(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\ej-technologies\exe4j
Operation:writeName:InstallStarted_1020
Value:
1
(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\ej-technologies\exe4j
Operation:writeName:InstallStarted
Value:
1
(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\ej-technologies\exe4j
Operation:writeName:InstallStarted_1020
Value:
0
(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\ej-technologies\exe4j
Operation:writeName:InstallStarted
Value:
0
(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\ej-technologies\exe4j
Operation:delete valueName:InstallStarted_1020
Value:
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
Executable files
432
Suspicious files
733
Text files
1 002
Unknown types
2

Dropped files

PID
Process
Filename
Type
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\jre.tar.gz
MD5:
SHA256:
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4jparams.confxml
MD5:A91DDEAE16A8F431B456204F667D0E9C
SHA256:EC7E73C408170F4E2CA8140077D499271F32A9D6A496D8FEF286F1BEBBBB25F4
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4jruntime.jarjava
MD5:FD2A934BC5BF9178BE27F1EE2589F26C
SHA256:DFFB7DB4194F8A17536E5BE8C9737801249A6746E9EED744401068EB3FAF49CC
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4j_extf_7_69g5ss_18gg8kx@2x_dark.pngimage
MD5:A18DE868A92F791889CF1DF4C2E4B1CE
SHA256:2C07771B1357391B1B59E7A4D3D64237DECD1347DA2C6ACA85990AAD8EB36ECA
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\MessagesDefaulttext
MD5:5CEA5816D88FC40B35DBAF8E5F1BB611
SHA256:0985442C7262997B5C877AF7562555F265A5F39389BD00187303858FA10C7655
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4j_extf_0_69g5ss.utf8text
MD5:5CEA5816D88FC40B35DBAF8E5F1BB611
SHA256:0985442C7262997B5C877AF7562555F265A5F39389BD00187303858FA10C7655
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\i4j_nlog_1.logtext
MD5:4983625A05A4A2A8758E9446017D7582
SHA256:E34C1E18DE4E25DADDB7BB8908A0CE1238BBEF855E0003EA0F11169BB8460A8E
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4j_extf_3_69g5ss_1jb375m.pngimage
MD5:D9D9B527FFA9E19DB058350223950FFC
SHA256:CF2082D9B39EDBBB93D9819055085EEB12876058B25C33077A000EA53B5C1D51
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\installer.icoimage
MD5:1F0FA25C629E147A347578677EF48C43
SHA256:CA4422F74242954350DE35EFA9DB4F92FF748AD278B56CECF02C0CA9192460F2
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4j_extf_2_69g5ss_14qfchv.pngimage
MD5:897CBCCAA5BEEABE003852664EB715D5
SHA256:95689AEF5B4F6EBDF806E4D04F9C5F1CF23C539BAED86D9DEAFCFCA607DBA7DE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
126
TCP/UDP connections
138
DNS requests
107
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
GET
200
136.243.166.109:443
https://my.jdownloader.org/contribute/images/cryptologo.efcc8339.png
unknown
image
7.65 Kb
whitelisted
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
1012 b
whitelisted
GET
200
136.243.166.109:443
https://my.jdownloader.org/contribute/images/eclogo.bed956ae.jpg
unknown
image
28.0 Kb
whitelisted
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=44&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
768 b
whitelisted
GET
200
136.243.166.109:443
https://my.jdownloader.org/contribute/images/logo.f555b059.png
unknown
image
6.13 Kb
whitelisted
GET
200
92.123.104.32:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
binary
654 Kb
whitelisted
GET
200
136.243.166.109:443
https://my.jdownloader.org/contribute/images/btc-qrcode.a25c6029.gif
unknown
image
779 b
whitelisted
GET
200
136.243.166.109:443
https://my.jdownloader.org/contribute/images/bitcoin-text.ce098f76.svg
unknown
image
5.18 Kb
whitelisted
GET
200
136.243.166.109:443
https://my.jdownloader.org/contribute/images/clipboard.2479236d.svg
unknown
image
537 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6808
msedge.exe
239.255.255.250:1900
whitelisted
2908
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2908
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2908
msedge.exe
13.107.246.44:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2908
msedge.exe
136.243.166.109:443
my.jdownloader.org
Hetzner Online GmbH
DE
whitelisted
2908
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.174
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
  • 150.171.28.11
  • 150.171.27.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.44
whitelisted
my.jdownloader.org
  • 136.243.166.109
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 23.50.131.78
  • 23.50.131.74
whitelisted
www.bing.com
  • 92.123.104.32
  • 92.123.104.31
  • 92.123.104.38
  • 92.123.104.34
  • 92.123.104.28
  • 92.123.104.33
  • 92.123.104.59
  • 92.123.104.19
whitelisted
payments.appwork.org
  • 148.251.68.18
unknown

Threats

PID
Process
Class
Message
2908
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
2908
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
2908
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
2908
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
JDownloader2Setup_windows-amd64_v21_0_6.exe