File name:

Muestra virus.rar

Full analysis: https://app.any.run/tasks/492c7bf9-2dfb-429a-89eb-b2984831b473
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: December 13, 2024, 21:58:49
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
neshta
stealer
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

D6BF3FCC9908D51048F50D26495E00CA

SHA1:

D1C81522D1F7FA61922737D2F6A93651CF0A7CAB

SHA256:

97D7A46B26FDBBBC94C535AAA6E31CB637F61708633F62F18C33E64FAF67548E

SSDEEP:

98304:I268BhexPXK6xPF53WBJag/Wta6OQNay4+q74xUSFI35CBz5SAc3TQaHTC4e6AMr:T8EN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • NESHTA mutex has been found

      • processhacker-2.39-setup.exe (PID: 6980)
      • svchost.com (PID: 6608)

    • Actions looks like stealing of personal data

      • processhacker-2.39-setup.exe (PID: 6980)

    • Deletes shadow copies

      • cmd.exe (PID: 3640)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 3876)
      • ProcessHacker.exe (PID: 5788)

    • Application launched itself

      • WinRAR.exe (PID: 3876)
      • defi1328_visual.exe (PID: 6544)

    • Executable content was dropped or overwritten

      • processhacker-2.39-setup.exe (PID: 6980)
      • processhacker-2.39-setup.tmp (PID: 7040)
      • processhacker-2.39-setup.exe (PID: 7028)

    • Mutex name with non-standard characters

      • processhacker-2.39-setup.exe (PID: 6980)
      • svchost.com (PID: 6608)

    • Process drops legitimate windows executable

      • processhacker-2.39-setup.tmp (PID: 7040)

    • Reads the Windows owner or organization settings

      • processhacker-2.39-setup.tmp (PID: 7040)

    • Checks Windows Trust Settings

      • ProcessHacker.exe (PID: 5788)

    • Drops a system driver (possible attempt to evade defenses)

      • processhacker-2.39-setup.tmp (PID: 7040)

    • Starts application with an unusual extension

      • WinRAR.exe (PID: 6824)

    • Executes as Windows Service

      • wbengine.exe (PID: 6808)
      • VSSVC.exe (PID: 5112)
      • vds.exe (PID: 4392)

    • Starts CMD.EXE for commands execution

      • defi1328_visual.exe (PID: 5004)

  • INFO

    • The sample compiled with english language support

      • WinRAR.exe (PID: 3876)
      • WinRAR.exe (PID: 6824)
      • processhacker-2.39-setup.tmp (PID: 7040)

    • The process uses the downloaded file

      • processhacker-2.39-setup.exe (PID: 6980)
      • WinRAR.exe (PID: 3876)
      • WinRAR.exe (PID: 6824)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6824)

    • Create files in a temporary directory

      • processhacker-2.39-setup.exe (PID: 7028)
      • processhacker-2.39-setup.tmp (PID: 7040)

    • Checks supported languages

      • processhacker-2.39-setup.exe (PID: 6980)
      • OfficeClickToRun.exe (PID: 904)

    • Process checks computer location settings

      • processhacker-2.39-setup.exe (PID: 6980)

    • Creates files in the program directory

      • processhacker-2.39-setup.tmp (PID: 7040)

    • Reads CPU info

      • ProcessHacker.exe (PID: 5788)

    • Reads the machine GUID from the registry

      • ProcessHacker.exe (PID: 5788)
      • defi1328_visual.exe (PID: 6544)
      • OfficeClickToRun.exe (PID: 904)

    • Creates a software uninstall entry

      • processhacker-2.39-setup.tmp (PID: 7040)

    • Reads the time zone

      • ProcessHacker.exe (PID: 5788)

    • Sends debugging messages

      • wbadmin.exe (PID: 6768)

    • Reads Windows Product ID

      • defi1328_visual.exe (PID: 5004)

    • Reads the computer name

      • defi1328_visual.exe (PID: 6544)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 3032)

    • Executes as Windows Service

      • OfficeClickToRun.exe (PID: 904)

