URL:

jdownloader.org

Full analysis: https://app.any.run/tasks/b20ac146-9c67-48a3-a731-e534fe3b045f
Verdict: Malicious activity
Analysis date: April 10, 2024, 13:54:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

19EE5157B4BC3254F123A7CCF5E7F23F

SHA1:

1BC960076CEE946BE05017D270A9C1D7E1555530

SHA256:

7A06275F5ADABE8EC175299BE6D30726D3C3981301B0438D22413D52B32A24A3

SSDEEP:

3:/JKdX+XCn:/J9XC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • Carrier.exe (PID: 3292)

    • Actions looks like stealing of personal data

      • JDownloaderSetup.exe (PID: 3472)
      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3736)

  • SUSPICIOUS

    • The process drops C-runtime libraries

      • JDownloaderSetup.exe (PID: 3456)
      • Carrier.exe (PID: 3292)

    • Process drops legitimate windows executable

      • JDownloaderSetup.exe (PID: 3456)
      • Carrier.exe (PID: 3292)

    • Executable content was dropped or overwritten

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • Carrier.exe (PID: 3292)

    • Reads the Internet Settings

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • Carrier.exe (PID: 3292)
      • reg.exe (PID: 2184)
      • JDownloaderSetup.exe (PID: 3736)

    • Reads security settings of Internet Explorer

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • JDownloaderSetup.exe (PID: 3736)

    • The process creates files with name similar to system file names

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • JDownloaderSetup.exe (PID: 3736)

    • Reads the Windows owner or organization settings

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • JDownloaderSetup.exe (PID: 3736)

    • Checks Windows Trust Settings

      • JDownloaderSetup.exe (PID: 3472)
      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3736)

    • Adds/modifies Windows certificates

      • JDownloaderSetup.exe (PID: 3456)

    • Reads settings of System Certificates

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • JDownloaderSetup.exe (PID: 3736)

    • Searches for installed software

      • JDownloaderSetup.exe (PID: 3472)
      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3736)

    • Process requests binary or script from the Internet

      • Carrier.exe (PID: 3292)

  • INFO

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4008)
      • msedge.exe (PID: 2688)

    • Checks supported languages

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • Carrier.exe (PID: 3292)
      • unpack200.exe (PID: 968)
      • unpack200.exe (PID: 2504)
      • unpack200.exe (PID: 1636)
      • unpack200.exe (PID: 3912)
      • unpack200.exe (PID: 2128)
      • unpack200.exe (PID: 2420)
      • unpack200.exe (PID: 2100)
      • unpack200.exe (PID: 1772)
      • unpack200.exe (PID: 2016)
      • unpack200.exe (PID: 3940)
      • unpack200.exe (PID: 1588)
      • unpack200.exe (PID: 3052)
      • unpack200.exe (PID: 2080)
      • unpack200.exe (PID: 2848)
      • unpack200.exe (PID: 1264)
      • unpack200.exe (PID: 2736)
      • unpack200.exe (PID: 480)
      • unpack200.exe (PID: 1124)
      • unpack200.exe (PID: 3824)
      • java.exe (PID: 1380)
      • JDownloaderSetup.exe (PID: 3736)

    • Reads the computer name

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • Carrier.exe (PID: 3292)
      • JDownloaderSetup.exe (PID: 3736)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 2688)
      • msedge.exe (PID: 4008)

    • The process uses the downloaded file

      • msedge.exe (PID: 4008)
      • msedge.exe (PID: 2248)
      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • JDownloaderSetup.exe (PID: 3736)

