File name:

winzip28.exe

Full analysis: https://app.any.run/tasks/f42ac371-130e-42e9-ab1c-02f189e19d1e
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 24, 2024, 06:04:15
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

D7C6CCF487978C2EAB86DAE39FF98C5B

SHA1:

2A045647B18FE9529952F0459B0DAAEA6C1F65B3

SHA256:

B8D96793563A92E2F42886A43AE767280308451C435FC27838B50437676BACF4

SSDEEP:

98304:Yts1cSudjEr3nu2HNmUfsI2ZfjC5mY/zbp1CmfffNAHfKm:ea7fe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • winzip28.exe (PID: 4060)
      • winzip28.exe (PID: 812)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5696)

    • Scans artifacts that could help determine the target

      • winzip28.exe (PID: 812)

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • winzip28.exe (PID: 812)

    • Reads security settings of Internet Explorer

      • winzip28.exe (PID: 812)
      • MicrosoftEdgeUpdate.exe (PID: 6856)

    • Reads Internet Explorer settings

      • winzip28.exe (PID: 812)

    • Executable content was dropped or overwritten

      • winzip28.exe (PID: 4060)
      • winzip28.exe (PID: 812)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5696)

    • Process drops legitimate windows executable

      • winzip28.exe (PID: 812)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5696)
      • MicrosoftEdgeUpdate.exe (PID: 6856)

    • Reads the date of Windows installation

      • winzip28.exe (PID: 812)
      • MicrosoftEdgeUpdate.exe (PID: 6856)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 5696)
      • MicrosoftEdgeUpdate.exe (PID: 6856)

    • Checks Windows Trust Settings

      • winzip28.exe (PID: 812)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 6856)

    • Creates a software uninstall entry

      • MicrosoftEdgeUpdate.exe (PID: 6856)

    • Starts itself from another location

      • winzip28.exe (PID: 4060)

  • INFO

    • Checks supported languages

      • winzip28.exe (PID: 4060)
      • winzip28.exe (PID: 812)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5696)
      • MicrosoftEdgeUpdate.exe (PID: 6856)

    • Reads the software policy settings

      • winzip28.exe (PID: 812)
      • MicrosoftEdgeUpdate.exe (PID: 6856)
      • wermgr.exe (PID: 4212)
      • slui.exe (PID: 1780)

    • Reads the machine GUID from the registry

      • winzip28.exe (PID: 812)

    • Checks proxy server information

      • winzip28.exe (PID: 812)
      • MicrosoftEdgeUpdate.exe (PID: 6856)
      • slui.exe (PID: 1780)
      • wermgr.exe (PID: 4212)

    • Process checks Internet Explorer phishing filters

      • winzip28.exe (PID: 812)

    • Create files in a temporary directory

      • winzip28.exe (PID: 4060)
      • winzip28.exe (PID: 812)

    • Creates files or folders in the user directory

      • winzip28.exe (PID: 812)

    • Creates files in the program directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 5696)
      • winzip28.exe (PID: 812)

