download:

/web/20230306015007/http://dl.kkdownload.com/kzgw_21/kuaizip_setup_v3.3.1.8_kzgw_001.exe

Full analysis: https://app.any.run/tasks/02343a30-b7de-43d1-874f-726a50542491
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 15, 2025, 17:53:55
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

C361A27ED6A8D297FF15005B4454CED5

SHA1:

101B8E00642E3765FC35ECE2DAD9466060A66BD2

SHA256:

74622CF5003D4B12CCC61F9AB6D205F2057BCCADC50546FF0BAE1717FB72BA9B

SSDEEP:

196608:xB5l+xq4Iq+T4EzneCI8Y0g3sEZOm+I41+BgqvCyb80eUJc7vU6s6VnpM/do9cO1:xGq1q+8kg13Y1Q5f8FB78UVk2Xbx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)

    • Creates or modifies Windows services

      • KuaiZip.exe (PID: 7452)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 5548)
      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)
      • KuaiZip.exe (PID: 7452)
      • KuaiZip.exe (PID: 5332)
      • KuaiZip.exe (PID: 4452)
      • KZReport.exe (PID: 1228)

    • Application launched itself

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 5548)

    • Executable content was dropped or overwritten

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)

    • There is functionality for taking screenshot (YARA)

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)

    • Drops a system driver (possible attempt to evade defenses)

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)

    • Process requests binary or script from the Internet

      • explorer.exe (PID: 5492)

    • Drops 7-zip archiver for unpacking

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 2908)
      • regsvr32.exe (PID: 2420)

    • Creates a software uninstall entry

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)

  • INFO

    • Checks supported languages

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 5548)
      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)
      • identity_helper.exe (PID: 2344)
      • identity_helper.exe (PID: 7936)
      • KuaiZip.exe (PID: 5332)
      • KuaiZip.exe (PID: 7452)
      • KZReport.exe (PID: 1228)
      • KuaiZip.exe (PID: 4452)

    • The sample compiled with chinese language support

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 5548)
      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)

    • Reads the computer name

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 5548)
      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)
      • identity_helper.exe (PID: 7936)
      • identity_helper.exe (PID: 2344)
      • KuaiZip.exe (PID: 7452)
      • KZReport.exe (PID: 1228)
      • KuaiZip.exe (PID: 5332)
      • KuaiZip.exe (PID: 4452)

    • Process checks computer location settings

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 5548)
      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)

    • Checks proxy server information

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)
      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 5548)
      • explorer.exe (PID: 5492)
      • KuaiZip.exe (PID: 7452)
      • KuaiZip.exe (PID: 5332)
      • KZReport.exe (PID: 1228)
      • KuaiZip.exe (PID: 4452)

    • Reads Environment values

      • identity_helper.exe (PID: 7936)
      • identity_helper.exe (PID: 2344)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 8016)
      • explorer.exe (PID: 8108)
      • explorer.exe (PID: 5492)

    • Application launched itself

      • msedge.exe (PID: 8176)
      • msedge.exe (PID: 7800)

    • Reads the machine GUID from the registry

      • KuaiZip.exe (PID: 7452)
      • KuaiZip.exe (PID: 5332)
      • KuaiZip.exe (PID: 4452)

    • Creates files or folders in the user directory

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)
      • explorer.exe (PID: 5492)

    • The sample compiled with english language support

      • kuaizip_setup_v3.3.1.8_kzgw_001.exe (PID: 7536)

