File name:

winzip28-mf.exe

Full analysis: https://app.any.run/tasks/5811ac83-6068-4f58-b9d3-b1a5c639655a
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: September 07, 2024, 12:55:09
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1228709FFB55277D3251C55AE0F131E8

SHA1:

AB9ECF340385385686A33F434AF7C1FBC9C91CF2

SHA256:

D0AAA598EEFB6D91C32670F99FDC7E4FD040FD6D40FFE0BE173592FB8A3A3A39

SSDEEP:

98304:nts1cSudjEr3nu2HNmUfsI2ZfjC5mY/zbp1CmfffNAGRKe:ba7fB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • winzip28-mf.exe (PID: 6176)
      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5504)

    • Starts itself from another location

      • winzip28-mf.exe (PID: 6176)

    • Reads Microsoft Outlook installation path

      • winzip28-mf.exe (PID: 6152)

    • Reads Internet Explorer settings

      • winzip28-mf.exe (PID: 6152)

    • Reads security settings of Internet Explorer

      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeUpdate.exe (PID: 2264)

    • Checks Windows Trust Settings

      • winzip28-mf.exe (PID: 6152)

    • Process drops legitimate windows executable

      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5504)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5504)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 2264)

  • INFO

    • Checks supported languages

      • winzip28-mf.exe (PID: 6176)
      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5504)
      • MicrosoftEdgeUpdate.exe (PID: 2264)

    • Create files in a temporary directory

      • winzip28-mf.exe (PID: 6152)
      • winzip28-mf.exe (PID: 6176)

    • Reads the computer name

      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeUpdate.exe (PID: 2264)

    • Process checks computer location settings

      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeUpdate.exe (PID: 2264)

    • Checks proxy server information

      • winzip28-mf.exe (PID: 6152)
      • wermgr.exe (PID: 4392)
      • MicrosoftEdgeUpdate.exe (PID: 2264)

    • Creates files in the program directory

      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5504)

    • Reads the software policy settings

      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • wermgr.exe (PID: 4392)

    • Reads the machine GUID from the registry

      • winzip28-mf.exe (PID: 6152)

    • The process uses the downloaded file

      • winzip28-mf.exe (PID: 6152)

    • Creates files or folders in the user directory

      • winzip28-mf.exe (PID: 6152)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 2264)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (18)
.exe | Win32 Executable (generic) (2.9)
.exe | Generic Win/DOS Executable (1.3)
.exe | DOS Executable Generic (1.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:04:09 15:35:03+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 2104320
InitializedDataSize: 703488
UninitializedDataSize: -
EntryPoint: 0x18ac66
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 28.0.16002.0
ProductVersionNumber: 28.0.16002.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: WinZip Computing
FileDescription: WinZipStub Installer
FileVersion: 28.0.16002.0
InternalName: WinZipStubInstaller.exe
LegalCopyright: (c) 2015-2024 Corel Corporation All rights reserved.
ProductName: WinZipStub
ProductVersion: 28.0.16002.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
131
Monitored processes
6
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winzip28-mf.exe winzip28-mf.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe winzip28-mf.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2264"C:\Program Files (x86)\Microsoft\Temp\EU357B.tmp\MicrosoftEdgeUpdate.exe" /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Program Files (x86)\Microsoft\Temp\EU357B.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
2147747592
Version:
1.3.195.19
Modules
Images
c:\program files (x86)\microsoft\temp\eu357b.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
3208"C:\Users\admin\Desktop\winzip28-mf.exe" C:\Users\admin\Desktop\winzip28-mf.exeexplorer.exe
User:
admin
Company:
WinZip Computing
Integrity Level:
MEDIUM
Description:
WinZipStub Installer
Exit code:
3221226540
Version:
28.0.16002.0
Modules
Images
c:\users\admin\desktop\winzip28-mf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
4392"C:\WINDOWS\system32\wermgr.exe" "-outproc" "0" "2264" "2592" "888" "1020" "0" "0" "0" "0" "0" "0" "0" "0" C:\Windows\SysWOW64\wermgr.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wermgr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5504"C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
winzip28-mf.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Exit code:
2147747592
Version:
1.3.195.19
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6152 run=1 shortcut="C:\Users\admin\Desktop\winzip28-mf.exe"C:\Users\admin\AppData\Local\Temp\12ab1d\winzip28-mf.exe
winzip28-mf.exe
User:
admin
Company:
WinZip Computing
Integrity Level:
HIGH
Description:
WinZipStub Installer
Version:
28.0.16002.0
Modules
Images
c:\users\admin\appdata\local\temp\12ab1d\winzip28-mf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6176"C:\Users\admin\Desktop\winzip28-mf.exe" C:\Users\admin\Desktop\winzip28-mf.exe
explorer.exe
User:
admin
Company:
WinZip Computing
Integrity Level:
HIGH
Description:
WinZipStub Installer
Version:
28.0.16002.0
Modules
Images
c:\users\admin\desktop\winzip28-mf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
13 446
Read events
13 405
Write events
39
Delete events
2

