File name:

winzip28-mf.exe

Full analysis: https://app.any.run/tasks/5811ac83-6068-4f58-b9d3-b1a5c639655a
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: September 07, 2024, 12:55:09
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1228709FFB55277D3251C55AE0F131E8

SHA1:

AB9ECF340385385686A33F434AF7C1FBC9C91CF2

SHA256:

D0AAA598EEFB6D91C32670F99FDC7E4FD040FD6D40FFE0BE173592FB8A3A3A39

SSDEEP:

98304:nts1cSudjEr3nu2HNmUfsI2ZfjC5mY/zbp1CmfffNAGRKe:ba7fB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • winzip28-mf.exe (PID: 6176)
      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5504)

    • Starts itself from another location

      • winzip28-mf.exe (PID: 6176)

    • Reads Microsoft Outlook installation path

      • winzip28-mf.exe (PID: 6152)

    • Reads security settings of Internet Explorer

      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeUpdate.exe (PID: 2264)

    • Reads Internet Explorer settings

      • winzip28-mf.exe (PID: 6152)

    • Process drops legitimate windows executable

      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5504)
      • MicrosoftEdgeUpdate.exe (PID: 2264)

    • Checks Windows Trust Settings

      • winzip28-mf.exe (PID: 6152)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5504)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 2264)

  • INFO

    • Create files in a temporary directory

      • winzip28-mf.exe (PID: 6152)
      • winzip28-mf.exe (PID: 6176)

    • Checks supported languages

      • winzip28-mf.exe (PID: 6152)
      • winzip28-mf.exe (PID: 6176)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5504)

    • Creates files in the program directory

      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5504)

    • Reads the computer name

      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeUpdate.exe (PID: 2264)

    • Process checks computer location settings

      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeUpdate.exe (PID: 2264)

    • Reads the software policy settings

      • winzip28-mf.exe (PID: 6152)
      • wermgr.exe (PID: 4392)
      • MicrosoftEdgeUpdate.exe (PID: 2264)

    • Checks proxy server information

      • winzip28-mf.exe (PID: 6152)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • wermgr.exe (PID: 4392)

    • Reads the machine GUID from the registry

      • winzip28-mf.exe (PID: 6152)

    • Creates files or folders in the user directory

      • winzip28-mf.exe (PID: 6152)

    • The process uses the downloaded file

      • winzip28-mf.exe (PID: 6152)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 2264)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (18)
.exe | Win32 Executable (generic) (2.9)
.exe | Generic Win/DOS Executable (1.3)
.exe | DOS Executable Generic (1.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:04:09 15:35:03+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 2104320
InitializedDataSize: 703488
UninitializedDataSize: -
EntryPoint: 0x18ac66
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 28.0.16002.0
ProductVersionNumber: 28.0.16002.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: WinZip Computing
FileDescription: WinZipStub Installer
FileVersion: 28.0.16002.0
InternalName: WinZipStubInstaller.exe
LegalCopyright: (c) 2015-2024 Corel Corporation All rights reserved.
ProductName: WinZipStub
ProductVersion: 28.0.16002.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
131
Monitored processes
6
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winzip28-mf.exe winzip28-mf.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe winzip28-mf.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2264"C:\Program Files (x86)\Microsoft\Temp\EU357B.tmp\MicrosoftEdgeUpdate.exe" /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Program Files (x86)\Microsoft\Temp\EU357B.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
2147747592
Version:
1.3.195.19
Modules
Images
c:\program files (x86)\microsoft\temp\eu357b.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
3208"C:\Users\admin\Desktop\winzip28-mf.exe" C:\Users\admin\Desktop\winzip28-mf.exeexplorer.exe
User:
admin
Company:
WinZip Computing
Integrity Level:
MEDIUM
Description:
WinZipStub Installer
Exit code:
3221226540
Version:
28.0.16002.0
Modules
Images
c:\users\admin\desktop\winzip28-mf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
4392"C:\WINDOWS\system32\wermgr.exe" "-outproc" "0" "2264" "2592" "888" "1020" "0" "0" "0" "0" "0" "0" "0" "0" C:\Windows\SysWOW64\wermgr.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wermgr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5504"C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
winzip28-mf.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Exit code:
2147747592
Version:
1.3.195.19
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6152 run=1 shortcut="C:\Users\admin\Desktop\winzip28-mf.exe"C:\Users\admin\AppData\Local\Temp\12ab1d\winzip28-mf.exe
winzip28-mf.exe
User:
admin
Company:
WinZip Computing
Integrity Level:
HIGH
Description:
WinZipStub Installer
Version:
28.0.16002.0
Modules
Images
c:\users\admin\appdata\local\temp\12ab1d\winzip28-mf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6176"C:\Users\admin\Desktop\winzip28-mf.exe" C:\Users\admin\Desktop\winzip28-mf.exe
explorer.exe
User:
admin
Company:
WinZip Computing
Integrity Level:
HIGH
Description:
WinZipStub Installer
Version:
28.0.16002.0
Modules
Images
c:\users\admin\desktop\winzip28-mf.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
13 446
Read events
13 405
Write events
39
Delete events
2

