File name:

Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.7z

Full analysis: https://app.any.run/tasks/60d9b922-5dd1-4d9c-bee9-13623fb5e7e5
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: April 20, 2025, 21:37:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

76235832F9E338DC32302FCBD3D458D4

SHA1:

81FEB36900C0CE001D5ACDDF235500216113AAFF

SHA256:

879D8C71759D5CAF48351250880DB9C81F456FF0E114DC5923179552ED410B81

SSDEEP:

768:FPzc/bUfoXYr0i4VWTwkhsVtSVnYJpMTM/Wt6h4zfvxNdkRQ0ckvI28wV5t65Z/+:FPo/bnLZzIEMTMfh4zXLQ1zvI28K65h+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)

    • Connects to the CnC server

      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)
      • netprotocol.exe (PID: 1028)

  • SUSPICIOUS

    • Application launched itself

      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 1500)
      • netprotocol.exe (PID: 3096)

    • Executable content was dropped or overwritten

      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)

    • Reads the Internet Settings

      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)
      • netprotocol.exe (PID: 1028)

    • Reads security settings of Internet Explorer

      • netprotocol.exe (PID: 1028)
      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)

    • Access to an unwanted program domain was detected

      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)
      • netprotocol.exe (PID: 1028)

    • Contacting a server suspected of hosting an CnC

      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)
      • netprotocol.exe (PID: 1028)

    • Reads settings of System Certificates

      • netprotocol.exe (PID: 1028)
      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)

    • Adds/modifies Windows certificates

      • netprotocol.exe (PID: 1028)

  • INFO

    • Checks supported languages

      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)
      • netprotocol.exe (PID: 3096)
      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 1500)
      • netprotocol.exe (PID: 1028)

    • Checks proxy server information

      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)
      • netprotocol.exe (PID: 1028)

    • Manual execution by a user

      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 1500)

    • Creates files or folders in the user directory

      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)
      • netprotocol.exe (PID: 1028)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 3516)
      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3516)

    • Reads the computer name

      • netprotocol.exe (PID: 1028)
      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)

    • Reads the machine GUID from the registry

      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)
      • netprotocol.exe (PID: 1028)

    • Reads the software policy settings

      • netprotocol.exe (PID: 1028)
      • Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe (PID: 3140)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)

EXIF

ZIP

FileVersion: 7z v0.04
ModifyDate: 2012:06:16 11:08:58+00:00
ArchivedFileName: Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
6
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe trojan-ransom.win32.pornoblocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe trojan-ransom.win32.pornoblocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe netprotocol.exe no specs netprotocol.exe svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
1028C:\Users\admin\AppData\Roaming\netprotocol.exeC:\Users\admin\AppData\Roaming\netprotocol.exe
netprotocol.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\roaming\netprotocol.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1080C:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1500"C:\Users\admin\Desktop\Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe" C:\Users\admin\Desktop\Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\trojan-ransom.win32.pornoblocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
3096C:\Users\admin\AppData\Roaming\netprotocol.exeC:\Users\admin\AppData\Roaming\netprotocol.exeTrojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\roaming\netprotocol.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
3140C:\Users\admin\Desktop\Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exeC:\Users\admin\Desktop\Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\trojan-ransom.win32.pornoblocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
3516"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\Desktop\60d9b922-5dd1-4d9c-bee9-13623fb5e7e5.7zC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
16 982
Read events
16 793
Write events
162
Delete events
27

