File name:

Extreme Injector v3.exe

Full analysis: https://app.any.run/tasks/3acedcda-92b3-4e8b-a952-449c3faa1b16
Verdict: Malicious activity
Analysis date: July 29, 2024, 17:30:53
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

83ECD4BAB9BB1A0B4E9757F153AB4489

SHA1:

C2FF38BAEF536C3EF14A6A3D0CE4C7DCEEDD58CF

SHA256:

07A83088D332CBA906D52526979BB0D285EE93A488D337EBD040F17FD11B99A6

SSDEEP:

98304:TBgnTDT0s+HC4UwA+F2MeQLTKoChDNTAW+LLk7KNyaeR23tBy1WUvxETfJLehDkO:gWM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Extreme Injector v3.exe (PID: 6440)
      • Project.exe (PID: 6652)

    • Scans artifacts that could help determine the target

      • Project1.exe (PID: 3196)
      • Project1.exe (PID: 4188)
      • Project1.exe (PID: 6776)
      • Project1.exe (PID: 4016)
      • Project1.exe (PID: 6952)
      • Project1.exe (PID: 2492)
      • Project1.exe (PID: 4632)
      • Project1.exe (PID: 4988)
      • Project1.exe (PID: 2492)
      • Project1.exe (PID: 720)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • Extreme Injector v3.exe (PID: 6440)
      • Project.exe (PID: 6652)
      • Extreme Injector v3.exe (PID: 6396)
      • Project.exe (PID: 3392)
      • Project.exe (PID: 4476)
      • Extreme Injector v3.exe (PID: 1324)
      • Extreme Injector v3.exe (PID: 6036)
      • Project.exe (PID: 7004)
      • Extreme Injector v3.exe (PID: 7036)
      • Project.exe (PID: 1028)
      • Extreme Injector v3.exe (PID: 3488)
      • Extreme Injector v3.exe (PID: 3336)
      • Project.exe (PID: 4988)
      • Project.exe (PID: 4192)
      • Extreme Injector v3.exe (PID: 884)
      • Extreme Injector v3.exe (PID: 3848)
      • Project.exe (PID: 1112)
      • Project.exe (PID: 7040)
      • Project.exe (PID: 3568)
      • Extreme Injector v3.exe (PID: 6728)
      • Extreme Injector v3.exe (PID: 888)
      • Project.exe (PID: 6420)

    • Reads security settings of Internet Explorer

      • Extreme Injector v3.exe (PID: 6440)
      • Project.exe (PID: 6652)
      • Extreme Injector v3.exe (PID: 6396)
      • Project1.exe (PID: 3196)
      • Project1.exe (PID: 4188)
      • Project.exe (PID: 3392)
      • Extreme Injector v3.exe (PID: 1324)
      • Project.exe (PID: 4476)
      • Project1.exe (PID: 6776)
      • Extreme Injector v3.exe (PID: 6036)
      • Extreme Injector v3.exe (PID: 7036)
      • Project.exe (PID: 7004)
      • Project1.exe (PID: 4016)
      • Project.exe (PID: 1028)
      • Project1.exe (PID: 6952)
      • Extreme Injector v3.exe (PID: 3488)
      • Project1.exe (PID: 2492)
      • Extreme Injector v3.exe (PID: 3336)
      • Project.exe (PID: 4988)
      • Project1.exe (PID: 4632)
      • Project.exe (PID: 4192)
      • Project.exe (PID: 1112)
      • Extreme Injector v3.exe (PID: 884)
      • Extreme Injector v3.exe (PID: 3848)
      • Project1.exe (PID: 4988)
      • Project.exe (PID: 7040)
      • Project1.exe (PID: 2492)
      • Project.exe (PID: 3568)
      • Extreme Injector v3.exe (PID: 6728)
      • Extreme Injector v3.exe (PID: 888)
      • Project1.exe (PID: 720)
      • Project.exe (PID: 6420)
      • Project1.exe (PID: 6668)