    • Reads Microsoft Office registry keys

      • OfficeClickToRun.exe (PID: 904)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)

EXIF

ZIP

ArchivedFileName: Downloads.rar
OperatingSystem: Win32
UncompressedSize: 3216267
CompressedSize: 3216272
FileVersion: RAR v5
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
152
Monitored processes
20
Malicious processes
9
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs winrar.exe processhacker-2.39-setup.exe no specs #NESHTA processhacker-2.39-setup.exe processhacker-2.39-setup.exe processhacker-2.39-setup.tmp processhacker.exe #NESHTA svchost.com no specs defi1328_visual.exe no specs defi1328_visual.exe cmd.exe no specs conhost.exe no specs vssadmin.exe no specs vssvc.exe no specs wbadmin.exe wbengine.exe no specs vdsldr.exe no specs vds.exe no specs wmic.exe no specs officeclicktorun.exe

Process information

PID
CMD
Path
Indicators
Parent process
3876"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Muestra virus.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6824"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIb3876.45001\Downloads.rarC:\Program Files\WinRAR\WinRAR.exe
WinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6928"C:\Users\admin\AppData\Local\Temp\Rar$EXa6824.45856\processhacker-2.39-setup.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa6824.45856\processhacker-2.39-setup.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa6824.45856\processhacker-2.39-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6980"C:\Users\admin\AppData\Local\Temp\Rar$EXa6824.45856\processhacker-2.39-setup.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa6824.45856\processhacker-2.39-setup.exe
WinRAR.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa6824.45856\processhacker-2.39-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
7028"C:\Users\admin\AppData\Local\Temp\3582-490\processhacker-2.39-setup.exe" C:\Users\admin\AppData\Local\Temp\3582-490\processhacker-2.39-setup.exe
processhacker-2.39-setup.exe
User:
admin
Company:
wj32
Integrity Level:
HIGH
Description:
Process Hacker Setup
Exit code:
0
Version:
2.39 (r124)
Modules
Images
c:\users\admin\appdata\local\temp\3582-490\processhacker-2.39-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
7040"C:\Users\admin\AppData\Local\Temp\is-UNDKQ.tmp\processhacker-2.39-setup.tmp" /SL5="$50280,1874675,150016,C:\Users\admin\AppData\Local\Temp\3582-490\processhacker-2.39-setup.exe" C:\Users\admin\AppData\Local\Temp\is-UNDKQ.tmp\processhacker-2.39-setup.tmp
processhacker-2.39-setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-undkq.tmp\processhacker-2.39-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
5788"C:\Program Files\Process Hacker 2\ProcessHacker.exe"C:\Program Files\Process Hacker 2\ProcessHacker.exe
processhacker-2.39-setup.tmp
User:
admin
Company:
wj32
Integrity Level:
HIGH
Description:
Process Hacker
Exit code:
0
Version:
2.39.0.124
Modules
Images
c:\program files\process hacker 2\processhacker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6608"C:\WINDOWS\svchost.com" "C:\Users\admin\AppData\Local\Temp\RAR$EX~1.495\DEFI13~1.EXE" C:\Windows\svchost.com
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\windows\svchost.com
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6544C:\Users\admin\AppData\Local\Temp\RAR$EX~1.495\DEFI13~1.EXE C:\Users\admin\AppData\Local\Temp\Rar$EXa6824.49552\defi1328_visual.exesvchost.com
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa6824.49552\defi1328_visual.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5004"C:\Users\admin\AppData\Local\Temp\RAR$EX~1.495\DEFI13~1.EXE" eC:\Users\admin\AppData\Local\Temp\Rar$EXa6824.49552\defi1328_visual.exe
defi1328_visual.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa6824.49552\defi1328_visual.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
10 802
Read events
10 756
Write events
46
Delete events
0

Modification events

(PID) Process:(3876) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(3876) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(3876) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(3876) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Muestra virus.rar
(PID) Process:(3876) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3876) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3876) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3876) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3876) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(6824) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\chromium_ext.zip
Executable files
109
Suspicious files
275
Text files
79
Unknown types
2

