download:

/download/nginx-1.28.0.zip

Full analysis: https://app.any.run/tasks/adc37fc2-d1b5-4be5-b52b-84857da22cde
Verdict: Malicious activity
Analysis date: June 10, 2025, 16:32:30
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
arch-html
arch-scr
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

CBAA90D695418C0D90A8F553DB7AC0E2

SHA1:

E00F58452B06CA65D4586AAFA62D9E2187B891CE

SHA256:

DB8C7A529F84C819702BD1C50926B27D961A48B4F72FC7C46B30314FC2BBFD7C

SSDEEP:

98304:I+mZ73MIQ5bCc+JyWli/0I/xuMBujwN6MgiPijBxKRlayrkEydox1q1+voLIZsTG:k1F2D

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6200)

  • SUSPICIOUS

    • Application launched itself

      • nginx.exe (PID: 1472)

  • INFO

    • Checks supported languages

      • nginx.exe (PID: 1472)
      • nginx.exe (PID: 4644)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6200)
      • firefox.exe (PID: 3704)

    • Reads the computer name

      • nginx.exe (PID: 4644)
      • nginx.exe (PID: 1472)

    • Application launched itself

      • firefox.exe (PID: 5168)
      • firefox.exe (PID: 3704)
      • msedge.exe (PID: 6236)
      • msedge.exe (PID: 8868)

    • Manual execution by a user

      • nginx.exe (PID: 1472)
      • firefox.exe (PID: 5168)
      • msedge.exe (PID: 6236)
      • notepad++.exe (PID: 8712)

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 3704)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (36.3)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2025:04:23 17:01:22
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: nginx-1.28.0/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
208
Monitored processes
60
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs nginx.exe no specs conhost.exe no specs nginx.exe no specs conhost.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs slui.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs notepad++.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
640"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2852 -prefsLen 39015 -prefMapHandle 5040 -prefMapSize 272997 -jsInitHandle 5036 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 5028 -initialChannelId {cedb98ac-e93c-48f3-b69b-e6c67d18e69f} -parentPid 3704 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3704" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1472"C:\Users\admin\Desktop\nginx-1.28.0\nginx.exe" C:\Users\admin\Desktop\nginx-1.28.0\nginx.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\nginx-1.28.0\nginx.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1564"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=4832,i,3198430130927704315,13708037512194839847,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2072"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=5204,i,3198430130927704315,13708037512194839847,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2148"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3404 -prefsLen 36996 -prefMapHandle 3408 -prefMapSize 272997 -jsInitHandle 3412 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 3420 -initialChannelId {95ff3796-a57d-4263-aeb1-a533721c4b3b} -parentPid 3704 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3704" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
2188"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5108 -prefsLen 39015 -prefMapHandle 5112 -prefMapSize 272997 -jsInitHandle 5116 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 2848 -initialChannelId {e48e6338-f7c0-49b7-a485-295aeb2fc4ce} -parentPid 3704 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3704" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2324"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2300,i,6305328815165892898,8569515647853768532,262144 --variations-seed-version --mojo-platform-channel-handle=1852 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2512"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=4832,i,3198430130927704315,13708037512194839847,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
3624\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenginx.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3704"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
Total events
21 821
Read events
21 779
Write events
42
Delete events
0

Modification events

(PID) Process:(6200) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6200) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6200) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6200) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\nginx-1.28.0.zip
(PID) Process:(6200) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6200) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6200) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6200) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6200) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
(PID) Process:(6200) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:name
Value:
256
Executable files
5
Suspicious files
412
Text files
230
Unknown types
229

