File name:

Adware.zip

Full analysis: https://app.any.run/tasks/89d08cc5-a324-4421-9666-4183a376c8b4
Verdict: Malicious activity
Analysis date: June 25, 2024, 03:38:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v5.1 to extract, compression method=AES Encrypted
MD5:

23BCE8A7787075F612AB9D4C0432D9E7

SHA1:

23A23C30C13D1415A7E2F07A6690C0B73E29C972

SHA256:

780852C9BBA16B77076E2EBCFE55DEBCB13A8C72D2D6B47A95CFE48D4CD8EB23

SSDEEP:

98304:cJQ1kFiqnBP0u7cOiDz6TTuDNTxofkjR4PcsBeZpnaHK+xdGpudxr0xiXB4O2dzr:v8eZwnItUti+U

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe (PID: 3280)
      • WinRAR.exe (PID: 3384)
      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe (PID: 2092)
      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 540)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 3384)
      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 540)

    • Executable content was dropped or overwritten

      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe (PID: 3280)
      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe (PID: 2092)
      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 540)

    • Reads the Windows owner or organization settings

      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 540)

    • Drops 7-zip archiver for unpacking

      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 540)

    • Reads the Internet Settings

      • DriverEasy.exe (PID: 3652)
      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 540)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 540)

    • Reads settings of System Certificates

      • DriverEasy.exe (PID: 3652)

    • Adds/modifies Windows certificates

      • DriverEasy.exe (PID: 3652)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3384)

    • Checks supported languages

      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe (PID: 3280)
      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 3264)
      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe (PID: 2092)
      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 540)
      • Easeware.CheckScheduledScan.exe (PID: 1980)
      • Easeware.ConfigLanguageFromSetup.exe (PID: 3360)
      • DriverEasy.exe (PID: 3652)

    • Create files in a temporary directory

      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe (PID: 3280)
      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe (PID: 2092)
      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 540)

    • Reads the computer name

      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 3264)
      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 540)
      • Easeware.ConfigLanguageFromSetup.exe (PID: 3360)
      • DriverEasy.exe (PID: 3652)
      • Easeware.CheckScheduledScan.exe (PID: 1980)

    • Creates files in the program directory

      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 540)

    • Creates a software uninstall entry

      • 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp (PID: 540)

    • Application launched itself

      • msedge.exe (PID: 3612)
      • msedge.exe (PID: 4060)
      • msedge.exe (PID: 2432)
      • msedge.exe (PID: 3732)

    • Reads the machine GUID from the registry

      • Easeware.CheckScheduledScan.exe (PID: 1980)
      • DriverEasy.exe (PID: 3652)

    • Creates files or folders in the user directory

      • Easeware.ConfigLanguageFromSetup.exe (PID: 3360)
      • DriverEasy.exe (PID: 3652)

    • Manual execution by a user

      • msedge.exe (PID: 4060)
      • msedge.exe (PID: 2432)

    • Reads the software policy settings

      • DriverEasy.exe (PID: 3652)

    • Reads Environment values

      • DriverEasy.exe (PID: 3652)

    • Disables trace logs

      • DriverEasy.exe (PID: 3652)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 51
ZipBitFlag: 0x0003
ZipCompression: Unknown (99)
ZipModifyDate: 2024:06:25 03:34:44
ZipCRC: 0x09a4f15e
ZipCompressedSize: 6178533
ZipUncompressedSize: 6921456
ZipFileName: 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
81
Monitored processes
38
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp no specs 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe 90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp easeware.checkscheduledscan.exe no specs easeware.configlanguagefromsetup.exe no specs drivereasy.exe msedge.exe no specs msedge.exe no specs netsh.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
540"C:\Users\admin\AppData\Local\Temp\is-BAUN0.tmp\90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp" /SL5="$70208,5944745,1057792,C:\Users\admin\AppData\Local\Temp\Rar$EXb3384.2014\90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe" /SPAWNWND=$50210 /NOTIFYWND=$C016C C:\Users\admin\AppData\Local\Temp\is-BAUN0.tmp\90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp
90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe
User:
admin
Company:
Easeware
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-baun0.tmp\90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
596"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1312,i,9341182514011241583,2128829164718670946,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1168"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2224 --field-trial-handle=1328,i,12641695057332567096,3644031134228615554,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1460"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xe0,0x6b05f598,0x6b05f5a8,0x6b05f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1796"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3776 --field-trial-handle=1328,i,12641695057332567096,3644031134228615554,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1832"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2204 --field-trial-handle=1328,i,12641695057332567096,3644031134228615554,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1904"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1168 --field-trial-handle=1336,i,8769508626135203668,7803345017791825594,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1980"C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe" -create "Driver Easy Scheduled Scan" "C:\Program Files\Easeware\DriverEasy\DriverEasy.exe"C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp
User:
admin
Company:
Easeware
Integrity Level:
HIGH
Description:
Easeware.CheckScheduledScan
Exit code:
0
Version:
1.0.1.0
Modules
Images
c:\program files\easeware\drivereasy\easeware.checkscheduledscan.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2060"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4040 --field-trial-handle=1328,i,12641695057332567096,3644031134228615554,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2092"C:\Users\admin\AppData\Local\Temp\Rar$EXb3384.2014\90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe" /SPAWNWND=$50210 /NOTIFYWND=$C016C C:\Users\admin\AppData\Local\Temp\Rar$EXb3384.2014\90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe
90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmp
User:
admin
Company:
Easeware
Integrity Level:
HIGH
Description:
Driver Easy Setup
Exit code:
0
Version:
6.0.0.25691
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb3384.2014\90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
44 853
Read events
44 574
Write events
255
Delete events
24

