File name:

soyware.zip

Full analysis: https://app.any.run/tasks/34ee857e-b7ce-4f37-bbf5-82b310c0e2e3
Verdict: Malicious activity
Analysis date: July 27, 2024, 22:09:24
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

F4BAC7EC534B61688A39CA43C8B9B41B

SHA1:

DBA4C96B9B7FFE81D3EDCF5AEBC1B41FD7A6692F

SHA256:

FEBAE6B3A1F510A0C23D589D0E293A7DF405386B3C446EF339D5E6CE67AD7EF1

SSDEEP:

12288:59BdMLNf2Msry1OghRZU2PHkY5YNzdu384PLgZyoX:rPGNf2S1OghRZU2PHkY5YN484PLgZyoX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 6656)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 4608)
      • powershell.exe (PID: 3660)

    • Changes powershell execution policy (Bypass)

      • cmd.exe (PID: 3488)

  • SUSPICIOUS

    • Creates file in the systems drive root

      • WinRAR.exe (PID: 6656)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6656)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 3488)

    • The process executes Powershell scripts

      • cmd.exe (PID: 3488)

  • INFO

    • Checks proxy server information

      • slui.exe (PID: 6232)
      • slui.exe (PID: 2368)

    • Manual execution by a user

      • WinRAR.exe (PID: 4780)
      • WinRAR.exe (PID: 1136)
      • Flappy Bird Remake (PC Ray-Tracing).exe (PID: 6700)
      • Flappy Bird Remake (PC Ray-Tracing).exe (PID: 2476)
      • powershell.exe (PID: 4608)
      • cmd.exe (PID: 3488)
      • mspaint.exe (PID: 4376)
      • cmd.exe (PID: 4704)
      • mspaint.exe (PID: 5808)

    • Reads the software policy settings

      • slui.exe (PID: 6232)
      • slui.exe (PID: 2368)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 4780)
      • WinRAR.exe (PID: 1136)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1136)

    • Checks supported languages

      • Flappy Bird Remake (PC Ray-Tracing).exe (PID: 6700)
      • Flappy Bird Remake (PC Ray-Tracing).exe (PID: 2476)

    • Reads the computer name

      • Flappy Bird Remake (PC Ray-Tracing).exe (PID: 6700)
      • Flappy Bird Remake (PC Ray-Tracing).exe (PID: 2476)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 4608)
      • powershell.exe (PID: 3660)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:07:27 15:02:06
ZipCRC: 0x3b847ab3
ZipCompressedSize: 963
ZipUncompressedSize: 963
ZipFileName: cacaquest.zip
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
167
Monitored processes
19
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs slui.exe slui.exe winrar.exe no specs winrar.exe flappy bird remake (pc ray-tracing).exe conhost.exe no specs flappy bird remake (pc ray-tracing).exe conhost.exe no specs powershell.exe no specs conhost.exe no specs mspaint.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe no specs conhost.exe no specs openfiles.exe no specs mspaint.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1136"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver "-an=C:\Users\admin\AppData\Local\Temp\soyware\slotbird.zip" -ad1 -- "C:\Users\admin\AppData\Local\Temp\soyware\cacaquest.zip" C:\Users\admin\AppData\Local\Temp\soyware\C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1596\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeFlappy Bird Remake (PC Ray-Tracing).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2368C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2476"C:\Users\admin\AppData\Local\Temp\soyware\slotbird\Flappy Bird Remake (PC Ray-Tracing).exe" C:\Users\admin\AppData\Local\Temp\soyware\slotbird\Flappy Bird Remake (PC Ray-Tracing).exe
explorer.exe
User:
admin
Company:
Flappy Bird Remake (PC Ray-Tracing)
Integrity Level:
MEDIUM
Description:
Flappy Bird Remake (PC Ray-Tracing)
Exit code:
2147516547
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\soyware\slotbird\flappy bird remake (pc ray-tracing).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2956\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3488"C:\Windows\System32\cmd.exe" C:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
3221225786
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\wldp.dll
3660"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass "C:\Users\admin\AppData\Local\Temp\soyware\cacaquest\sootquest.exe.ps1"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\atl.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
4032openfiles \C:\Windows\System32\openfiles.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Displays the current open files list
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openfiles.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4376"C:\WINDOWS\system32\mspaint.exe" "C:\Users\admin\Desktop\steeltrack.png"C:\Windows\System32\mspaint.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Paint
Exit code:
0
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\mspaint.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\acgenral.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4608"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass "C:\Users\admin\AppData\Local\Temp\soyware\cacaquest\sootquest.exe.ps1"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
28 848
Read events
28 741
Write events
105
Delete events
2

