File name:

lossless scaling.zip

Full analysis: https://app.any.run/tasks/d4428e86-5ff3-4c1c-b040-8df3e2fbf2ae
Verdict: Malicious activity
Analysis date: January 17, 2025, 18:16:35
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=AES Encrypted
MD5:

2DD3C0C6AC9903807D110EC7ACE1F2EA

SHA1:

BE13125523D9975527DC4D594FD241219EF5D5D4

SHA256:

FFE94931D71252B44B916BE897368B4441CF277FF82F31EA11D9E32D3A26CDA8

SSDEEP:

98304:5he1i+u6eSHp8G2uj3R1MomiCP6d3ATOTY716/aLtszi3cnutvN4PaXfx2y4RpzK:S4aVEXxKk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes powershell execution policy (Bypass)

      • Lossless Scaling.exe (PID: 1020)
      • Lossless Scaling.exe (PID: 6596)
      • Lossless Scaling.exe (PID: 968)

    • Uses Task Scheduler to run other applications

      • powershell.exe (PID: 6156)
      • powershell.exe (PID: 6604)
      • powershell.exe (PID: 6152)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 6604)
      • powershell.exe (PID: 6152)
      • powershell.exe (PID: 6156)

  • SUSPICIOUS

    • The process executes Powershell scripts

      • Lossless Scaling.exe (PID: 1020)
      • Lossless Scaling.exe (PID: 6596)
      • Lossless Scaling.exe (PID: 968)

    • The process bypasses the loading of PowerShell profile settings

      • Lossless Scaling.exe (PID: 1020)
      • Lossless Scaling.exe (PID: 6596)
      • Lossless Scaling.exe (PID: 968)

    • Application launched itself

      • Lossless Scaling.exe (PID: 7068)
      • Lossless Scaling.exe (PID: 5308)
      • Lossless Scaling.exe (PID: 7124)

    • Starts POWERSHELL.EXE for commands execution

      • Lossless Scaling.exe (PID: 1020)
      • Lossless Scaling.exe (PID: 6596)
      • Lossless Scaling.exe (PID: 968)

    • Executable content was dropped or overwritten

      • Lossless Scaling.exe (PID: 7068)

    • The process verifies whether the antivirus software is installed

      • powershell.exe (PID: 6156)
      • powershell.exe (PID: 6152)

    • Likely accesses (executes) a file from the Public directory

      • schtasks.exe (PID: 3224)
      • powershell.exe (PID: 6604)
      • schtasks.exe (PID: 6744)
      • powershell.exe (PID: 6152)
      • schtasks.exe (PID: 6668)
      • powershell.exe (PID: 6156)

    • Gets path to any of the special folders (POWERSHELL)

      • powershell.exe (PID: 6156)

    • Reads security settings of Internet Explorer

      • Lossless Scaling.exe (PID: 5308)
      • Lossless Scaling.exe (PID: 1020)

  • INFO

    • The process uses the downloaded file

      • WinRAR.exe (PID: 6304)
      • powershell.exe (PID: 6156)
      • Lossless Scaling.exe (PID: 5308)
      • Lossless Scaling.exe (PID: 7124)
      • Lossless Scaling.exe (PID: 1020)

    • Reads the computer name

      • LosslessScaling.exe (PID: 5464)
      • LosslessScaling.exe (PID: 6300)
      • LosslessScaling.exe (PID: 1512)

    • Manual execution by a user

      • Lossless Scaling.exe (PID: 7068)
      • Lossless Scaling.exe (PID: 5308)
      • regedit.exe (PID: 4804)
      • regedit.exe (PID: 2224)
      • Lossless Scaling.exe (PID: 7124)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 6304)
      • Lossless Scaling.exe (PID: 7068)

    • Checks supported languages

      • Lossless Scaling.exe (PID: 7068)
      • Lossless Scaling.exe (PID: 1020)
      • LosslessScaling.exe (PID: 6300)
      • Lossless Scaling.exe (PID: 7124)
      • Lossless Scaling.exe (PID: 968)
      • LosslessScaling.exe (PID: 1512)
      • LosslessScaling.exe (PID: 5464)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6304)

    • Process checks computer location settings

      • Lossless Scaling.exe (PID: 7068)
      • Lossless Scaling.exe (PID: 7124)
      • Lossless Scaling.exe (PID: 968)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 6156)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 6156)

