File name:

JDownloader2Setup_windows-amd64_v21_0_6.exe

Full analysis: https://app.any.run/tasks/c83b8967-c8f4-4b79-b9ad-7fb4d611455e
Verdict: Malicious activity
Analysis date: March 22, 2025, 20:22:57
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
antivm
arch-scr
arch-doc
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
MD5:

2660E4F15ECDDE073AC5E743BDEC6680

SHA1:

691EB453844C9E73AE4F6CF916BA090958932DF5

SHA256:

5F81C61F11CA820C5CD1E98AD525CDAE5E44DE0BAD5620C18138EE995FC3BA75

SSDEEP:

393216:+EHsKsxIt4IYUcLtzzCpLhf79TpTIhzente8bVc5jDKO5sTfayj2SGCgY0H:+owImIvcLtz+plfJA28kVkjDKTf3FGx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Process drops legitimate windows executable

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • The process drops C-runtime libraries

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • There is functionality for VM detection antiVM strings (YARA)

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • There is functionality for taking screenshot (YARA)

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • There is functionality for VM detection VMWare (YARA)

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • There is functionality for VM detection VirtualBox (YARA)

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Reads security settings of Internet Explorer

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Starts CMD.EXE for commands execution

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Executable content was dropped or overwritten

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

  • INFO

    • Reads the computer name

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)
      • identity_helper.exe (PID: 7764)

    • Creates files or folders in the user directory

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Reads Environment values

      • java.exe (PID: 5892)
      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)
      • identity_helper.exe (PID: 7764)

    • Reads CPU info

      • java.exe (PID: 5892)
      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Process checks computer location settings

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Create files in a temporary directory

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)
      • java.exe (PID: 5892)

    • Checks supported languages

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)
      • identity_helper.exe (PID: 7764)
      • java.exe (PID: 5892)

    • Reads the machine GUID from the registry

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Application launched itself

      • msedge.exe (PID: 6808)

    • Checks operating system version

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)

    • Reads the software policy settings

      • slui.exe (PID: 8068)

    • Manual execution by a user

      • wscript.exe (PID: 3024)
      • notepad.exe (PID: 1324)
      • OpenWith.exe (PID: 5952)
      • msedge.exe (PID: 4988)
      • OpenWith.exe (PID: 7568)
      • OpenWith.exe (PID: 4696)
      • OpenWith.exe (PID: 7584)
      • OpenWith.exe (PID: 7288)
      • rundll32.exe (PID: 7556)
      • OpenWith.exe (PID: 7836)
      • OpenWith.exe (PID: 7924)

    • Checks proxy server information

      • reg.exe (PID: 7332)
      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)
      • slui.exe (PID: 8068)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 1324)

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 5952)
      • OpenWith.exe (PID: 7288)
      • OpenWith.exe (PID: 7568)
      • OpenWith.exe (PID: 7584)
      • OpenWith.exe (PID: 7836)
      • OpenWith.exe (PID: 4696)
      • OpenWith.exe (PID: 7924)

    • The sample compiled with english language support

      • JDownloader2Setup_windows-amd64_v21_0_6.exe (PID: 1020)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:12:20 10:26:38+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.4
CodeSize: 443392
InitializedDataSize: 485888
UninitializedDataSize: -
EntryPoint: 0x39aa0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.0.53709.0
ProductVersionNumber: 2.0.53709.0
FileFlagsMask: 0x0017
FileFlags: Debug
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: AppWork GmbH
FileDescription: JDownloader
FileVersion: 2.0.250317
LegalCopyright: AppWork GmbH
ProductName: JDownloader
ProductVersion: 2.0.250317
OriginalFileName: JDownloader2Setup_windows-amd64_v21_0_6.exe
InternalName: jd2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
179
Monitored processes
59
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start jdownloader2setup_windows-amd64_v21_0_6.exe java.exe no specs conhost.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wscript.exe no specs notepad.exe no specs openwith.exe no specs msedge.exe no specs openwith.exe no specs msedge.exe no specs openwith.exe no specs msedge.exe no specs openwith.exe no specs openwith.exe no specs rundll32.exe no specs openwith.exe no specs openwith.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1020"C:\Users\admin\Desktop\JDownloader2Setup_windows-amd64_v21_0_6.exe" C:\Users\admin\Desktop\JDownloader2Setup_windows-amd64_v21_0_6.exe
explorer.exe
User:
admin
Company:
AppWork GmbH
Integrity Level:
MEDIUM
Description:
JDownloader
Version:
2.0.250317
Modules
Images
c:\users\admin\desktop\jdownloader2setup_windows-amd64_v21_0_6.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1324"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\combocompletions.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3512 --field-trial-handle=2140,i,11246819145314537535,16011254622754498808,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2096"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x338,0x33c,0x340,0x330,0x348,0x7ffc89a35fd8,0x7ffc89a35fe4,0x7ffc89a35ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3640 --field-trial-handle=2140,i,11246819145314537535,16011254622754498808,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2656"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=2140,i,11246819145314537535,16011254622754498808,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2908"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1968 --field-trial-handle=2140,i,11246819145314537535,16011254622754498808,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3024"C:\Windows\System32\WScript.exe" C:\Users\admin\Desktop\insertdate.jsC:\Windows\System32\wscript.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3180\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3332"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2532 --field-trial-handle=2140,i,11246819145314537535,16011254622754498808,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
13 167
Read events
13 127
Write events
39
Delete events
1