Modification events

(PID) Process:(6152) winzip28-mf.exeKey:HKEY_CURRENT_USER\SOFTWARE\Corel\stubframework\WNZP\28
Operation:writeName:install_language
Value:
English
(PID) Process:(6152) winzip28-mf.exeKey:HKEY_CURRENT_USER\SOFTWARE\Corel\PCU
Operation:writeName:7
Value:
A0AA20524153
(PID) Process:(6152) winzip28-mf.exeKey:HKEY_CURRENT_USER\SOFTWARE\Corel\PCU
Operation:writeName:HFNCv2
Value:
A0AA20524153
(PID) Process:(6152) winzip28-mf.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6152) winzip28-mf.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6152) winzip28-mf.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2264) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe
Operation:writeName:DisableExceptionChainValidation
Value:
0
(PID) Process:(2264) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\PersistedPings\{4C069328-1504-47B9-8DEC-732312A5DC7B}
Operation:writeName:PersistedPingString
Value:
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" updaterversion="1.3.195.19" shell_version="1.3.147.37" ismachine="1" sessionid="{8DABCF1E-75F9-4BC2-BF11-F2C4C685135A}" userid="{FD984739-A122-4DB0-BE5B-46E3E09D84E4}" installsource="otherinstallcmd" requestid="{4C069328-1504-47B9-8DEC-732312A5DC7B}" dedup="cr" domainjoined="0"><hw logical_cpus="4" physmemory="4" disk_type="2" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="10.0.19045.4046" sp="" arch="x64" product_type="48" is_wip="0" is_in_lockdown_mode="0"/><oem product_manufacturer="DELL" product_name="DELL"/><exp etag="&quot;r452t1+k2Tgq/HXzjvFNBRhopBWR9sbjXxqeUDH9uX0=&quot;"/><app appid="{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}" version="1.3.185.17" nextversion="1.3.195.19" lang="" brand="" client=""><event eventtype="2" eventresult="1" errorcode="0" extracode1="0" system_uptime_ticks="12604230082" install_time_ms="327"/></app></request>
(PID) Process:(2264) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\PersistedPings\{4C069328-1504-47B9-8DEC-732312A5DC7B}
Operation:writeName:PersistedPingTime
Value:
133701873554275489
(PID) Process:(2264) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\proxy
Operation:writeName:source
Value:
auto
Executable files
203
Suspicious files
10
Text files
49
Unknown types
3