    • Reads the machine GUID from the registry

      • LosslessScaling.exe (PID: 5464)
      • LosslessScaling.exe (PID: 6300)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0009
ZipCompression: Unknown (99)
ZipModifyDate: 2025:01:08 06:05:34
ZipCRC: 0x00000000
ZipCompressedSize: 44
ZipUncompressedSize: 14
ZipFileName: password 123.txt
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
154
Monitored processes
22
Malicious processes
4
Suspicious processes
5

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs lossless scaling.exe lossless scaling.exe powershell.exe no specs conhost.exe no specs losslessscaling.exe no specs schtasks.exe no specs lossless scaling.exe no specs lossless scaling.exe powershell.exe no specs conhost.exe no specs losslessscaling.exe no specs schtasks.exe no specs regedit.exe no specs regedit.exe lossless scaling.exe no specs lossless scaling.exe powershell.exe no specs conhost.exe no specs losslessscaling.exe no specs schtasks.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
968"C:\Users\admin\Desktop\lossless scaling\Lossless Scaling.exe" C:\Users\admin\Desktop\lossless scaling\Lossless Scaling.exe
Lossless Scaling.exe
User:
admin
Company:
Lossless Scaling
Integrity Level:
HIGH
Description:
Lossless Scaling
Exit code:
0
Version:
1.2.3.3
Modules
Images
c:\users\admin\desktop\lossless scaling\lossless scaling.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
1020"C:\Users\admin\Desktop\lossless scaling\Lossless Scaling.exe" C:\Users\admin\Desktop\lossless scaling\Lossless Scaling.exe
Lossless Scaling.exe
User:
admin
Company:
Lossless Scaling
Integrity Level:
HIGH
Description:
Lossless Scaling
Exit code:
0
Version:
1.2.3.3
Modules
Images
c:\users\admin\desktop\lossless scaling\lossless scaling.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
1512"C:\Users\admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe" C:\Users\admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exeLossless Scaling.exe
User:
admin
Company:
THS
Integrity Level:
HIGH
Description:
Lossless Scaling
Version:
2.12.0.0
Modules
Images
c:\users\admin\desktop\lossless scaling\language\uk-ua\losslessscaling.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2224"regedit.exe" "C:\Users\admin\Desktop\lossless scaling\Registration ('Crack')\Double-click, confirm to merge, done.reg"C:\Windows\regedit.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Editor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\regedit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\gdi32.dll
3224"C:\WINDOWS\system32\schtasks.exe" /create /tn administartor /sc minute /mo 2 /tr C:\Users\Public\IObitUnlocker\Loader.vbs /rl HIGHESTC:\Windows\SysWOW64\schtasks.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
4804"regedit.exe" "C:\Users\admin\Desktop\lossless scaling\Registration ('Crack')\Double-click, confirm to merge, done.reg"C:\Windows\regedit.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Editor
Exit code:
3221226540
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\regedit.exe
c:\windows\system32\ntdll.dll
5308"C:\Users\admin\Desktop\lossless scaling\Lossless Scaling.exe" C:\Users\admin\Desktop\lossless scaling\Lossless Scaling.exeexplorer.exe
User:
admin
Company:
Lossless Scaling
Integrity Level:
MEDIUM
Description:
Lossless Scaling
Exit code:
0
Version:
1.2.3.3
Modules
Images
c:\users\admin\desktop\lossless scaling\lossless scaling.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
5404\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5464"C:\Users\admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exe" C:\Users\admin\Desktop\lossless scaling\language\uk-UA\LosslessScaling.exeLossless Scaling.exe
User:
admin
Company:
THS
Integrity Level:
HIGH
Description:
Lossless Scaling
Exit code:
0
Version:
2.12.0.0
Modules
Images
c:\users\admin\desktop\lossless scaling\language\uk-ua\losslessscaling.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
6152"powershell.exe" -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Public\IObitUnlocker\hiberfil.ps1"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLossless Scaling.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
21 003
Read events
20 962
Write events
28
Delete events
13

Modification events

(PID) Process:(6304) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6304) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6304) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6304) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\lossless scaling.zip
(PID) Process:(6304) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6304) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6304) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6304) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6304) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:15
Value:
(PID) Process:(6304) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:14
Value:
Executable files
29
Suspicious files
3
Text files
19
Unknown types
0

