File name:

614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c

Full analysis: https://app.any.run/tasks/167bc689-bc41-4494-a44c-ab95c437feed
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: March 24, 2025, 08:40:21
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
ransomware
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
MD5:

3FA0EF492D89BB171486AF749D4FEE35

SHA1:

D554798521C5F43548ABEED2E0C6A4C3883F9F4D

SHA256:

614A7F4E0044ED93208CBD4A5AB6916695E92ACE392BC352415B24FE5B2D535C

SSDEEP:

49152:UYKCl+9GU7km/SnY9RBE45NHWYFyG8ixjfe3:ujEMAee

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Deletes shadow copies

      • 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe (PID: 1676)

    • Disables task manager

      • 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe (PID: 1676)

    • Task Manager has been disabled (taskmgr)

      • 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe (PID: 1676)

    • RANSOMWARE has been detected

      • 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe (PID: 1676)

    • Renames files like ransomware

      • 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe (PID: 1676)

    • Actions looks like stealing of personal data

      • 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe (PID: 1676)
      • setup.exe (PID: 10120)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe (PID: 1676)

    • Uses REG/REGEDIT.EXE to modify registry

      • 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe (PID: 1676)

    • Starts CMD.EXE for commands execution

      • 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe (PID: 1676)

    • Uses TASKKILL.EXE to kill Office Apps

      • cmd.exe (PID: 2136)
      • cmd.exe (PID: 6816)
      • cmd.exe (PID: 5608)
      • cmd.exe (PID: 7052)

    • Executes as Windows Service

      • VSSVC.exe (PID: 6644)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 4988)
      • cmd.exe (PID: 5344)
      • cmd.exe (PID: 5528)
      • cmd.exe (PID: 5064)
      • cmd.exe (PID: 6048)
      • cmd.exe (PID: 1324)
      • cmd.exe (PID: 6272)
      • cmd.exe (PID: 6712)
      • cmd.exe (PID: 4120)
      • cmd.exe (PID: 960)
      • cmd.exe (PID: 1228)

    • Uses TASKKILL.EXE to kill Browsers

      • cmd.exe (PID: 516)
      • cmd.exe (PID: 744)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 7268)
      • cmd.exe (PID: 7260)
      • cmd.exe (PID: 7292)
      • cmd.exe (PID: 7280)
      • cmd.exe (PID: 7252)

    • Stops a currently running service

      • sc.exe (PID: 8036)
      • sc.exe (PID: 8084)
      • sc.exe (PID: 6972)
      • sc.exe (PID: 8120)
      • sc.exe (PID: 7360)

    • Application launched itself

      • setup.exe (PID: 10120)
      • setup.exe (PID: 10192)

  • INFO

    • Checks supported languages

      • 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe (PID: 1676)
      • setup.exe (PID: 10120)
      • setup.exe (PID: 10192)

    • The sample compiled with english language support

      • 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe (PID: 1676)

    • Creates files or folders in the user directory

      • 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe (PID: 1676)
      • BackgroundTransferHost.exe (PID: 9332)

    • Application launched itself

      • msedge.exe (PID: 8212)
      • msedge.exe (PID: 8160)

    • Reads Environment values

      • identity_helper.exe (PID: 10000)

    • Manual execution by a user

      • msedge.exe (PID: 8160)
      • OpenWith.exe (PID: 8324)
      • OpenWith.exe (PID: 8416)
      • OpenWith.exe (PID: 7352)
      • OpenWith.exe (PID: 9408)
      • OpenWith.exe (PID: 7632)
      • OpenWith.exe (PID: 8172)

    • Reads the computer name

      • identity_helper.exe (PID: 10000)
      • setup.exe (PID: 10192)

    • Process checks computer location settings

      • setup.exe (PID: 10192)

    • Reads Microsoft Office registry keys

      • setup.exe (PID: 10120)
      • OpenWith.exe (PID: 7632)
      • OpenWith.exe (PID: 7352)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 9332)
      • BackgroundTransferHost.exe (PID: 9644)
      • BackgroundTransferHost.exe (PID: 10032)
      • BackgroundTransferHost.exe (PID: 10172)
      • BackgroundTransferHost.exe (PID: 7572)

    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 9332)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2023:12:27 21:10:01+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.37
CodeSize: 687104
InitializedDataSize: 310272
UninitializedDataSize: -
EntryPoint: 0xa05a0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 0.3.0.0
ProductVersionNumber: 0.3.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: PPHUD
FileDescription: PPHUD Cheat
FileVersion: 0.3.0
LegalCopyright: (c) PPHUD Cheat
OriginalFileName: pphud.exe
ProductName: pphud
ProductVersion: 0.3.0 (AG)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
279
Monitored processes
143
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start THREAT 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe vssadmin.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs vssvc.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs sppextcomobj.exe no specs sc.exe no specs taskkill.exe no specs sc.exe no specs taskkill.exe no specs sc.exe no specs taskkill.exe no specs sc.exe no specs taskkill.exe no specs taskkill.exe no specs sc.exe no specs slui.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs setup.exe setup.exe no specs setup.exe no specs setup.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs msedge.exe no specs backgroundtransferhost.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs backgroundtransferhost.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs msedge.exe no specs 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
516"cmd" /c taskkill /F /IM msedge.exeC:\Windows\System32\cmd.exe614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7496 --field-trial-handle=2156,i,11286403691936276141,203344666660949602,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
744"cmd" /c taskkill /F /IM chrome.exeC:\Windows\System32\cmd.exe614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
960"cmd" /c taskkill /F /IM onedrive.exeC:\Windows\System32\cmd.exe614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1052\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1072"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3308 --field-trial-handle=2156,i,11286403691936276141,203344666660949602,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1088taskkill /F /IM outlook.exeC:\Windows\System32\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1228"cmd" /c taskkill /F /IM code.exeC:\Windows\System32\cmd.exe614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1324"cmd" /c taskkill /F /IM steam.exeC:\Windows\System32\cmd.exe614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1348\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
12 492
Read events
12 458
Write events
34
Delete events
0