Modification events

(PID) Process:(6152) winzip28-mf.exeKey:HKEY_CURRENT_USER\SOFTWARE\Corel\stubframework\WNZP\28
Operation:writeName:install_language
Value:
English
(PID) Process:(6152) winzip28-mf.exeKey:HKEY_CURRENT_USER\SOFTWARE\Corel\PCU
Operation:writeName:7
Value:
A0AA20524153
(PID) Process:(6152) winzip28-mf.exeKey:HKEY_CURRENT_USER\SOFTWARE\Corel\PCU
Operation:writeName:HFNCv2
Value:
A0AA20524153
(PID) Process:(6152) winzip28-mf.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6152) winzip28-mf.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6152) winzip28-mf.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2264) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe
Operation:writeName:DisableExceptionChainValidation
Value:
0
(PID) Process:(2264) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\PersistedPings\{4C069328-1504-47B9-8DEC-732312A5DC7B}
Operation:writeName:PersistedPingString
Value:
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" updaterversion="1.3.195.19" shell_version="1.3.147.37" ismachine="1" sessionid="{8DABCF1E-75F9-4BC2-BF11-F2C4C685135A}" userid="{FD984739-A122-4DB0-BE5B-46E3E09D84E4}" installsource="otherinstallcmd" requestid="{4C069328-1504-47B9-8DEC-732312A5DC7B}" dedup="cr" domainjoined="0"><hw logical_cpus="4" physmemory="4" disk_type="2" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="10.0.19045.4046" sp="" arch="x64" product_type="48" is_wip="0" is_in_lockdown_mode="0"/><oem product_manufacturer="DELL" product_name="DELL"/><exp etag="&quot;r452t1+k2Tgq/HXzjvFNBRhopBWR9sbjXxqeUDH9uX0=&quot;"/><app appid="{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}" version="1.3.185.17" nextversion="1.3.195.19" lang="" brand="" client=""><event eventtype="2" eventresult="1" errorcode="0" extracode1="0" system_uptime_ticks="12604230082" install_time_ms="327"/></app></request>
(PID) Process:(2264) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\PersistedPings\{4C069328-1504-47B9-8DEC-732312A5DC7B}
Operation:writeName:PersistedPingTime
Value:
133701873554275489
(PID) Process:(2264) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\proxy
Operation:writeName:source
Value:
auto
Executable files
203
Suspicious files
10
Text files
49
Unknown types
3