Dropped files

PID
Process
Filename
Type
6304WinRAR.exeC:\Users\admin\Desktop\lossless scaling\language\en-US\hiberfil.systext
MD5:5930DA51E25548966F2ECDC534A31D33
SHA256:B712A2D728EC27CF9CBFDC2CC1DA287B714D0F1BABE1BC9531518B070B48DFB1
6304WinRAR.exeC:\Users\admin\Desktop\password 123.txttext
MD5:A244234F5CA1DCC37D963D376440350F
SHA256:81B78580C045F333AB66ADC76B42B27613D65CFBE3528DADA98F5AE9C0258609
6304WinRAR.exeC:\Users\admin\Desktop\lossless scaling\language\diagerr.xmlcsv
MD5:25B86B2AB956DE39EC02EB0697599100
SHA256:507DBD9E93D64DC201894839A2E61A3CC5584696D2C35531A8F5A689AF4C582C
6304WinRAR.exeC:\Users\admin\Desktop\lossless scaling\language\en-US\RAR.exeexecutable
MD5:D3E9F98155C0FAAB869CCC74FB5E8A1E
SHA256:3E0FDB5C40336482DACEF3496116053D7772A51720900141B3C6F35C6E9B351B
6304WinRAR.exeC:\Users\admin\Desktop\lossless scaling\language\en-US\diagerr.xmlcsv
MD5:D81308249D1F667CC584FECA22AD3D9F
SHA256:353E9746747A49477F31264D9AB9EECCB237913F431B12958FD946D5E8193546
6304WinRAR.exeC:\Users\admin\Desktop\lossless scaling\language\uk-UA\bg\LosslessScaling.resources.dllexecutable
MD5:82DEB57274920AD713665B7ECDD1F1B4
SHA256:2B62DF6F0D46492562A7F2CB04E45C429E09FCBE76FB2FAF7E275CBE29101CA3
6304WinRAR.exeC:\Users\admin\Desktop\lossless scaling\language\uk-UA\ar\LosslessScaling.resources.dllexecutable
MD5:ED6F1B887ABD06C83ECB9C6AD4B6DDAE
SHA256:E078D3FE1E5C3EF3AE5A22DA414B33D29C3AE335397FD699A35F0B767E20AB29
6304WinRAR.exeC:\Users\admin\Desktop\lossless scaling\language\uk-UA\hr\LosslessScaling.resources.dllexecutable
MD5:BA84B335D4991EE1C52A6BF85E1A2FA5
SHA256:F0658C57595B27E93FFE8D797172EB9931E4F3407B9B9F0D1ABDA112D6921453
6304WinRAR.exeC:\Users\admin\Desktop\lossless scaling\language\uk-UA\Licenses.txttext
MD5:F803D675B73460ADF21F4FBC31D8D5D8
SHA256:2696AAB3218D13E02EA6541F14F77CFC6412C4F065DB04DAFBE4ED11673931DD
6304WinRAR.exeC:\Users\admin\Desktop\lossless scaling\language\uk-UA\fr\LosslessScaling.resources.dllexecutable
MD5:39E11BAAAB6237BA61EB5E8B7A19A4FE
SHA256:FE406BBC2BBDD8039876AD12EC946D46CAC386A1EC9C73F40BCEBB414EA55881
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
32
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.145:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.145:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6356
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
4672
SIHClient.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4672
SIHClient.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
900
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.145:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.145:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
92.123.104.31:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.48.23.145
  • 23.48.23.161
  • 23.48.23.146
  • 23.48.23.164
  • 23.48.23.158
  • 23.48.23.162
  • 23.48.23.147
  • 23.48.23.141
  • 23.48.23.150
whitelisted
www.microsoft.com
  • 69.192.161.161
whitelisted
google.com
  • 142.250.184.206
whitelisted
www.bing.com
  • 92.123.104.31
  • 92.123.104.29
  • 92.123.104.37
  • 92.123.104.33
  • 92.123.104.26
  • 92.123.104.38
  • 92.123.104.32
  • 92.123.104.47
  • 92.123.104.36
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
login.live.com
  • 20.190.160.17
  • 40.126.32.74
  • 20.190.160.14
  • 40.126.32.134
  • 40.126.32.138
  • 40.126.32.133
  • 40.126.32.136
  • 40.126.32.68
whitelisted
go.microsoft.com
  • 23.52.181.141
whitelisted
arc.msn.com
  • 20.31.169.57
whitelisted
fd.api.iris.microsoft.com
  • 20.74.47.205
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
lossless scaling.zip