    • Create files in a temporary directory

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • unpack200.exe (PID: 968)
      • unpack200.exe (PID: 2420)
      • Carrier.exe (PID: 3292)
      • unpack200.exe (PID: 2504)
      • unpack200.exe (PID: 1636)
      • unpack200.exe (PID: 3912)
      • unpack200.exe (PID: 480)
      • unpack200.exe (PID: 2128)
      • unpack200.exe (PID: 2100)
      • unpack200.exe (PID: 1772)
      • unpack200.exe (PID: 2016)
      • unpack200.exe (PID: 3940)
      • unpack200.exe (PID: 2736)
      • unpack200.exe (PID: 1588)
      • unpack200.exe (PID: 3052)
      • unpack200.exe (PID: 1264)
      • unpack200.exe (PID: 2080)
      • unpack200.exe (PID: 2848)
      • unpack200.exe (PID: 3824)
      • unpack200.exe (PID: 1124)
      • java.exe (PID: 1380)
      • JDownloaderSetup.exe (PID: 3736)

    • Reads the machine GUID from the registry

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • Carrier.exe (PID: 3292)
      • JDownloaderSetup.exe (PID: 3736)

    • Application launched itself

      • msedge.exe (PID: 4008)

    • Reads Environment values

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • JDownloaderSetup.exe (PID: 3736)

    • Reads product name

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • JDownloaderSetup.exe (PID: 3736)

    • Reads the software policy settings

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • JDownloaderSetup.exe (PID: 3736)

    • Creates files or folders in the user directory

      • JDownloaderSetup.exe (PID: 3456)
      • JDownloaderSetup.exe (PID: 3472)
      • Carrier.exe (PID: 3292)
      • JDownloaderSetup.exe (PID: 3736)

    • Checks proxy server information

      • reg.exe (PID: 2184)

    • Manual execution by a user

      • JDownloaderSetup.exe (PID: 3736)
      • JDownloaderSetup.exe (PID: 3516)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
125
Monitored processes
60
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs jdownloadersetup.exe no specs jdownloadersetup.exe no specs jdownloadersetup.exe jdownloadersetup.exe carrier.exe unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs unpack200.exe no specs java.exe no specs reg.exe no specs jdownloadersetup.exe no specs jdownloadersetup.exe msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
240"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1216,i,6857024019259788848,16724538190661884653,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
480"C:\Users\admin\Downloads\JDownloaderSetup.exe" C:\Users\admin\Downloads\JDownloaderSetup.exemsedge.exe
User:
admin
Company:
AppWork GmbH
Integrity Level:
MEDIUM
Description:
JDownloader
Exit code:
3221226540
Version:
2.0.1.0
Modules
Images
c:\users\admin\downloads\jdownloadersetup.exe
c:\windows\system32\ntdll.dll
480-r "jre\lib\rt.jar.pack" "jre\lib\rt.jar"C:\Users\admin\AppData\Local\Temp\e4jA69D.tmp_dir1712757524\jre\bin\unpack200.exeCarrier.exe
User:
admin
Company:
Temurin
Integrity Level:
HIGH
Description:
OpenJDK Platform binary
Exit code:
0
Version:
8.0.3220.6
Modules
Images
c:\users\admin\appdata\local\temp\e4ja69d.tmp_dir1712757524\jre\bin\unpack200.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\e4ja69d.tmp_dir1712757524\jre\bin\msvcr120.dll
752"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1216,i,6857024019259788848,16724538190661884653,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
848"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1640 --field-trial-handle=1216,i,6857024019259788848,16724538190661884653,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
880"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2872 --field-trial-handle=1216,i,6857024019259788848,16724538190661884653,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
896"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4412 --field-trial-handle=1216,i,6857024019259788848,16724538190661884653,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
924"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3396 --field-trial-handle=1216,i,6857024019259788848,16724538190661884653,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
968-r "jre\lib\charsets.jar.pack" "jre\lib\charsets.jar"C:\Users\admin\AppData\Local\Temp\e4jA69D.tmp_dir1712757524\jre\bin\unpack200.exeCarrier.exe
User:
admin
Company:
Temurin
Integrity Level:
HIGH
Description:
OpenJDK Platform binary
Exit code:
0
Version:
8.0.3220.6
Modules
Images
c:\users\admin\appdata\local\temp\e4ja69d.tmp_dir1712757524\jre\bin\unpack200.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\e4ja69d.tmp_dir1712757524\jre\bin\msvcr120.dll
1124"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4448 --field-trial-handle=1216,i,6857024019259788848,16724538190661884653,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
107 326
Read events
82 276
Write events
25 029
Delete events
21