Modification events

(PID) Process:(6972) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Operation:writeName:DisableTaskMgr
Value:
0
(PID) Process:(1676) 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Operation:writeName:DisableTaskMgr
Value:
1
(PID) Process:(8212) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(8212) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(8212) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(8212) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(8160) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(8160) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(8160) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1676) 614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Operation:writeName:DisableTaskMgr
Value:
0
Executable files
10
Suspicious files
377
Text files
47
Unknown types
0

Dropped files

PID
Process
Filename
Type
1676614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeC:\Users\admin\Albabat\Albabat_Logs.logtext
MD5:05A5039E648E7C18FC6FD4BD34EDBEF1
SHA256:4473AB74351AA3CBD88AC9FA577A73FDCE55272B0DA6F1B9993128DDD1B2A8CB
1676614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeC:\Users\admin\AppData\Roaming\614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeexecutable
MD5:3FA0EF492D89BB171486AF749D4FEE35
SHA256:614A7F4E0044ED93208CBD4A5AB6916695E92ACE392BC352415B24FE5B2D535C
1676614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeC:\Users\admin\Desktop\technologyyou.rtf.abbtbinary
MD5:94DCEDFD757C6F51C8EC8075F4A0098B
SHA256:D01421E78B6EFA6CA3644B7ED54F49BB7F28310E2FB07F2404AF9805B89AC6AA
1676614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeC:\Users\admin\Desktop\memberstep.jpg.abbtbinary
MD5:5BD3A67610039091CAF22464E9C21B37
SHA256:6F0731D55D7D27D9E919751693325FE986578281C2D87B616803093E0B2D8AF1
1676614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeC:\Users\admin\Desktop\provideridea.jpg.abbtbinary
MD5:E40715B03C53D6F1B810E2B702C68CED
SHA256:68D41EA5E6950ADCD2034E2F05EC69BFCD0B849A6ED640B35E41A69848344810
1676614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeC:\Users\admin\Desktop\sexydatabase.png.abbtbinary
MD5:5D2992D80D61F8546E82814E2C4BDBC0
SHA256:3F52C301C5263F69AEC74AC8275D4A51FE34D09BFA50A0FA4582D0736E82EAFE
1676614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeC:\Users\admin\Documents\PowerShell\Modules\PSSQLite\1.1.0\PSSQLite.psd1.abbtbinary
MD5:51EAC54E42D32B67E535040B8F588107
SHA256:53B3FEF80FF12232CCA7DFF6831B7C6402108118DCE5AE8B6B4DFE0D253A87DF
1676614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeC:\Users\admin\Desktop\villagemonths.png.abbtbinary
MD5:08CC0C8E22060F89FD876B456A2CADB1
SHA256:18570527DA0A3E8792EE737D7B5D6D55C237ECDA34CA82A198913286912DB4D2
1676614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeC:\Users\admin\Documents\PowerShell\Modules\PSSQLite\1.1.0\Invoke-SqliteBulkCopy.ps1.abbtbinary
MD5:24CE332195C04FD5A7682E04D17C7820
SHA256:6B489BE6DEF1662CF5BE8C4F01409C946FD68FE82B953CA4537F572C71CA2EDD
1676614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c.exeC:\Users\admin\Documents\PowerShell\Modules\PSSQLite\1.1.0\New-SqliteConnection.ps1.abbtbinary
MD5:3F87C7332616B98B77959A6E31151832
SHA256:C54F243F7409BEA1B1DBC1FBCF2AF482A48C83E168691F67BF3CA744AEBF345C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
48
DNS requests
47
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
9060
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
9332
BackgroundTransferHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
8264
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8264
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
3216
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.159.75:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
8160
msedge.exe
239.255.255.250:1900
whitelisted
8056
msedge.exe
142.250.186.131:443
www.gstatic.com
whitelisted
8056
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8056
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 20.190.159.75
  • 40.126.31.128
  • 20.190.159.129
  • 40.126.31.67
  • 40.126.31.131
  • 20.190.159.68
  • 20.190.159.131
  • 20.190.159.0
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
translate.google.com
  • 142.250.185.110
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
clients2.google.com
  • 142.250.186.110
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.60
whitelisted
www.gstatic.com
  • 142.250.186.131
whitelisted
translate.googleapis.com
  • 172.217.16.202
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
614a7f4e0044ed93208cbd4a5ab6916695e92ace392bc352415b24fe5b2d535c