    • Reads the computer name

      • MicrosoftEdgeUpdate.exe (PID: 6856)
      • winzip28.exe (PID: 812)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 6856)
      • winzip28.exe (PID: 812)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 6856)
      • winzip28.exe (PID: 812)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (18)
.exe | Win32 Executable (generic) (2.9)
.exe | Generic Win/DOS Executable (1.3)
.exe | DOS Executable Generic (1.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:04:09 15:35:03+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 2104320
InitializedDataSize: 703488
UninitializedDataSize: -
EntryPoint: 0x18ac66
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 28.0.16002.0
ProductVersionNumber: 28.0.16002.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: WinZip Computing
FileDescription: WinZipStub Installer
FileVersion: 28.0.16002.0
InternalName: WinZipStubInstaller.exe
LegalCopyright: (c) 2015-2024 Corel Corporation All rights reserved.
ProductName: WinZipStub
ProductVersion: 28.0.16002.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
131
Monitored processes
7
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winzip28.exe winzip28.exe slui.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe winzip28.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Users\admin\Desktop\winzip28.exe" C:\Users\admin\Desktop\winzip28.exeexplorer.exe
User:
admin
Company:
WinZip Computing
Integrity Level:
MEDIUM
Description:
WinZipStub Installer
Exit code:
3221226540
Version:
28.0.16002.0
Modules
Images
c:\users\admin\desktop\winzip28.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
812 run=1 shortcut="C:\Users\admin\Desktop\winzip28.exe"C:\Users\admin\AppData\Local\Temp\e28c1\winzip28.exe
winzip28.exe
User:
admin
Company:
WinZip Computing
Integrity Level:
HIGH
Description:
WinZipStub Installer
Version:
28.0.16002.0
Modules
Images
c:\users\admin\appdata\local\temp\e28c1\winzip28.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1780C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4060"C:\Users\admin\Desktop\winzip28.exe" C:\Users\admin\Desktop\winzip28.exe
explorer.exe
User:
admin
Company:
WinZip Computing
Integrity Level:
HIGH
Description:
WinZipStub Installer
Version:
28.0.16002.0
Modules
Images
c:\users\admin\desktop\winzip28.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4212"C:\WINDOWS\system32\wermgr.exe" "-outproc" "0" "6856" "2592" "2520" "2596" "0" "0" "0" "0" "0" "0" "0" "0" C:\Windows\SysWOW64\wermgr.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wermgr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5696"C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
winzip28.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Exit code:
2147747592
Version:
1.3.193.5
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6856"C:\Program Files (x86)\Microsoft\Temp\EUF44A.tmp\MicrosoftEdgeUpdate.exe" /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Program Files (x86)\Microsoft\Temp\EUF44A.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
2147747592
Version:
1.3.193.5
Modules
Images
c:\program files (x86)\microsoft\temp\euf44a.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
22 598
Read events
22 527
Write events
62
Delete events
9

Modification events

(PID) Process:(812) winzip28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Corel\stubframework\WNZP\28
Operation:writeName:install_language
Value:
English
(PID) Process:(812) winzip28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Corel\PCU
Operation:writeName:7
Value:
FA9020524153
(PID) Process:(812) winzip28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Corel\PCU
Operation:writeName:HFNCv2
Value:
FA9020524153
(PID) Process:(812) winzip28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(812) winzip28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(812) winzip28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(812) winzip28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(812) winzip28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(812) winzip28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(812) winzip28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
203
Suspicious files
11
Text files
50
Unknown types
2