Modification events

(PID) Process:(3384) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3384) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3384) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3384) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3384) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3384) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3384) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Adware.zip
(PID) Process:(3384) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3384) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3384) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
51
Suspicious files
113
Text files
140
Unknown types
0

Dropped files

PID
Process
Filename
Type
54090a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmpC:\Users\admin\AppData\Local\Temp\is-Q7HN6.tmp\innocallback.dllexecutable
MD5:1C55AE5EF9980E3B1028447DA6105C75
SHA256:6AFA2D104BE6EFE3D9A2AB96DBB75DB31565DAD64DD0B791E402ECC25529809F
3384WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3384.2014\90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exeexecutable
MD5:07DE707F6F2580D5FCCF431EEACAC468
SHA256:90A55AA224E413CF45055B238CD5F9A640821CBF409A4E5E783792C93FF88A2C
209290a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exeC:\Users\admin\AppData\Local\Temp\is-BAUN0.tmp\90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmpexecutable
MD5:7A7ECDCDE7D9B7F67D707354E3BDA1B8
SHA256:C3E8BFF1B60C3C4620F3220935E5E9549FD10ABE238016B60C1035626912B17E
54090a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmpC:\Users\admin\AppData\Local\Temp\is-Q7HN6.tmp\botva2.dllexecutable
MD5:67965A5957A61867D661F05AE1F4773E
SHA256:450B9B0BA25BF068AFBC2B23D252585A19E282939BF38326384EA9112DFD0105
54090a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmpC:\Users\admin\AppData\Local\Temp\is-Q7HN6.tmp\installation_bg.pngimage
MD5:DE2910024C97296F74DB2929DD967810
SHA256:DD2B1935E615891A2E29430CB2ADB9A07245510C16BB9336D76CBE8C48F79938
54090a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmpC:\Users\admin\AppData\Local\Temp\is-Q7HN6.tmp\close.pngimage
MD5:C5D4199133D845215EEE250AC2478370
SHA256:C9A29BB36ADA4DC575A62E38B0B5E522D2438860534CDF174F4BA1A14F866802
328090a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.exeC:\Users\admin\AppData\Local\Temp\is-IG2HS.tmp\90a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmpexecutable
MD5:7A7ECDCDE7D9B7F67D707354E3BDA1B8
SHA256:C3E8BFF1B60C3C4620F3220935E5E9549FD10ABE238016B60C1035626912B17E
54090a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmpC:\Users\admin\AppData\Local\Temp\is-Q7HN6.tmp\circle.pngimage
MD5:A80F464B60816479334B6C5B39DBFF18
SHA256:B532762A4C797E209C5DA897F4A0BCED5DFA19D34DB66BAFC7455FA019BA4E17
54090a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmpC:\Users\admin\AppData\Local\Temp\is-Q7HN6.tmp\min.pngimage
MD5:5389E8A18660074075EA860947E9F892
SHA256:5CC3E27EF6390044661C5CC7B1A68BB6DA4432036F4697195D84496E36980F4A
54090a55aa224e413cf45055b238cd5f9a640821cbf409a4e5e783792c93ff88a2c.tmpC:\Users\admin\AppData\Local\Temp\is-Q7HN6.tmp\installing_bg.pngimage
MD5:F4BE352F09D837736CAD0FD651BACE19
SHA256:992C6E3EE43400029BF274574377C393AE6A534BD3FF0E1AA00C87E5905C434F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
48
DNS requests
56
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
1372
svchost.exe
GET
200
2.19.126.133:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1372
svchost.exe
GET
304
88.221.110.91:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
GET
304
95.101.54.105:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8f69642324cc87bd
unknown
unknown
4060
msedge.exe
GET
200
88.221.110.91:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6f7b09db06513ddc
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
1372
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
88.221.110.91:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
2.19.126.133:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
unknown
4060
msedge.exe
239.255.255.250:1900
whitelisted
2832
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
ctldl.windowsupdate.com
  • 88.221.110.91
  • 2.16.100.168
  • 95.101.54.105
  • 95.101.54.113
whitelisted
crl.microsoft.com
  • 2.19.126.133
  • 2.19.126.146
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
www.drivereasy.com
  • 51.38.74.198
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
time.windows.com
  • 20.101.57.9
whitelisted
images.drivereasy.com
  • 135.125.140.37
unknown
www.googletagmanager.com
  • 142.250.185.136
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Adware.zip