    • Reads the software policy settings

      • slui.exe (PID: 7208)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.7)
.exe | Generic Win/DOS Executable (23.4)
.exe | DOS Executable Generic (23.4)
.vxd | VXD Driver (0.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:06:17 09:21:36+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 151552
InitializedDataSize: 3318784
UninitializedDataSize: -
EntryPoint: 0xca83
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 3.3.1.8
ProductVersionNumber: 3.3.1.8
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
CompanyName: 上海广乐网络科技有限公司
FileDescription: 快压安装程序
FileVersion: 3.3.1.8
InternalName: KuaiZipSetup
LegalCopyright: 上海广乐网络科技有限公司. Copyright 2010-2020
OriginalFileName: KuaiZipSetup
ProductName: 快压软件程序
ProductVersion: 3.3.1.8
BuildTag: 2020/12/15 [001]
Comments: www.glzip.com
CompanyShortName: 上海广乐网络科技有限公司
ProductShortName: 快压
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
208
Monitored processes
70
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start kuaizip_setup_v3.3.1.8_kzgw_001.exe sppextcomobj.exe no specs slui.exe kuaizip_setup_v3.3.1.8_kzgw_001.exe explorer.exe no specs explorer.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs svchost.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs slui.exe explorer.exe kuaizip.exe kuaizip.exe kzreport.exe kuaizip.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
516"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2780 --field-trial-handle=2356,i,17950654872205717550,450114247612958060,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
660"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2352 --field-trial-handle=2356,i,17950654872205717550,450114247612958060,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4108 --field-trial-handle=2356,i,17950654872205717550,450114247612958060,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1196"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4912 --field-trial-handle=2356,i,15349817537100768781,14200696695806913685,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1228"C:\Users\admin\AppData\Roaming\快压\\X86\KZReport.exe" C:\Users\admin\AppData\Roaming\快压\X86\KZReport.exe
kuaizip_setup_v3.3.1.8_kzgw_001.exe
User:
admin
Company:
上海广乐网络科技有限公司
Integrity Level:
HIGH
Description:
KZReport
Exit code:
0
Version:
3.3.1.8
Modules
Images
c:\users\admin\appdata\roaming\快压\x86\kzreport.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
1512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6308 --field-trial-handle=2356,i,17950654872205717550,450114247612958060,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2344"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6552 --field-trial-handle=2356,i,17950654872205717550,450114247612958060,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
2420 /s C:\Users\admin\AppData\Roaming\快压\\X64\KuaiZipShellProp.dllC:\Windows\System32\regsvr32.exeregsvr32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2908 /s C:\Users\admin\AppData\Roaming\快压\\X64\KuaiZipShell.dllC:\Windows\System32\regsvr32.exeregsvr32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
18 981
Read events
18 149
Write events
700
Delete events
132