Dropped files

PID
Process
Filename
Type
6152winzip28-mf.exeC:\ProgramData\UniqueId\databinary
MD5:860B010321EBB87E1FAFC48835B411FF
SHA256:3D5E77410E390D9FBB4C79A526FAC12601E1E7FFE0BCFF043EECD39EB8D374AB
6176winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ab1d\winzip28-mf.exeexecutable
MD5:1228709FFB55277D3251C55AE0F131E8
SHA256:D0AAA598EEFB6D91C32670F99FDC7E4FD040FD6D40FFE0BE173592FB8A3A3A39
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\img\progress_background.pngimage
MD5:17D7B3B6595A0D6860AF793BC8916F30
SHA256:74BFC424E331DF2961B4DF57D65FBFFC116594333DC1DDE0CD1277C351FA9C69
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\img\close-hover.pngimage
MD5:DC25F8EBE54644F4C207F83711EE04AC
SHA256:0B0DF46552E1B95349C2F9D65DBB7379A7535E1A8A3C18C3B27958D0D8308E9B
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\img\centerImg.pngimage
MD5:63ED3F09DC01F121B261B681EB77551E
SHA256:8627777C53A31448C9E61705478B77EDBAA2DCFD55EF930EB33F840BAC014781
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\img\button-normal.pngimage
MD5:4B618927FABD5BFEA9CF228C9E3F4428
SHA256:A768C604AE9EF96D0F26D8E6C46B0C24515ADA8945C9BD8A86B8173EEA730653
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\img\headerImg.pngimage
MD5:79F3461A48F669EF914EEFBD83925820
SHA256:A9B420A106ADB6B09E5DD39A864DD00519AADE91CE6F500C179E9E6652B0FC51
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\img\close-normal.pngimage
MD5:C9F970B77486B6C60F583DE55B82EBB2
SHA256:DD727B90F3C6B053FA5B4C8401440E5D120DAC6B93305573CAAEFECEDC5F0C5E
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\img\footerImg.pngimage
MD5:59068C9A357B259A32C5ACF1EAE1B6CA
SHA256:EA52A6F973100CBDD3217A609EF3737DAE42597DD112165FC8A0C42FBD37A517
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\config\config.jstext
MD5:34F8EB4EA7D667D961DCCFA7CFD8D194
SHA256:30C3D0E8BB3620FE243A75A10F23D83436FF4B15ACB65F4F016258314581B73D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
22
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5644
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2120
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
301
184.30.21.171:443
https://go.microsoft.com/fwlink/p/?LinkId=2124703
unknown
GET
304
13.107.42.16:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.195.19?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_webview=5&appConsentState_webview=0&appDayOfInstall_webview=0&appInactivityBadgeApplied_webview=0&appInactivityBadgeCleared_webview=0&appInactivityBadgeDuration_webview=0&appInstallTimeDiffSec_webview=0&appIsPinnedSystem_webview=false&appLastLaunchCount_webview=0&appLastLaunchTime_webview=0&appLastLaunchTimeJson_webview=0&appLastLaunchTimeDaysAgo_webview=0&appUpdateCheckIsUpdateDisabled_webview=false&appUpdatesAllowedForMeteredNetworks_webview=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=4&hwPhysmemory=4&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.195.19
unknown
POST
200
44.233.0.134:443
https://www.installportal.com/v1/logAnalytics
unknown
xml
204 b
GET
200
152.199.21.175:443
https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/657da03c-2d6c-4d00-893f-d6c129225760/MicrosoftEdgeWebview2Setup.exe
unknown
executable
1.56 Mb
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.195.19?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_edgeupdate=6&appConsentState_edgeupdate=0&appDayOfInstall_edgeupdate=0&appInactivityBadgeApplied_edgeupdate=0&appInactivityBadgeCleared_edgeupdate=0&appInactivityBadgeDuration_edgeupdate=0&appInstallTimeDiffSec_edgeupdate=0&appIsPinnedSystem_edgeupdate=false&appLastLaunchCount_edgeupdate=0&appLastLaunchTime_edgeupdate=0&appLastLaunchTimeJson_edgeupdate=0&appLastLaunchTimeDaysAgo_edgeupdate=0&appVersion_edgeupdate=1.3.195.19&appUpdateCheckIsUpdateDisabled_edgeupdate=false&appUpdatesAllowedForMeteredNetworks_edgeupdate=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=4&hwPhysmemory=4&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.195.19
unknown
binary
559 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
6052
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5644
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6152
winzip28-mf.exe
35.80.227.221:443
www.installportal.com
AMAZON-02
US
unknown
5644
RUXIMICS.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2120
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6152
winzip28-mf.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
4324
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6152
winzip28-mf.exe
152.199.21.175:443
msedge.sf.dl.delivery.mp.microsoft.com
EDGECAST
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
google.com
  • 142.250.181.238
whitelisted
www.installportal.com
  • 35.80.227.221
  • 44.233.0.134
unknown
www.microsoft.com
  • 184.30.21.171
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 152.199.21.175
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
watson.events.data.microsoft.com
  • 52.168.117.173
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
winzip28-mf.exe