Dropped files

PID
Process
Filename
Type
6824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6824.45856\mimikatz\README.md.[1707EB7A].[[email protected]].defi1328binary
MD5:EE94B44E9A4DBFE8DF658AFD05CEA487
SHA256:FBB5C239C0936D6295D605527B3502C6021C3130D4A4079422B383CEC05266DB
6824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6824.45856\mimikatz\x64.bat.[1707EB7A].[[email protected]].defi1328binary
MD5:AC14AD09C0F4BECA919BD947B8BC046C
SHA256:614F3BE6F89D207A383BCD8431738CEB231E7820E748941254315D7CBB8B1A2E
6824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6824.45856\mimikatz\x64\mimikatz.log.[1707EB7A].[[email protected]].defi1328binary
MD5:3792DD2D26EF7BD660147FEF474C25AE
SHA256:45518319D6AEB67CBE390854BDF5FD7A78BCDD72D656DE104FFCEC6A864C7555
6824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6824.45856\mimikatz\mimicom.idl.[1707EB7A].[[email protected]].defi1328binary
MD5:E192AAFFADCAB8AA0DCA521667B1A5B7
SHA256:246944F4C57E49D764A7F21CCA97BAC94E2DA291AF8FDC9C4956F704F40BF26C
6824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6824.45856\mimikatz\x32\mimilib.dllexecutable
MD5:9181E3DBA6941DC097B6ADBC1422239F
SHA256:FD14FA40B1502BB46184E498520B39C7C46B847A9AFB8CC3511E75FCE4CE6EF4
6980processhacker-2.39-setup.exeC:\Users\admin\AppData\Local\Temp\3582-490\processhacker-2.39-setup.exeexecutable
MD5:54DAAD58CCE5003BEE58B28A4F465F49
SHA256:28042DD4A92A0033B8F1D419B9E989C5B8E32D1D2D881F5C8251D58CE35B9063
6824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6824.45856\mimikatz\x64\mimidrv.sys.[1707EB7A].[[email protected]].defi1328binary
MD5:F16154228CC2BE72EC58F0641CFA5FF3
SHA256:2BE541DBB9090C73EF8D8F8BD55D5C70D82A55549283C028F49B6747F720F58C
6824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6824.45856\desktop.initext
MD5:3A37312509712D4E12D27240137FF377
SHA256:B029393EA7B7CF644FB1C9F984F57C1980077562EE2E15D0FFD049C4C48098D3
3876WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIb3876.45001\Downloads.rarcompressed
MD5:566B43EBCD10EA2EA10E1F94101925DC
SHA256:A73AB9478D01CECB6FD2DE72AE869A56F2E88D3E997EAFC040CB3F8D51C2C1B3
6824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa6824.45856\mimikatz\1.txt.[1707EB7A].[[email protected]].defi1328binary
MD5:3DD79E672BE7BD0C2AF38C1313089C2E
SHA256:4080747031C20A4FF3EC7DBE2AB4835DA80E1C1C0A3F3617542AB59838CC96C0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
33
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6264
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
3736
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6264
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3736
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3700
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
2.19.96.25:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1176
svchost.exe
40.126.31.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.78
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.106
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 23.35.229.160
whitelisted
www.bing.com
  • 2.19.96.25
  • 2.19.96.27
  • 2.19.96.8
  • 2.19.96.40
  • 2.19.96.123
  • 2.19.96.26
  • 2.19.96.16
  • 2.19.96.34
  • 2.19.96.129
whitelisted
login.live.com
  • 40.126.31.71
  • 20.190.159.0
  • 40.126.31.73
  • 20.190.159.2
  • 40.126.31.69
  • 40.126.31.67
  • 20.190.159.73
  • 20.190.159.4
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted

Threats

No threats detected
Process
Message
wbadmin.exe
Invalid parameter passed to C runtime function.
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Muestra virus.rar