Modification events

(PID) Process:(3516) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3516) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3516) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1080) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet
Operation:writeName:{4040CF00-1B3E-486A-B407-FA14C56B6FC0}
Value:
D4DA6D39D73C
(PID) Process:(3516) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3516) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3516) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(3516) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\60d9b922-5dd1-4d9c-bee9-13623fb5e7e5.7z
(PID) Process:(3516) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3516) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
Executable files
2
Suspicious files
14
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
1028netprotocol.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:77B20B5CD41BC6BB475CCA3F91AE6E3C
SHA256:5511A9B9F9144ED7BDE4CCB074733B7C564D918D2A8B10D391AFC6BE5B3B1509
3516WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3516.38235\Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exeexecutable
MD5:063091A9B11517CFABBBB3400523A198
SHA256:04FAF91A51F8BE790008B22CB5B20D9CDED3F1AF403AE2F9E59CA4B56D8E37EF
1028netprotocol.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:4A90329071AE30B759D279CCA342B0A6
SHA256:4F544379EDA8E2653F71472AB968AEFD6B5D1F4B3CE28A5EDB14196184ED3B60
1028netprotocol.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:7A239C97A33B42E49181E333DCC1232B
SHA256:9DA27442A237F220A7D49CE467E2015562595B18E47720E900410E64925AFBF1
1080svchost.exeC:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Tar7EE0.tmpbinary
MD5:91A1B89AA7A488DBB204DBB4767F1F21
SHA256:F6BE95C88C20EF82EE8A6878E16F9ECD77300BC1905EB826592A0DD41AD1C0F8
1080svchost.exeC:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cab7EDF.tmpcompressed
MD5:77B20B5CD41BC6BB475CCA3F91AE6E3C
SHA256:5511A9B9F9144ED7BDE4CCB074733B7C564D918D2A8B10D391AFC6BE5B3B1509
1080svchost.exeC:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cab7EF1.tmpcompressed
MD5:77B20B5CD41BC6BB475CCA3F91AE6E3C
SHA256:5511A9B9F9144ED7BDE4CCB074733B7C564D918D2A8B10D391AFC6BE5B3B1509
3140Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exeC:\Users\admin\AppData\Roaming\netprotocol.exeexecutable
MD5:AE3FCFB7C8BF9901C55B1DA72B076E7E
SHA256:ADE058016C590FABFE3955FE4D6238E5C6E8CAD164DD7A37B56E4688912304F4
1028netprotocol.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:B597058F5F436452C8C7608683F2C118
SHA256:CC3ACAB6EB599B4A93E90222621B1F9D571E408179024A508B158F1FB3723B9F
1028netprotocol.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F48B23C3846C62852FBA1A2F16C7AFCB_9A90BAA73BD04457137CBBD78076E1B0binary
MD5:AA2092775C061287FB8ECBBA6C420DC5
SHA256:FF6BE49873EF71BDFAF48CABF715990BD7D2CFCEACE91AF7C7C2E47377317CE0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
15
DNS requests
13
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1028
netprotocol.exe
GET
200
142.250.185.195:80
http://o.pki.goog/s/we1/PY0/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS5vtXxph5AskGWsMKefhqdi%2Fy1IAQUkHeSNWfE%2F6jMqeZ72YB5e8yT%2BTgCED2Nkj200trREX1oL5D871Q%3D
unknown
whitelisted
3140
Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
GET
301
44.205.92.141:80
http://levelai.com/nconfirm.php?rev=350&code=3&param=1813&num=91540015845028
unknown
malicious
1028
netprotocol.exe
GET
301
44.205.92.141:80
http://levelai.com/njob.php?num=7966396330880831140&rev=350
unknown
malicious
1028
netprotocol.exe
GET
200
172.217.18.3:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
3140
Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
GET
200
172.217.18.3:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
1028
netprotocol.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?deb535e761524559
unknown
whitelisted
3140
Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1839c5e9cb851190
unknown
whitelisted
1028
netprotocol.exe
GET
200
172.217.18.3:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted
3140
Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
44.205.92.141:80
levelai.com
AMAZON-AES
US
malicious
1028
netprotocol.exe
44.205.92.141:80
levelai.com
AMAZON-AES
US
malicious
1028
netprotocol.exe
104.20.53.168:443
uniregistry.com
CLOUDFLARENET
whitelisted
3140
Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
104.20.53.168:443
uniregistry.com
CLOUDFLARENET
whitelisted
3140
Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
whitelisted
1028
netprotocol.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.174
whitelisted
kytoside.in
unknown
levelai.com
  • 44.205.92.141
  • 54.84.173.6
malicious
uniregistry.com
  • 104.20.53.168
  • 172.67.48.110
  • 104.20.54.168
whitelisted
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
c.pki.goog
  • 172.217.18.3
whitelisted
o.pki.goog
  • 142.250.185.195
whitelisted
kasjchseuk.com
malicious
krexjdsamdx.com
unknown

Threats

PID
Process
Class
Message
3140
Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
Malware Command and Control Activity Detected
ET MALWARE Dooptroop Dropper Checkin
1028
netprotocol.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP User-Agent (Explorer)
3140
Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP User-Agent (Explorer)
1028
netprotocol.exe
Malware Command and Control Activity Detected
ET MALWARE Dooptroop CnC Beacon
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Trojan-Ransom.Win32.PornoBlocker.abqd-04faf91a51f8be790008b22cb5b20d9cded3f1af403ae2f9e59ca4b56d8e37ef.7z