File name:

Holzer.zip

Full analysis: https://app.any.run/tasks/2bfe9faa-b06a-4a84-a344-320099041b5a
Verdict: Malicious activity
Analysis date: February 09, 2025, 15:15:06
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
auto
generic
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

46C66DCCDA54AC15C941E7589A5DA5CA

SHA1:

49A4F3B61753F261FC5F3E7D69F599AC0A5E083E

SHA256:

F7F624D237F1D81858259C1783BE9C7A605FE260B22092AF064BC91035010FEF

SSDEEP:

1536:5dlKxgjOc91+xkuSL7/jVqFqGBh8tCxFngg/:PlJjOc9WkuoQtF1gg/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • WinRAR.exe (PID: 5880)

    • Disables the Command Prompt (cmd)

      • Holzer.exe (PID: 6968)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 5880)

    • Uses ATTRIB.EXE to modify file attributes

      • Holzer.exe (PID: 6968)

    • Starts CMD.EXE for commands execution

      • Holzer.exe (PID: 6968)

    • Uses ICACLS.EXE to modify access control lists

      • Holzer.exe (PID: 6968)

    • There is functionality for taking screenshot (YARA)

      • Holzer.exe (PID: 6968)

  • INFO

    • Checks supported languages

      • Holzer.exe (PID: 6968)

    • Uses BITSADMIN.EXE

      • Holzer.exe (PID: 6968)

    • Reads the computer name

      • Holzer.exe (PID: 6968)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 5880)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2021:10:27 14:55:58
ZipCRC: 0xe58a4ef6
ZipCompressedSize: 991
ZipUncompressedSize: 1868
ZipFileName: README.txt
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
191
Monitored processes
60
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start #GENERIC winrar.exe holzer.exe no specs holzer.exe conhost.exe no specs choice.exe no specs backgroundtransferhost.exe no specs chkdsk.exe no specs atbroker.exe no specs cipher.exe no specs backgroundtaskhost.exe no specs calc.exe no specs attrib.exe no specs cmdkey.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs camerasettingsuihost.exe no specs cmd.exe no specs conhost.exe no specs clip.exe no specs conhost.exe no specs bootcfg.exe no specs cleanmgr.exe no specs autochk.exe no specs bthudtask.exe no specs chkntfs.exe no specs charmap.exe no specs bytecodegenerator.exe no specs cmmon32.exe no specs conhost.exe no specs appidtel.exe no specs cacls.exe no specs bitsadmin.exe no specs cliconfg.exe no specs agentactivationruntimestarter.exe no specs cloudnotifications.exe no specs conhost.exe no specs conhost.exe no specs arp.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs certutil.exe no specs certreq.exe no specs at.exe no specs certenrollctrl.exe no specs cmdl32.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs checknetisolation.exe no specs conhost.exe no specs conhost.exe no specs auditpol.exe no specs autoconv.exe no specs conhost.exe no specs conhost.exe no specs autofmt.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\Windows\System32\choice.exe" C:\Windows\SysWOW64\choice.exeHolzer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Offers the user a choice
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\choice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1200"C:\Windows\System32\BackgroundTransferHost.exe" C:\Windows\SysWOW64\BackgroundTransferHost.exeHolzer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Download/Upload Host
Exit code:
2147942487
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1348"C:\Windows\System32\chkdsk.exe" C:\Windows\SysWOW64\chkdsk.exeHolzer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Check Disk Utility
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\chkdsk.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1380"C:\Windows\System32\AtBroker.exe" C:\Windows\SysWOW64\AtBroker.exeHolzer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Assistive Technology Manager
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\atbroker.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1412"C:\Windows\System32\cipher.exe" C:\Windows\SysWOW64\cipher.exeHolzer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
File Encryption Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cipher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1616"C:\Windows\System32\backgroundTaskHost.exe" C:\Windows\SysWOW64\backgroundTaskHost.exeHolzer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Background Task Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\backgroundtaskhost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1828"C:\Windows\System32\calc.exe" C:\Windows\SysWOW64\calc.exeHolzer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Calculator
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\calc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
2084"C:\Windows\System32\attrib.exe" C:\Windows\SysWOW64\attrib.exeHolzer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Attribute Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\attrib.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2124"C:\Windows\System32\cmdkey.exe" C:\Windows\SysWOW64\cmdkey.exeHolzer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Credential Manager Command Line Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmdkey.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2152\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exechkdsk.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
2 085
Read events
2 074
Write events
11
Delete events
0

