File name:

3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.7z

Full analysis: https://app.any.run/tasks/06b8f35c-6951-40a3-acda-448299d5ae7f
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 24, 2025, 16:25:36
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
upx
delphi
antivm
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

D7267070352FA444946A6B59BFE20FF2

SHA1:

0BDCFA6BC466DEEE7AC2A789B3641E0A926509D1

SHA256:

8E44AC28C0C920DC5A8B41CD023FF28D4529663F531B23A76941B5195B5E3FC9

SSDEEP:

98304:NDw6VSc5EfFz7Aibmd3OI4vkCI+AQCTME0o8M/Fofyhq6mpfnJm2JlDifmUYq6Sg:e7gcQH+EpOxz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • ApnStub.exe (PID: 2136)

    • Actions looks like stealing of personal data

      • ApnStub.exe (PID: 2136)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)

    • The process creates files with name similar to system file names

      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)

    • Reads security settings of Internet Explorer

      • ApnStub.exe (PID: 2136)
      • ImgBurn.exe (PID: 6808)
      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)

    • Adds/modifies Windows certificates

      • ApnStub.exe (PID: 2136)

    • Creates a software uninstall entry

      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)

    • There is functionality for taking screenshot (YARA)

      • ImgBurn.exe (PID: 6808)
      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)
      • ImgBurn.exe (PID: 456)
      • ImgBurn.exe (PID: 7256)

    • Creates file in the systems drive root

      • ImgBurn.exe (PID: 6808)

    • There is functionality for VM detection antiVM strings (YARA)

      • ImgBurn.exe (PID: 456)
      • ImgBurn.exe (PID: 7256)
      • ImgBurn.exe (PID: 6808)

  • INFO

    • Checks supported languages

      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)
      • ApnStub.exe (PID: 2136)
      • identity_helper.exe (PID: 7668)
      • ImgBurn.exe (PID: 6808)
      • ImgBurn.exe (PID: 456)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4944)
      • msedge.exe (PID: 6156)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 4944)
      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)
      • msedge.exe (PID: 6156)

    • Manual execution by a user

      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 4976)
      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)
      • msedge.exe (PID: 4220)
      • ImgBurn.exe (PID: 456)
      • ImgBurn.exe (PID: 7256)

    • Create files in a temporary directory

      • ApnStub.exe (PID: 2136)
      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)

    • Creates files or folders in the user directory

      • ApnStub.exe (PID: 2136)
      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)

    • Reads the machine GUID from the registry

      • ApnStub.exe (PID: 2136)

    • Checks proxy server information

      • ApnStub.exe (PID: 2136)
      • ImgBurn.exe (PID: 6808)
      • slui.exe (PID: 7816)

    • Reads the software policy settings

      • ApnStub.exe (PID: 2136)
      • slui.exe (PID: 5960)

    • Reads the computer name

      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)
      • ImgBurn.exe (PID: 6808)
      • identity_helper.exe (PID: 7668)

    • Application launched itself

      • msedge.exe (PID: 7760)
      • msedge.exe (PID: 2140)
      • msedge.exe (PID: 6564)
      • msedge.exe (PID: 4220)

    • Creates files in the program directory

      • 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe (PID: 3884)

    • UPX packer has been detected

      • ImgBurn.exe (PID: 6808)
      • ImgBurn.exe (PID: 456)
      • ImgBurn.exe (PID: 7256)

    • Reads Environment values

      • identity_helper.exe (PID: 7668)

    • Compiled with Borland Delphi (YARA)

      • ImgBurn.exe (PID: 6808)
      • ImgBurn.exe (PID: 456)
      • ImgBurn.exe (PID: 7256)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)

EXIF

ZIP

FileVersion: 7z v0.04
ModifyDate: 2025:03:24 16:18:00+00:00
ArchivedFileName: 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
246
Monitored processes
105
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe sppextcomobj.exe no specs slui.exe 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe no specs 3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exe apnstub.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs imgburn.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs imgburn.exe no specs imgburn.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
456"C:\Program Files (x86)\ImgBurn\ImgBurn.exe" C:\Program Files (x86)\ImgBurn\ImgBurn.exeexplorer.exe
User:
admin
Company:
LIGHTNING UK!
Integrity Level:
MEDIUM
Description:
ImgBurn - The Ultimate Image Burner!
Version:
2.5.7.0
Modules
Images
c:\program files (x86)\imgburn\imgburn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x290,0x294,0x298,0x288,0x2a0,0x7ffc89815fd8,0x7ffc89815fe4,0x7ffc89815ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
872"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5500 --field-trial-handle=2332,i,10384347612372532707,7673602517778676389,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
872"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5364 --field-trial-handle=2332,i,10384347612372532707,7673602517778676389,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1056"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2476 --field-trial-handle=2332,i,10384347612372532707,7673602517778676389,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1280"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1692 --field-trial-handle=2332,i,10384347612372532707,7673602517778676389,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1312"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5356 --field-trial-handle=2332,i,10384347612372532707,7673602517778676389,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1348"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4032 --field-trial-handle=2368,i,10692993745744122713,1900028130513669738,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1760"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5672 --field-trial-handle=2368,i,10692993745744122713,1900028130513669738,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2064"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3416 --field-trial-handle=2332,i,10384347612372532707,7673602517778676389,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
26 714
Read events
25 783
Write events
898
Delete events
33