Dropped files

PID
Process
Filename
Type
6152winzip28-mf.exeC:\ProgramData\UniqueId\databinary
MD5:860B010321EBB87E1FAFC48835B411FF
SHA256:3D5E77410E390D9FBB4C79A526FAC12601E1E7FFE0BCFF043EECD39EB8D374AB
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\css\jquery-ui.csstext
MD5:1CE4EB3E5153F4C9B93A3CFDF3EF2E77
SHA256:95F4C300D84EEDD0C43A30A1B6F0DFBBF7B8C47725511981E4CFE12DFAEB0E93
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\img\progress_background.pngimage
MD5:17D7B3B6595A0D6860AF793BC8916F30
SHA256:74BFC424E331DF2961B4DF57D65FBFFC116594333DC1DDE0CD1277C351FA9C69
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\img\button-normal.pngimage
MD5:4B618927FABD5BFEA9CF228C9E3F4428
SHA256:A768C604AE9EF96D0F26D8E6C46B0C24515ADA8945C9BD8A86B8173EEA730653
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\js\jquery-1.11.2.min.jss
MD5:5790EAD7AD3BA27397AEDFA3D263B867
SHA256:2ECD295D295BEC062CEDEBE177E54B9D6B19FC0A841DC5C178C654C9CCFF09C0
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\img\headerImg.pngimage
MD5:79F3461A48F669EF914EEFBD83925820
SHA256:A9B420A106ADB6B09E5DD39A864DD00519AADE91CE6F500C179E9E6652B0FC51
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\js\jquery-ui.min.jsbinary
MD5:97753710DC6FC2F47616D0578E991EB5
SHA256:2E5F9B159BE16A83D09C1DC654C73737E10D2A6F8372B51BE480B1BA42B7273C
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\img\close-hover.pngimage
MD5:DC25F8EBE54644F4C207F83711EE04AC
SHA256:0B0DF46552E1B95349C2F9D65DBB7379A7535E1A8A3C18C3B27958D0D8308E9B
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\config\config.jstext
MD5:34F8EB4EA7D667D961DCCFA7CFD8D194
SHA256:30C3D0E8BB3620FE243A75A10F23D83436FF4B15ACB65F4F016258314581B73D
6152winzip28-mf.exeC:\Users\admin\AppData\Local\Temp\12ad4f\common\js\common.jsbinary
MD5:87DAF84C22986FA441A388490E2ED220
SHA256:787F5C13EAC01BD8BBCE329CC32D2F03073512E606B158E3FFF07DE814EA7F23
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
22
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5644
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2120
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
301
184.30.21.171:443
https://go.microsoft.com/fwlink/p/?LinkId=2124703
unknown
unknown
GET
304
13.107.42.16:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.195.19?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_webview=5&appConsentState_webview=0&appDayOfInstall_webview=0&appInactivityBadgeApplied_webview=0&appInactivityBadgeCleared_webview=0&appInactivityBadgeDuration_webview=0&appInstallTimeDiffSec_webview=0&appIsPinnedSystem_webview=false&appLastLaunchCount_webview=0&appLastLaunchTime_webview=0&appLastLaunchTimeJson_webview=0&appLastLaunchTimeDaysAgo_webview=0&appUpdateCheckIsUpdateDisabled_webview=false&appUpdatesAllowedForMeteredNetworks_webview=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=4&hwPhysmemory=4&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.195.19
unknown
unknown
POST
200
44.233.0.134:443
https://www.installportal.com/v1/logAnalytics
unknown
xml
204 b
unknown
GET
200
13.107.42.16:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.195.19?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_edgeupdate=6&appConsentState_edgeupdate=0&appDayOfInstall_edgeupdate=0&appInactivityBadgeApplied_edgeupdate=0&appInactivityBadgeCleared_edgeupdate=0&appInactivityBadgeDuration_edgeupdate=0&appInstallTimeDiffSec_edgeupdate=0&appIsPinnedSystem_edgeupdate=false&appLastLaunchCount_edgeupdate=0&appLastLaunchTime_edgeupdate=0&appLastLaunchTimeJson_edgeupdate=0&appLastLaunchTimeDaysAgo_edgeupdate=0&appVersion_edgeupdate=1.3.195.19&appUpdateCheckIsUpdateDisabled_edgeupdate=false&appUpdatesAllowedForMeteredNetworks_edgeupdate=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=4&hwPhysmemory=4&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.195.19
unknown
binary
559 b
unknown
GET
200
152.199.21.175:443
https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/657da03c-2d6c-4d00-893f-d6c129225760/MicrosoftEdgeWebview2Setup.exe
unknown
executable
1.56 Mb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
6052
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5644
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6152
winzip28-mf.exe
35.80.227.221:443
www.installportal.com
AMAZON-02
US
unknown
5644
RUXIMICS.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2120
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6152
winzip28-mf.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
4324
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6152
winzip28-mf.exe
152.199.21.175:443
msedge.sf.dl.delivery.mp.microsoft.com
EDGECAST
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
google.com
  • 142.250.181.238
whitelisted
www.installportal.com
  • 35.80.227.221
  • 44.233.0.134
unknown
www.microsoft.com
  • 184.30.21.171
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 152.199.21.175
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
watson.events.data.microsoft.com
  • 52.168.117.173
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
winzip28-mf.exe