Modification events

(PID) Process:(5880) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(5880) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(5880) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(5880) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Holzer.zip
(PID) Process:(5880) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(5880) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(5880) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(5880) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6968) Holzer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Operation:writeName:DisableTaskMgr
Value:
1
(PID) Process:(6968) Holzer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Operation:writeName:DisableRegistryTools
Value:
1
Executable files
1
Suspicious files
0
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
3208cleanmgr.exeC:\Windows\System32\LogFiles\setupcln\setupact.log
MD5:
SHA256:
6968Holzer.exe\Device\Harddisk0\DR0
MD5:
SHA256:
3208cleanmgr.exeC:\Users\admin\AppData\Local\D3DSCache\ecbf0d5a3a180bb\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.locktext
MD5:F49655F856ACB8884CC0ACE29216F511
SHA256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
3208cleanmgr.exeC:\Users\admin\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.locktext
MD5:F49655F856ACB8884CC0ACE29216F511
SHA256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
3208cleanmgr.exeC:\Users\admin\AppData\Local\D3DSCache\d3fe7cdcb51a5ef5\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.locktext
MD5:F49655F856ACB8884CC0ACE29216F511
SHA256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
3208cleanmgr.exeC:\Users\admin\AppData\Local\D3DSCache\3534848bb9f4cb71\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.locktext
MD5:F49655F856ACB8884CC0ACE29216F511
SHA256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
3208cleanmgr.exeC:\Windows\System32\LogFiles\setupcln\diagwrn.xmltext
MD5:F53C46F2F52EB970EB961A877EA8D290
SHA256:3C4DDB1CE049BF569C5469E18DBB775145D85B3D7C498E7FB2F76E6AFBA9922D
3208cleanmgr.exeC:\Windows\System32\LogFiles\setupcln\setuperr.logtext
MD5:0DC32D424709C42A562F0DE6117ABFDD
SHA256:010DFA7BA0238E322273FA9E297EED794D481128863E29E68173B3F553B6EA1C
5880WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa5880.43292\README.txttext
MD5:30A88BDBF13C2808793A2A3BAF993AB8
SHA256:5F5656DDD0BBF8D5EF92908EB379BC435ACB416A15353C3F4413B2642B128496
5880WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa5880.43292\Holzer.exeexecutable
MD5:C971C68B4E58CCC82802B21AE8488BC7
SHA256:CEDE0B15D88C20BC750B516858F8BF31EE472F6CBD01640840890736C4333CCE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
182
TCP/UDP connections
185
DNS requests
108
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6340
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
7072
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
POST
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
GET
304
23.48.23.145:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
304
23.48.23.145:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
304
23.48.23.145:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3508
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
40.126.31.69:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.167
  • 23.48.23.156
  • 23.48.23.159
  • 23.48.23.193
  • 23.48.23.194
  • 23.48.23.180
  • 23.48.23.176
  • 23.48.23.145
  • 23.48.23.164
  • 23.48.23.162
  • 23.48.23.158
  • 23.48.23.166
  • 23.48.23.177
  • 23.48.23.147
  • 23.48.23.141
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 95.101.149.131
whitelisted
login.live.com
  • 40.126.31.69
  • 40.126.31.0
  • 20.190.159.73
  • 20.190.159.64
  • 20.190.159.131
  • 20.190.159.2
  • 40.126.31.129
  • 40.126.31.128
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
  • 51.104.136.2
  • 40.127.240.158
  • 51.124.78.146
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
  • 20.109.210.53
whitelisted
fd.api.iris.microsoft.com
  • 20.31.169.57
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
  • 13.95.31.18
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Holzer.zip