Dropped files

PID
Process
Filename
Type
6200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6200.47510\nginx-1.28.0\html\index.htmlhtml
MD5:7DF3D7CF3358AF3F470AC7229387EF94
SHA256:FB47468A2CD3953C7131431991AFCC6A2703F14640520102EEA0A685A7E8D6DE
6200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6200.47510\nginx-1.28.0\html\50x.htmlhtml
MD5:5A719A793405561B1A13E6CB1F403D88
SHA256:876766B4E80133FD490603E073D3567425B88794828A9292104244C9E40875ED
6200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6200.47510\nginx-1.28.0\docs\PCRE.LICENCEtext
MD5:43CFA999260DD853CD6CB174DC396F3D
SHA256:15BC778A1F7E1F857D57ABAB4181749A06AD1D1F9420D5C9E3C23EF8C991B025
6200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6200.47510\nginx-1.28.0\docs\zlib.LICENSEtext
MD5:5B6BE32CED6317DFA2BB4A29E0B3BBFF
SHA256:D05DCCB7F5643D5FAF8A624A24986F7F470C78613B7A4032679D5AA3BC8618F3
6200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6200.47510\nginx-1.28.0\docs\SECURITY.mdtext
MD5:A32A902249DD8C889C435017F78325F1
SHA256:7F7B7221F1B1677C91BA58C187421D4682F0C1B2232139184865B1F1A1BE6148
6200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6200.47510\nginx-1.28.0\docs\CHANGES.rutext
MD5:5B2EA5C66F988D881C551C9875D09952
SHA256:0F07B5258D7B4EA1B262EFB775368D3A2FBAE591EB1A47EC6335CBEEDCC0D8E7
6200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6200.47510\nginx-1.28.0\docs\README.mdtext
MD5:5126E726387D0236960FAB2B8E615649
SHA256:3019FDA34EA08F5FBE9F5B71033526BC47B749D926A1DF6056AD0ECB3231E479
6200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6200.47510\nginx-1.28.0\docs\CONTRIBUTING.mdtext
MD5:7240BFCE1CE29DFF0DEFDC0F8397E688
SHA256:29B2D2CA3F175D772677C131D30910AA8D04D0EA69B166B6E8EC9E25BB648726
6200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6200.47510\nginx-1.28.0\nginx.exeexecutable
MD5:70FB6E59D427D7CF9C44D6707F82C093
SHA256:53530836391897EA218D8040ACDD467CD4832EFAB597E534D7C670E0E6C94B3C
6200WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6200.47510\nginx-1.28.0\docs\CHANGEStext
MD5:EDA7FB19C2EB9823EF5612365B494BF8
SHA256:4685A94B038A1598E5C4A17C62BF7F8396EDEB31A3A0C735B49E21DAC997B3BF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
50
TCP/UDP connections
120
DNS requests
185
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2524
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.13:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3704
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
3704
firefox.exe
POST
200
2.16.206.143:80
http://r11.o.lencr.org/
unknown
whitelisted
3704
firefox.exe
POST
200
142.250.186.131:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
3704
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
3704
firefox.exe
POST
2.16.206.143:80
http://r11.o.lencr.org/
unknown
whitelisted
3704
firefox.exe
POST
2.16.206.143:80
http://r10.o.lencr.org/
unknown
whitelisted
3704
firefox.exe
POST
142.250.186.131:80
http://o.pki.goog/we2
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3964
RUXIMICS.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1268
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
2336
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
2524
svchost.exe
40.126.31.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2524
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
23.216.77.13:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.31.71
  • 40.126.31.67
  • 20.190.159.68
  • 40.126.31.3
  • 40.126.31.69
  • 20.190.159.4
  • 40.126.31.2
  • 20.190.159.130
  • 20.190.159.64
  • 40.126.31.128
  • 20.190.159.129
  • 20.190.159.2
  • 40.126.31.129
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.216.77.13
  • 23.216.77.30
  • 23.216.77.18
  • 23.216.77.36
  • 23.216.77.5
  • 23.216.77.12
  • 23.216.77.29
  • 23.216.77.41
  • 23.216.77.31
whitelisted
www.microsoft.com
  • 2.23.181.156
  • 2.16.253.202
whitelisted
nexusrules.officeapps.live.com
  • 52.111.229.43
whitelisted
content-signature-2.cdn.mozilla.net
  • 34.160.144.191
whitelisted
content-signature-chains.prod.autograph.services.mozaws.net
  • 34.160.144.191
  • 2600:1901:0:92a9::
whitelisted

Threats

No threats detected
Process
Message
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
notepad++.exe
VerifyLibrary: error while getting certificate informations
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/download/nginx-1.28.0.zip