    • Application launched itself

      • Extreme Injector v3.exe (PID: 6440)
      • Extreme Injector v3.exe (PID: 6396)
      • Extreme Injector v3.exe (PID: 1324)
      • Extreme Injector v3.exe (PID: 6036)
      • Extreme Injector v3.exe (PID: 7036)
      • Extreme Injector v3.exe (PID: 3488)
      • Extreme Injector v3.exe (PID: 3336)
      • Extreme Injector v3.exe (PID: 884)
      • Extreme Injector v3.exe (PID: 3848)
      • Extreme Injector v3.exe (PID: 6728)
      • Extreme Injector v3.exe (PID: 3332)
      • Extreme Injector v3.exe (PID: 3900)
      • Extreme Injector v3.exe (PID: 1388)
      • Extreme Injector v3.exe (PID: 4788)
      • Extreme Injector v3.exe (PID: 6804)
      • Extreme Injector v3.exe (PID: 888)
      • Extreme Injector v3.exe (PID: 6656)
      • Extreme Injector v3.exe (PID: 4436)
      • Extreme Injector v3.exe (PID: 7300)
      • Extreme Injector v3.exe (PID: 7540)
      • Extreme Injector v3.exe (PID: 1388)
      • Extreme Injector v3.exe (PID: 6468)
      • Extreme Injector v3.exe (PID: 1324)
      • Extreme Injector v3.exe (PID: 4788)
      • Extreme Injector v3.exe (PID: 2472)
      • Extreme Injector v3.exe (PID: 6124)
      • Extreme Injector v3.exe (PID: 7792)

    • Executable content was dropped or overwritten

      • Project.exe (PID: 6652)
      • Extreme Injector v3.exe (PID: 6440)

    • Checks Windows Trust Settings

      • Project1.exe (PID: 3196)
      • Project1.exe (PID: 4188)
      • Project1.exe (PID: 6776)
      • Project1.exe (PID: 4016)
      • Project1.exe (PID: 6952)
      • Project1.exe (PID: 2492)
      • Project1.exe (PID: 4632)
      • Project1.exe (PID: 4988)
      • Project1.exe (PID: 2492)
      • Project1.exe (PID: 720)

  • INFO

    • Reads the machine GUID from the registry

      • Extreme Injector v3.exe (PID: 6440)
      • Project1.exe (PID: 3196)
      • Extreme Injector v3.exe (PID: 6396)
      • Project1.exe (PID: 4188)
      • Extreme Injector v3.exe (PID: 1324)
      • Project1.exe (PID: 6776)
      • Extreme Injector v3.exe (PID: 6036)
      • Project1.exe (PID: 4016)
      • Extreme Injector v3.exe (PID: 7036)
      • Project1.exe (PID: 6952)
      • Extreme Injector v3.exe (PID: 3488)
      • Extreme Injector v3.exe (PID: 3336)
      • Project1.exe (PID: 2492)
      • Project1.exe (PID: 4632)
      • Extreme Injector v3.exe (PID: 884)
      • Project1.exe (PID: 4988)
      • Extreme Injector v3.exe (PID: 3848)
      • Project1.exe (PID: 2492)
      • Extreme Injector v3.exe (PID: 6728)
      • Extreme Injector v3.exe (PID: 888)
      • Project1.exe (PID: 720)

    • Checks supported languages

      • Project1.exe (PID: 3196)
      • Project.exe (PID: 6652)
      • Extreme Injector v3.exe (PID: 6440)
      • Extreme Injector v3.exe (PID: 6396)
      • Project.exe (PID: 3392)
      • Extreme Injector v3.exe (PID: 1324)
      • Project1.exe (PID: 4188)
      • Extreme Injector v3.exe (PID: 6036)
      • Project.exe (PID: 4476)
      • Project1.exe (PID: 6776)
      • Extreme Injector v3.exe (PID: 7036)
      • Project.exe (PID: 7004)
      • Project1.exe (PID: 4016)
      • Project.exe (PID: 1028)
      • Extreme Injector v3.exe (PID: 3488)
      • Project1.exe (PID: 6952)
      • Project.exe (PID: 4988)
      • Project.exe (PID: 4192)
      • Extreme Injector v3.exe (PID: 3336)
      • Project1.exe (PID: 2492)
      • Project1.exe (PID: 4632)
      • Extreme Injector v3.exe (PID: 884)
      • Extreme Injector v3.exe (PID: 3848)
      • Project.exe (PID: 1112)
      • Project1.exe (PID: 4988)
      • Project1.exe (PID: 2492)
      • Project.exe (PID: 7040)
      • Extreme Injector v3.exe (PID: 6728)
      • Project.exe (PID: 3568)
      • Extreme Injector v3.exe (PID: 888)
      • Project.exe (PID: 6420)
      • Project1.exe (PID: 720)
      • Extreme Injector v3.exe (PID: 3332)
      • Project1.exe (PID: 6668)