Modification events

(PID) Process:(4008) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4008) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4008) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(4008) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(4008) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4008) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(4008) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(4008) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
EEACA8AA54742F00
(PID) Process:(4008) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\FirstNotDefault
Operation:delete valueName:S-1-5-21-1302019708-1500728564-335382590-1000
Value:
(PID) Process:(4008) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
Executable files
292
Suspicious files
98
Text files
288
Unknown types
69

Dropped files

PID
Process
Filename
Type
4008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:
SHA256:
1696msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pmabinary
MD5:
SHA256:
4008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:
SHA256:
4008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\cfcd8a6c-5c4c-460a-854a-16e14af77388.tmptext
MD5:
SHA256:
4008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Versiontext
MD5:
SHA256:
4008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State~RF182342.TMPtext
MD5:
SHA256:
4008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Local State
MD5:
SHA256:
4008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old~RF1823bf.TMPtext
MD5:
SHA256:
4008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1823bf.TMP
MD5:
SHA256:
4008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
102
DNS requests
69
Threats
23

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2688
msedge.exe
GET
301
116.203.240.177:80
http://jdownloader.org/
unknown
unknown
3292
Carrier.exe
POST
400
136.243.5.58:80
http://update.appwork.org/jcgi/batch?jobs=SESSION_INIT&st=0&rt=SO&jn=JDownloader.jar&pv=12&cv=20210716001&pkh=12f1848a883e733ed40fffff0dae2f35&app=JDU&os=WINDOWS&osr=WINDOWS_7&arch=X86&os64=0&jvm64=0&java=18322006&uid=&hidAck=no&webinstaller=1&reinstall=0&1712757537740.1712757537738&lng=en_US
unknown
unknown
3292
Carrier.exe
GET
200
136.243.5.58:80
http://update.appwork.org/jcgi/pkg?st=0&rt=SO&jn=JDownloader.jar&pv=12&cv=20210716001&pkh=12f1848a883e733ed40fffff0dae2f35&app=JDU&os=WINDOWS&osr=WINDOWS_7&arch=X86&os64=0&jvm64=0&java=18322006&uid=&hidAck=no&webinstaller=1&reinstall=0&dedup=INTER&awfcxz=1&dst=-1&lng=en_US&chlg=0&jdiff=1&rev=-1&1712757537802.1712757537810
unknown
unknown
3292
Carrier.exe
POST
400
136.243.5.58:80
http://update.appwork.org/jcgi/batch?jobs=TIME_SYNC&st=0&rt=SO&jn=JDownloader.jar&pv=12&cv=20210716001&pkh=12f1848a883e733ed40fffff0dae2f35&app=JDU&os=WINDOWS&osr=WINDOWS_7&arch=X86&os64=0&jvm64=0&java=18322006&uid=&hidAck=no&webinstaller=1&reinstall=0&1712757537287.1712757537283&lng=en_US
unknown
unknown
3292
Carrier.exe
GET
200
176.9.34.43:80
http://cdn4.appwork.org/JDU/17294/1712693858013ad9bc7559ef965c1ff3992f0aac959ba_041f33a56b30dbf37bfc4212d5f577df0eb975546-0
unknown
unknown
3292
Carrier.exe
POST
400
136.243.5.58:80