Dropped files

PID
Process
Filename
Type
812winzip28.exeC:\ProgramData\UniqueId\databinary
MD5:2FCC3974FA0EB2778D5C8C83B5D08D1F
SHA256:E71C1EE4B9E1340214FD72AB145FA5EBA4BA25D766CF1BD65CE5AB6CBDB02D3D
4060winzip28.exeC:\Users\admin\AppData\Local\Temp\e28c1\winzip28.exeexecutable
MD5:D7C6CCF487978C2EAB86DAE39FF98C5B
SHA256:B8D96793563A92E2F42886A43AE767280308451C435FC27838B50437676BACF4
812winzip28.exeC:\Users\admin\AppData\Local\Temp\e2b42\common\img\close-hover.pngimage
MD5:DC25F8EBE54644F4C207F83711EE04AC
SHA256:0B0DF46552E1B95349C2F9D65DBB7379A7535E1A8A3C18C3B27958D0D8308E9B
812winzip28.exeC:\Users\admin\AppData\Local\Temp\e2b42\common\img\arrow.pngimage
MD5:2A9E7E3FDD66157922465CE189D69AF3
SHA256:FE20166694A729AF85BAF6547ACA4E3A5297888091CA69CD5588EF1E48616E2F
812winzip28.exeC:\Users\admin\AppData\Local\Temp\e2b42\common\css\common.csstext
MD5:33B1C68FFF898CBF19C44E486C856282
SHA256:265D280BAD44060C22A6CAEF0140BB8085B994CDD8D76789F3A43A6E7F2A16EA
812winzip28.exeC:\Users\admin\AppData\Local\Temp\e2b42\common\img\centerImg.pngimage
MD5:63ED3F09DC01F121B261B681EB77551E
SHA256:8627777C53A31448C9E61705478B77EDBAA2DCFD55EF930EB33F840BAC014781
812winzip28.exeC:\Users\admin\AppData\Local\Temp\e2b42\common\img\close-normal.pngimage
MD5:C9F970B77486B6C60F583DE55B82EBB2
SHA256:DD727B90F3C6B053FA5B4C8401440E5D120DAC6B93305573CAAEFECEDC5F0C5E
812winzip28.exeC:\Users\admin\AppData\Local\Temp\e2b42\common\img\button-hover.pngimage
MD5:C3B0E9ED9D0658F1001BBE0C39646E59
SHA256:936A313E370E0CFFB7F92CDBC10DCA11E63798186D8CA29AD66154E81AF4C7A0
812winzip28.exeC:\Users\admin\AppData\Local\Temp\e2b42\common\img\footerImg.pngimage
MD5:59068C9A357B259A32C5ACF1EAE1B6CA
SHA256:EA52A6F973100CBDD3217A609EF3737DAE42597DD112165FC8A0C42FBD37A517
812winzip28.exeC:\Users\admin\AppData\Local\Temp\e2b42\common\img\header_logo.pngimage
MD5:9F74DFFB0FEA380B891A7B1596109A22
SHA256:EC9D030B3F64CEDC4645F8EFEA56BAFF55F1B13DFB0DB6EECECDB9612676F893
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
25
DNS requests
12
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
301
184.30.21.171:443
https://go.microsoft.com/fwlink/p/?LinkId=2124703
unknown
GET
304
13.107.42.16:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.193.5?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_webview=5&appConsentState_webview=0&appDayOfInstall_webview=0&appInactivityBadgeApplied_webview=0&appInactivityBadgeCleared_webview=0&appInactivityBadgeDuration_webview=0&appInstallTimeDiffSec_webview=0&appIsPinnedSystem_webview=false&appLastLaunchCount_webview=0&appLastLaunchTime_webview=0&appLastLaunchTimeJson_webview=0&appLastLaunchTimeDaysAgo_webview=0&appUpdateCheckIsUpdateDisabled_webview=false&appUpdatesAllowedForMeteredNetworks_webview=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=4&hwPhysmemory=4&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.193.5
unknown
POST
200
44.233.121.147:443
https://www.installportal.com/v1/logAnalytics
unknown
xml
204 b
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.193.5?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_edgeupdate=6&appConsentState_edgeupdate=0&appDayOfInstall_edgeupdate=0&appInactivityBadgeApplied_edgeupdate=0&appInactivityBadgeCleared_edgeupdate=0&appInactivityBadgeDuration_edgeupdate=0&appInstallTimeDiffSec_edgeupdate=0&appIsPinnedSystem_edgeupdate=false&appLastLaunchCount_edgeupdate=0&appLastLaunchTime_edgeupdate=0&appLastLaunchTimeJson_edgeupdate=0&appLastLaunchTimeDaysAgo_edgeupdate=0&appVersion_edgeupdate=1.3.193.5&appUpdateCheckIsUpdateDisabled_edgeupdate=false&appUpdatesAllowedForMeteredNetworks_edgeupdate=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=4&hwPhysmemory=4&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.193.5
unknown
binary
559 b
POST
401
4.208.221.206:443
https://licensing.mp.microsoft.com/v7.0/licenses/content
unknown
binary
340 b
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
GET
200
152.199.21.175:443
https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/7f37810c-5f90-4363-8669-cdfe6fbc5ec6/MicrosoftEdgeWebview2Setup.exe
unknown
executable
1.57 Mb
POST
200
52.168.117.170:443
https://self.events.data.microsoft.com/OneCollector/1.0/
unknown
binary
9 b
GET
200
23.50.131.152:443
https://ipm.corel.com/static/ipm/product-analytics/index.html
unknown
html
11.9 Kb
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
239.255.255.250:1900
whitelisted
6012
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3060
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4360
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
4204
svchost.exe
4.208.221.206:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
812
winzip28.exe
44.233.121.147:443
www.installportal.com
AMAZON-02
US
unknown
6012
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4360
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
whitelisted
google.com
  • 142.250.186.110
whitelisted
www.installportal.com
  • 44.233.121.147
  • 44.230.200.243
unknown
go.microsoft.com
  • 184.28.89.167
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
self.events.data.microsoft.com
  • 20.189.173.24
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 152.199.21.175
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
watson.events.data.microsoft.com
  • 20.189.173.21
whitelisted
ipm.corel.com
  • 95.101.111.130
  • 95.101.111.148
unknown

Threats

PID
Process
Class
Message
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
winzip28.exe