Modification events

(PID) Process:(6656) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(6656) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(6656) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6656) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\soyware.zip
(PID) Process:(6656) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6656) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6656) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6656) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6656) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6656) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
2
Suspicious files
14
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
6656WinRAR.exeC:\Users\admin\Desktopsoyware\cacaquest.zipcompressed
MD5:7C508AF33C346C05A8D9910B3823C280
SHA256:04BA57596AED7B45AF630114B9FB6513A4C2D777EB18DE5E43FFB132B05D9CE5
6656WinRAR.exeC:\Users\admin\Desktopsoyware\slotbird.zipcompressed
MD5:ACD5786AA28C4E54671405C14189CBE6
SHA256:9C444B8326E575783D1F4E702D4BCE80A1DE14B8B7DA65180118189CE59345F5
4780WinRAR.exeC:\Users\admin\AppData\Local\Temp\soyware\cacaquest.zipcompressed
MD5:7C508AF33C346C05A8D9910B3823C280
SHA256:04BA57596AED7B45AF630114B9FB6513A4C2D777EB18DE5E43FFB132B05D9CE5
4780WinRAR.exeC:\Users\admin\AppData\Local\Temp\soyware\slotbird.zipcompressed
MD5:ACD5786AA28C4E54671405C14189CBE6
SHA256:9C444B8326E575783D1F4E702D4BCE80A1DE14B8B7DA65180118189CE59345F5
1136WinRAR.exeC:\Users\admin\AppData\Local\Temp\soyware\slotbird\content.txtimage
MD5:98FEF7B54E593540AA6756515821BBDC
SHA256:D85986B14E7DC00096C60A91F50D0E94B744BCC997F2E372780C69D975EEA363
1136WinRAR.exeC:\Users\admin\AppData\Local\Temp\soyware\slotbird\Flappy Bird Remake (PC Ray-Tracing).runtimeconfig.jsonbinary
MD5:9FCDF880F73E74CF6347F8194B9F3509
SHA256:162D81F468BEC570EC15E527433F4DE5D5729FFE338AB79B22671F38760D34BD
1136WinRAR.exeC:\Users\admin\AppData\Local\Temp\soyware\slotbird\Flappy Bird Remake (PC Ray-Tracing).dllexecutable
MD5:B5AF2ECCD360576E7AE916F6BE8F3809
SHA256:681F36B1D7A2E7788FA299E7F29BBD0535907508F5B20EBDA087654B05D0B8B4
1136WinRAR.exeC:\Users\admin\AppData\Local\Temp\soyware\slotbird\Flappy Bird Remake (PC Ray-Tracing).deps.jsonbinary
MD5:5DA7CD3AF66DDEAEF5B660C260C8686B
SHA256:746F27953C7A013B1F5F9B03727E0F677FF8D3D97DC11D1036A5FC92E3D7EC5E
1136WinRAR.exeC:\Users\admin\AppData\Local\Temp\soyware\slotbird\Flappy Bird Remake (PC Ray-Tracing).exeexecutable
MD5:5C279BA73ED04749CFE0184B5B1A2AA4
SHA256:5A2200EE2FB5FC6A014264902DCF392EDE54075D6DF6C41F7AC61D971101867E
4608powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_tu0cmmkx.x1f.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
50
DNS requests
29
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4424
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3676
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
5560
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4132
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4548
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3952
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
5368
SearchApp.exe
131.253.33.254:443
a-ring-fallback.msedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
5368
SearchApp.exe
104.126.37.170:443
www.bing.com
Akamai International B.V.
DE
unknown
6012
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5464
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3568
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:137
whitelisted
2432
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 51.104.136.2
whitelisted
t-ring-fdv2.msedge.net
  • 13.107.237.254
unknown
a-ring-fallback.msedge.net
  • 131.253.33.254
unknown
www.bing.com
  • 104.126.37.170
  • 104.126.37.153
  • 104.126.37.130
  • 104.126.37.161
  • 104.126.37.145
  • 104.126.37.136
  • 104.126.37.139
  • 104.126.37.176
  • 104.126.37.154
  • 2.23.209.179
  • 2.23.209.133
  • 2.23.209.189
  • 2.23.209.140
  • 2.23.209.185
  • 2.23.209.187
  • 2.23.209.130
  • 2.23.209.149
  • 2.23.209.182
whitelisted
google.com
  • 142.250.185.110
whitelisted
fp-afd-nocache-ccp.azureedge.net
  • 13.107.246.45
whitelisted
login.live.com
  • 40.126.32.68
  • 40.126.32.74
  • 40.126.32.133
  • 40.126.32.138
  • 40.126.32.136
  • 40.126.32.134
  • 40.126.32.76
  • 20.190.160.17
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
fd.api.iris.microsoft.com
  • 20.199.58.43
whitelisted

Threats

No threats detected
Process
Message
Flappy Bird Remake (PC Ray-Tracing).exe
You must install .NET to run this application. App: C:\Users\admin\AppData\Local\Temp\soyware\slotbird\Flappy Bird Remake (PC Ray-Tracing).exe Architecture: x64 App host version: 8.0.7 .NET location: Not found Learn more: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_version=8.0.7
Flappy Bird Remake (PC Ray-Tracing).exe
You must install .NET to run this application. App: C:\Users\admin\AppData\Local\Temp\soyware\slotbird\Flappy Bird Remake (PC Ray-Tracing).exe Architecture: x64 App host version: 8.0.7 .NET location: Not found Learn more: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_version=8.0.7
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
soyware.zip