Modification events

(PID) Process:(5548) kuaizip_setup_v3.3.1.8_kzgw_001.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(5548) kuaizip_setup_v3.3.1.8_kzgw_001.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(5548) kuaizip_setup_v3.3.1.8_kzgw_001.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(5548) kuaizip_setup_v3.3.1.8_kzgw_001.exeKey:HKEY_CURRENT_USER\SOFTWARE\KuaiZip\TEMP
Operation:writeName:dmpd
Value:
472A2668000000005E030000147B4720AC1E25EAF4401C9FB947E60620CBADD08DFE70ABD14CEC1F383FF5D27E647F72FD6AC1CED1FDCBF7F9636AF2B929550EDF1B027962D55C57C7411E435184FC6102924451928A3E28F878F6F60B4AEF49013CBD499F3C5093A885E622048E4D0191FF0062B8D97B742CFA20D8679D1ED56F7D017184F3015205FFB6C854CED57D2039A4E5752D7D22C8FA9FBD47053B82D061958992BA919E1042F13AD67B06050006EC8A559D6CBF79F2C8C4AEACCF7352A1BBA041B0770456075567DB1E34CF96205711E50057E309DD3E657A2F9D90106DE8CC23CE571B0FB7E103351E8C59E165F8728B812028657957ADA10898F84B4541D51B9C9DE829FF88884CBB78E3BACDAF9E877916F7301402F7EC19B3EF293AB5E713210102EC696B956536A6549E9BEF55BB4ED19398C404268ED8432D293FA3E424FA5022472520B4581496E1AEFE3E7B0246025FAAEB71B0089DDD4169DB8B80E01DE9ACF151BD606D24B9670A42AED0D2D080B7BAA5A548ABA8CD8A3ABB6ABEE98B20B28025E6982947646692BD1533C7B4DEC7013C14424AEFC0EDEBF8999017E4B3D761EFF43190FBC1A4923F6C1F3F48E3ABFEE56416FA41C6021B7E12621D032BE1B1DD7607AACA5B7AF0C3B97464481146F1F44D9B8A7A0C6E3EB3A281DBC152B4B013F774CB1403BF23B6677DE6D4FBE4F27423C24928615504316705F71C3DD8D45D3286A358C2F03F52329D1B7D633658F66441383188C49843BD49AE1F58FF9EB4CB92CF183A2336EF53C75BB4FD020886D68112B709E7FB2D661CE4B4CFCEEA5228C160E7354AAF72922E1B454A47B8E836E3BB9888BB0FCD38A883BBFA3EEC8B250E5F028114C88E917C256D31757977027B838A91503B0DF4D2EDACF8B50FF5692CA9B55CA70514BB3EEB44886496E2B44679E56CF88B1AC02DFA491440DC8BCE87F89E2E85467C28D6D892612C17700EF89FD3C69E64F0486A7DF1DACA8706B20441685D6F16903134EA5A7D40B2FD206D3370DBB21A44F3BD713A885AD40C1C5CBAF68D66853FC44D1196C1FC7B60A3A87979235B71ECF97F7A198CC289B80B986382C781B692F3D8BD26137B1033D76447EAE1715EE50BBEE32C6DE251AC4EA8382618004328996398EF600DA544CB4973AA8EEED2D8D8F875066C54865AB888CE432DB93D7E67D1764B2E0D8DF494A86FCD45973A3D8E77D93939F2F4CC
(PID) Process:(5548) kuaizip_setup_v3.3.1.8_kzgw_001.exeKey:HKEY_CURRENT_USER\SOFTWARE\KuaiZip\TEMP
Operation:writeName:dmpmd5
Value:
472A266800000000200000006363356439393462343566343539653131313732303561393237633336623837
(PID) Process:(5548) kuaizip_setup_v3.3.1.8_kzgw_001.exeKey:HKEY_CURRENT_USER\SOFTWARE\KuaiZip\JsonReport
Operation:writeName:cl_data
Value:
2E000000EE38A0E92486974C010B361C53BC565863B8C4912A046CB08CCF189E0175C27E00010000008D030000024A0200000B0000006917E8ED59CA860425966100000000000000002F02000010000000322D37BF56FA770701F7FC87508EC1A52D00000029000000120000007C342BBE67C46A170AEBC09A488BC8A8E766037C342BBE67C46A170AEBC09A488BC8A8E766000000001E0100000A0000003F3908A7D2E4178E1C062D00000029000000120000007A3F17A7CBE414850517F829CF99D796853B037A3F17A7CBE414850517F829CF99D796853B00000000640000000D00000009139343E4AAC882A6D06E4AE84700000027000000110000004E168D41E59BF691B7C57E53E780A46701034E168D41E59BF691B7C57E53E780A467011800000000000000030E0C9700E5A1F287B0D46344F289FF714EA3ED00000000730000000A000000CDBC4E30973A04713E275900000027000000110000009CA5582DA606096A2F2DCE7CAE7283A68E039CA5582DA606096A2F2DCE7CAE7283A68E150000000000000003F5AE422C9F370C363E20D879AA7C82AD110000000000000003F5AE422C9F370C360E24D87D00000000400000000300000071BE2D2D000000290000001200000030BA283C429BAAD749D57240046873646F4D0330BA283C429BAAD749D57240046873646F4D000000004000000003000000A3912F2D0000002900000012000000F692382B8585CBBB68FE11F4B5FF490070F703F692382B8585CBBB68FE11F4B5FF490070F700000000440000000700000004B39D86B5E60F2D000000290000001200000056BC9C9AB2D60EB30C75EE550DD96201EB330356BC9C9AB2D60EB30C75EE550DD96201EB3300000000
(PID) Process:(5548) kuaizip_setup_v3.3.1.8_kzgw_001.exeKey:HKEY_CURRENT_USER\SOFTWARE\KuaiZip\JsonReport
Operation:writeName:cl_time
Value:
(PID) Process:(7536) kuaizip_setup_v3.3.1.8_kzgw_001.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7536) kuaizip_setup_v3.3.1.8_kzgw_001.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7536) kuaizip_setup_v3.3.1.8_kzgw_001.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
87
Suspicious files
206
Text files
66
Unknown types
0