Modification events

(PID) Process:(4944) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(4944) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(4944) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(4944) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.7z
(PID) Process:(4944) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4944) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4944) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(4944) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(4944) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(4944) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
Executable files
35
Suspicious files
538
Text files
146
Unknown types
0

Dropped files

PID
Process
Filename
Type
4944WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb4944.35816\3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8executable
MD5:8B15EB749457B601495C87F465C525F4
SHA256:3B61CE3D5D75FE4A90313741CDFA71C47BA6543FC568AB3293ED33983FF717D8
38843b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exeC:\Users\admin\AppData\Local\Temp\nsi956.tmp\AskToolbar_CustomPage.initext
MD5:547D669A168CF6BF21BB7D05F1B987B7
SHA256:03309B122FE80413C80BE46184AC18B6EFE8D2FF8A59329BE8F1FDBE8BE28EF9
2136ApnStub.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DEbinary
MD5:5BFA51F3A417B98E7443ECA90FC94703
SHA256:BEBE2853A3485D1C2E5C5BE4249183E0DDAFF9F87DE71652371700A89D937128
2136ApnStub.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DEbinary
MD5:4575A2E746358395508604B0924FBA4E
SHA256:11ABD8A40B1C7EE0EB8F261C946A2B15B583A8D776FA8ACCF0D9D8E042FD6F96
2136ApnStub.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_45B2A588609088E1BE269BC98F11BB06binary
MD5:B542CD2D61BB7B84010AA556822E2A9D
SHA256:02BAFC881CB3294302A8FAB0A49955CC942572CDBC123E46A2ACCF615FBD12B4
38843b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exeC:\Users\admin\AppData\Local\Temp\ApnIC.dllexecutable
MD5:197215658B8015182192E1EBCA3BBCC3
SHA256:08DB125C09EB53CC28E7BC7C427B6C2217FF6134A122E6D65D1D24F70E875D9E
38843b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.exeC:\Users\admin\AppData\Local\Temp\nsi956.tmp\AskToolbar_Screenshot.bmpimage
MD5:F6235F1A9FFBE21FE580420BD06D495F
SHA256:34857B81E104BD0619F040F99DCC748F4BE09B7701202EB3AE06D5C82CCC43EA
2136ApnStub.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92Fbinary
MD5:5CB16E48B582BF86A4B396FCBC235981
SHA256:BA479AF493EEEFDF7DE4C86890F5D87886BC0BC92522D39DD09EB21F85CF23F9
2136ApnStub.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92Fbinary
MD5:233F11C8B9F1ABD8E5E529B697B45142
SHA256:420D3A71AD4BC93CE9399318014C137449D5485B8FBCBDFE29C2ED1C9B94FB84
2136ApnStub.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6binary
MD5:5BFA51F3A417B98E7443ECA90FC94703
SHA256:BEBE2853A3485D1C2E5C5BE4249183E0DDAFF9F87DE71652371700A89D937128
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
59
TCP/UDP connections
114
DNS requests
149
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.163:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2136
ApnStub.exe
GET
200
2.23.79.3:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D
unknown
whitelisted
2136
ApnStub.exe
GET
200
2.23.79.3:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D
unknown
whitelisted
1184
backgroundTaskHost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
2136
ApnStub.exe
GET
200
2.23.79.3:80
http://crl.verisign.com/pca3.crl
unknown
whitelisted
2136
ApnStub.exe
GET
200
2.23.79.3:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D
unknown
whitelisted
2136
ApnStub.exe
GET
200
2.23.79.3:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D
unknown
whitelisted
2136
ApnStub.exe
GET
200
2.23.79.3:80
http://crl.verisign.com/pca3-g5.crl
unknown
whitelisted
2136
ApnStub.exe
GET
200
2.23.79.3:80
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEAll8qxyNsfhvcpE7RObJzo%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
23.48.23.163:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
20.198.162.78:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
SG
whitelisted
6544
svchost.exe
40.126.31.3:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1184
backgroundTaskHost.exe
20.74.47.205:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
1184
backgroundTaskHost.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
3812
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.163
  • 23.48.23.180
  • 23.48.23.170
  • 23.48.23.177
  • 23.48.23.184
  • 23.48.23.166
  • 23.48.23.159
  • 23.48.23.176
  • 23.48.23.175
whitelisted
google.com
  • 142.250.184.238
whitelisted
client.wns.windows.com
  • 20.198.162.78
whitelisted
login.live.com
  • 40.126.31.3
  • 20.190.159.75
  • 40.126.31.128
  • 40.126.31.1
  • 20.190.159.128
  • 20.190.159.64
  • 20.190.159.2
  • 40.126.31.129
whitelisted
ocsp.digicert.com
  • 23.54.109.203
whitelisted
arc.msn.com
  • 20.74.47.205
whitelisted
apnmedia.ask.com
whitelisted
ocsp.verisign.com
  • 2.23.79.3
whitelisted
crl.verisign.com
  • 2.23.79.3
whitelisted

Threats

PID
Process
Class
Message
5408
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
5408
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568ab3293ed33983ff717d8.7z