http://update.appwork.org/jcgi/batch?jobs=SESSION_INIT&st=0&rt=SO&jn=JDownloader.jar&pv=12&cv=20210716001&pkh=12f1848a883e733ed40fffff0dae2f35&app=JD&os=WINDOWS&osr=WINDOWS_7&arch=X86&os64=0&jvm64=0&java=18322006&uid=&hidAck=no&webinstaller=1&reinstall=0&1712757544802.1712757544798&lng=en_US
unknown
unknown
3292
Carrier.exe
GET
65.108.187.164:80
http://cdn8.appwork.org/JD/17259/1712694756875f60d10e74f7bbf7fe977dc1ebbf89616_0c09fbfb4f831a313fd2eb42555ca6ee7cc4543c1-0
unknown
unknown
3292
Carrier.exe
POST
400
136.243.5.58:80
http://update.appwork.org/jcgi/batch?jobs=TIME_SYNC&st=0&rt=SO&jn=JDownloader.jar&pv=12&cv=20210716001&pkh=12f1848a883e733ed40fffff0dae2f35&app=JD&os=WINDOWS&osr=WINDOWS_7&arch=X86&os64=0&jvm64=0&java=18322006&uid=&hidAck=no&webinstaller=1&reinstall=0&1712757544490.1712757544496&lng=en_US
unknown
unknown
3292
Carrier.exe
GET
200
136.243.5.58:80
http://update.appwork.org/jcgi/pkg?st=0&rt=SO&jn=JDownloader.jar&pv=12&cv=20210716001&pkh=12f1848a883e733ed40fffff0dae2f35&app=JD&os=WINDOWS&osr=WINDOWS_7&arch=X86&os64=0&jvm64=0&java=18322006&uid=&hidAck=no&webinstaller=1&reinstall=0&dedup=INTER&awfcxz=1&dst=-1&lng=en_US&chlg=0&jdiff=1&rev=-1&1712757545099.1712757545095
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2688
msedge.exe
116.203.240.177:443
jdownloader.org
unknown
4008
msedge.exe
239.255.255.250:1900
unknown
2688
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2688
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2688
msedge.exe
116.203.240.177:80
jdownloader.org
Hetzner Online GmbH
DE
unknown
2688
msedge.exe
216.58.206.34:443
pagead2.googlesyndication.com
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
jdownloader.org
  • 116.203.240.177
  • 5.135.151.225
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
pagead2.googlesyndication.com
  • 216.58.206.34
whitelisted
googleads.g.doubleclick.net
  • 142.250.185.66
whitelisted
www.bing.com
  • 23.212.110.184
  • 23.212.110.176
  • 23.212.110.177
  • 23.212.110.168
  • 23.212.110.179
  • 23.212.110.171
  • 23.212.110.170
  • 23.212.110.178
  • 23.212.110.169
  • 23.212.110.186
  • 23.212.110.201
  • 23.212.110.185
  • 23.212.110.187
  • 23.212.110.200
  • 23.212.110.202
  • 23.212.110.136
  • 23.212.110.139
  • 23.212.110.145
  • 23.212.110.137
  • 23.212.110.144
  • 23.212.110.211
  • 23.212.110.146
  • 23.212.110.138
  • 23.212.110.217
whitelisted
fundingchoicesmessages.google.com
  • 142.250.186.110
whitelisted
fonts.googleapis.com
  • 142.250.186.106
whitelisted
fonts.gstatic.com
  • 142.250.184.227
whitelisted
lh3.googleusercontent.com
  • 142.250.186.97
whitelisted

Threats

Found threats are available for the paid subscriptions
23 ETPRO signatures available at the full report
Process
Message
JDownloaderSetup.exe
Error: File not found - sciterwrapper:console.tis
JDownloaderSetup.exe
at sciter:init-script.tis
JDownloaderSetup.exe
JDownloaderSetup.exe
JDownloaderSetup.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
JDownloaderSetup.exe
Error: File not found - sciterwrapper:console.tis
JDownloaderSetup.exe
at sciter:init-script.tis
JDownloaderSetup.exe
JDownloaderSetup.exe
JDownloaderSetup.exe
file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
jdownloader.org