Modification events

(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\ej-technologies\exe4j\pids
Operation:writeName:c:\users\admin\desktop\jdownloader2setup_windows-amd64_v21_0_6.exe
Value:
1020
(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\ej-technologies\exe4j
Operation:writeName:InstallStarted_1020
Value:
1
(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\ej-technologies\exe4j
Operation:writeName:InstallStarted
Value:
1
(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\ej-technologies\exe4j
Operation:writeName:InstallStarted_1020
Value:
0
(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\ej-technologies\exe4j
Operation:writeName:InstallStarted
Value:
0
(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\ej-technologies\exe4j
Operation:delete valueName:InstallStarted_1020
Value:
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1020) JDownloader2Setup_windows-amd64_v21_0_6.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
Executable files
432
Suspicious files
733
Text files
1 002
Unknown types
2

Dropped files

PID
Process
Filename
Type
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\jre.tar.gz
MD5:
SHA256:
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4j_extf_2_69g5ss_14qfchv.pngimage
MD5:897CBCCAA5BEEABE003852664EB715D5
SHA256:95689AEF5B4F6EBDF806E4D04F9C5F1CF23C539BAED86D9DEAFCFCA607DBA7DE
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4jparams.confxml
MD5:A91DDEAE16A8F431B456204F667D0E9C
SHA256:EC7E73C408170F4E2CA8140077D499271F32A9D6A496D8FEF286F1BEBBBB25F4
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4j_extf_7_69g5ss_18gg8kx.pngimage
MD5:05658E9BE759D303893D0AF89025FD05
SHA256:CB52AEBF64334395C1EFF412DEF789EC55A18630953A1F69015B501E0DBF87CA
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\stats.propertiestext
MD5:05B108B8A83FB09A64B9FD46E41019C2
SHA256:9A009B0C303F9C8327BE07A80A3B07D2D4956B8CE8624EA90403DBAE9D0C91FB
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4j_extf_1_69g5ss.utf8html
MD5:D38F49C7A68D72FD9ED885EBE6415903
SHA256:E4D91313DD4694993DF9057FF320D8B88D8B1D0DAC3126F578E0F460F3BC4488
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4j_extf_7_69g5ss_18gg8kx@2x.pngimage
MD5:5E164B13AC0B85B81D2C2156BFDFCFA1
SHA256:85FCF9F08CC62C915213901DB70833F9F27C43DDAE1CB300F86E7D95008CEFFA
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4j_extf_0_69g5ss.utf8text
MD5:5CEA5816D88FC40B35DBAF8E5F1BB611
SHA256:0985442C7262997B5C877AF7562555F265A5F39389BD00187303858FA10C7655
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\e4jFB4A.tmp_dir1742675009\i4j_extf_4_69g5ss_1pcd4ys.pngimage
MD5:C7F3E517636414608FE68062894CAA6E
SHA256:2FE9F283A2C568EBA1A35AB23CE2E7A9313D2F5405AA65DC5DB723159E910B38
1020JDownloader2Setup_windows-amd64_v21_0_6.exeC:\Users\admin\AppData\Local\install4j\t\i4j_nlog_1.logtext
MD5:4983625A05A4A2A8758E9446017D7582
SHA256:E34C1E18DE4E25DADDB7BB8908A0CE1238BBEF855E0003EA0F11169BB8460A8E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
126
TCP/UDP connections
138
DNS requests
107
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
401
13.107.6.158:443
https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox
unknown
unknown
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
binary
1012 b
whitelisted
GET
200
136.243.166.109:443
https://my.jdownloader.org/contribute/images/eclogo.bed956ae.jpg
unknown
image
28.0 Kb
whitelisted
GET
200
136.243.166.109:443
https://my.jdownloader.org/contribute/images/clipboard.2479236d.svg
unknown
image
537 b
whitelisted
GET
200
136.243.166.109:443
https://my.jdownloader.org/contribute/scripts/scripts.9674f76d.js
unknown
binary
38.5 Kb
whitelisted
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=44&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1
unknown
binary
9.81 Kb
whitelisted
GET
200
136.243.166.109:443
https://my.jdownloader.org/contribute/images/cryptologo.efcc8339.png
unknown
image
7.65 Kb
whitelisted
GET
200
136.243.166.109:443
https://my.jdownloader.org/contribute/scripts/vendor.7d4179e0.js
unknown
binary
365 Kb
whitelisted
OPTIONS
503
23.50.131.78:443
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
html
280 b
whitelisted
GET
200
136.243.166.109:443
https://my.jdownloader.org/contribute/
unknown
html
1.57 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6808
msedge.exe
239.255.255.250:1900
whitelisted
2908
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2908
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2908
msedge.exe
13.107.246.44:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2908
msedge.exe
136.243.166.109:443
my.jdownloader.org
Hetzner Online GmbH
DE
whitelisted
2908
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.174
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
  • 150.171.28.11
  • 150.171.27.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.44
whitelisted
my.jdownloader.org
  • 136.243.166.109
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 23.50.131.78
  • 23.50.131.74
whitelisted
www.bing.com
  • 92.123.104.32
  • 92.123.104.31
  • 92.123.104.38
  • 92.123.104.34
  • 92.123.104.28
  • 92.123.104.33
  • 92.123.104.59
  • 92.123.104.19
whitelisted
payments.appwork.org
  • 148.251.68.18
unknown

Threats

PID
Process
Class
Message
2908
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
2908
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
2908
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
2908
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (t .co)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
JDownloader2Setup_windows-amd64_v21_0_6.exe