Dropped files

PID
Process
Filename
Type
8176msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF11318c.TMP
MD5:
SHA256:
8176msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF11318c.TMP
MD5:
SHA256:
8176msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
8176msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF11319c.TMP
MD5:
SHA256:
8176msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
8176msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF1131cb.TMP
MD5:
SHA256:
8176msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
8176msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
8176msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1131cb.TMP
MD5:
SHA256:
8176msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
86
TCP/UDP connections
175
DNS requests
80
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5548
kuaizip_setup_v3.3.1.8_kzgw_001.exe
GET
200
59.83.212.226:80
http://api.kz.naruto.red/1710cf263c6c070f68bcbb953ff8a781.md5
unknown
unknown
5496
MoUsoCoreWorker.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5548
kuaizip_setup_v3.3.1.8_kzgw_001.exe
GET
200
59.83.212.226:80
http://api.kz.naruto.red/1710cf263c6c070f68bcbb953ff8a781.json
unknown
unknown
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5548
kuaizip_setup_v3.3.1.8_kzgw_001.exe
GET
200
122.188.45.182:80
http://dl.kkdownload.com/2c8400d5e8e9ba74cc288c5d32c3b7ea.data
unknown
unknown
5548
kuaizip_setup_v3.3.1.8_kzgw_001.exe
GET
200
59.83.212.226:80
http://api.kz.naruto.red/1710cf263c6c070f68bcbb953ff8a781.md5
unknown
unknown
7536
kuaizip_setup_v3.3.1.8_kzgw_001.exe
POST
200
39.106.24.27:80
http://report.uchiha.ltd/
unknown
unknown
7536
kuaizip_setup_v3.3.1.8_kzgw_001.exe
GET
200
59.83.212.226:80
http://api.kz.naruto.red/1710cf263c6c070f68bcbb953ff8a781.md5
unknown
unknown
7980
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
5496
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
5548
kuaizip_setup_v3.3.1.8_kzgw_001.exe
59.83.212.226:80
api.kz.naruto.red
CHINA UNICOM China169 Backbone
CN
suspicious
5548
kuaizip_setup_v3.3.1.8_kzgw_001.exe
103.235.46.102:443
www.baidu.com
Beijing Baidu Netcom Science and Technology Co., Ltd.
HK
whitelisted
5548
kuaizip_setup_v3.3.1.8_kzgw_001.exe
122.188.45.182:80
api.kz.naruto.red
CHINA UNICOM China169 Backbone
CN
suspicious
5548
kuaizip_setup_v3.3.1.8_kzgw_001.exe
39.106.24.27:80
report.uchiha.ltd
Hangzhou Alibaba Advertising Co.,Ltd.
CN
unknown
7536
kuaizip_setup_v3.3.1.8_kzgw_001.exe
59.83.212.226:80
api.kz.naruto.red
CHINA UNICOM China169 Backbone
CN
suspicious

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 2.16.168.114
  • 2.16.168.124
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
google.com
  • 142.250.185.206
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
api.kz.naruto.red
  • 59.83.212.226
  • 122.188.44.139
  • 60.221.17.73
  • 119.188.174.58
  • 122.188.45.182
  • 116.196.150.249
  • 122.188.45.51
  • 123.6.40.124
  • 101.72.254.91
  • 119.188.174.59
  • 122.188.45.140
  • 202.97.231.78
unknown
www.baidu.com
  • 103.235.46.102
  • 103.235.46.115
whitelisted
dl.kkdownload.com
  • 122.188.45.182
  • 60.221.17.73
  • 202.97.231.78
  • 123.6.40.124
  • 122.188.44.139
  • 101.72.254.91
  • 119.188.174.59
  • 119.188.174.58
  • 59.83.212.226
  • 122.188.45.140
  • 116.196.150.249
  • 122.188.45.51
unknown
report.uchiha.ltd
  • 39.106.24.27
unknown
login.live.com
  • 20.190.160.132
  • 40.126.32.74
  • 20.190.160.20
  • 40.126.32.134
  • 20.190.160.130
  • 20.190.160.22
  • 40.126.32.72
  • 40.126.32.68
whitelisted

Threats

PID
Process
Class
Message
5640
msedge.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
5640
msedge.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
2196
svchost.exe
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
7536
kuaizip_setup_v3.3.1.8_kzgw_001.exe
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/web/20230306015007/http://dl.kkdownload.com/kzgw_21/kuaizip_setup_v3.3.1.8_kzgw_001.exe