    • Create files in a temporary directory

      • Extreme Injector v3.exe (PID: 6440)
      • Project.exe (PID: 6652)
      • Extreme Injector v3.exe (PID: 6396)
      • Project.exe (PID: 3392)
      • Project.exe (PID: 4476)
      • Extreme Injector v3.exe (PID: 1324)
      • Extreme Injector v3.exe (PID: 6036)
      • Project.exe (PID: 7004)
      • Extreme Injector v3.exe (PID: 7036)
      • Project.exe (PID: 1028)
      • Extreme Injector v3.exe (PID: 3488)
      • Extreme Injector v3.exe (PID: 3336)
      • Project.exe (PID: 4988)
      • Project.exe (PID: 4192)
      • Project.exe (PID: 1112)
      • Extreme Injector v3.exe (PID: 884)
      • Extreme Injector v3.exe (PID: 3848)
      • Project.exe (PID: 7040)
      • Project.exe (PID: 3568)
      • Extreme Injector v3.exe (PID: 6728)
      • Extreme Injector v3.exe (PID: 888)
      • Project.exe (PID: 6420)

    • Reads the computer name

      • Extreme Injector v3.exe (PID: 6396)
      • Extreme Injector v3.exe (PID: 6440)
      • Project.exe (PID: 6652)
      • Project.exe (PID: 3392)
      • Project1.exe (PID: 3196)
      • Project1.exe (PID: 4188)
      • Extreme Injector v3.exe (PID: 1324)
      • Extreme Injector v3.exe (PID: 6036)
      • Project.exe (PID: 4476)
      • Project1.exe (PID: 6776)
      • Extreme Injector v3.exe (PID: 7036)
      • Project.exe (PID: 7004)
      • Project1.exe (PID: 4016)
      • Project.exe (PID: 1028)
      • Extreme Injector v3.exe (PID: 3488)
      • Project1.exe (PID: 6952)
      • Project1.exe (PID: 2492)
      • Extreme Injector v3.exe (PID: 3336)
      • Project.exe (PID: 4988)
      • Extreme Injector v3.exe (PID: 884)
      • Project.exe (PID: 4192)
      • Project1.exe (PID: 4632)
      • Extreme Injector v3.exe (PID: 3848)
      • Project.exe (PID: 1112)
      • Project1.exe (PID: 4988)
      • Project1.exe (PID: 2492)
      • Extreme Injector v3.exe (PID: 6728)
      • Project.exe (PID: 7040)
      • Project.exe (PID: 3568)
      • Extreme Injector v3.exe (PID: 888)
      • Project1.exe (PID: 720)
      • Project.exe (PID: 6420)
      • Extreme Injector v3.exe (PID: 3332)

    • Process checks computer location settings

      • Extreme Injector v3.exe (PID: 6440)
      • Project.exe (PID: 6652)
      • Extreme Injector v3.exe (PID: 6396)
      • Project.exe (PID: 3392)
      • Project.exe (PID: 4476)
      • Extreme Injector v3.exe (PID: 1324)
      • Extreme Injector v3.exe (PID: 6036)
      • Extreme Injector v3.exe (PID: 7036)
      • Project.exe (PID: 7004)
      • Project.exe (PID: 1028)
      • Extreme Injector v3.exe (PID: 3488)
      • Extreme Injector v3.exe (PID: 3336)
      • Project.exe (PID: 4988)
      • Project.exe (PID: 4192)
      • Extreme Injector v3.exe (PID: 884)
      • Extreme Injector v3.exe (PID: 3848)
      • Project.exe (PID: 1112)
      • Project.exe (PID: 7040)
      • Extreme Injector v3.exe (PID: 6728)
      • Project.exe (PID: 3568)
      • Extreme Injector v3.exe (PID: 888)
      • Project.exe (PID: 6420)

    • Checks proxy server information

      • Project1.exe (PID: 3196)
      • Project1.exe (PID: 4188)
      • Project1.exe (PID: 6776)
      • Project1.exe (PID: 4016)
      • Project1.exe (PID: 6952)
      • Project1.exe (PID: 2492)
      • Project1.exe (PID: 4632)
      • Project1.exe (PID: 4988)
      • Project1.exe (PID: 2492)
      • Project1.exe (PID: 720)

    • Reads the software policy settings

      • Project1.exe (PID: 3196)
      • Project1.exe (PID: 4188)
      • Project1.exe (PID: 6776)
      • Project1.exe (PID: 4016)
      • Project1.exe (PID: 6952)
      • Project1.exe (PID: 2492)
      • Project1.exe (PID: 4632)
      • Project1.exe (PID: 720)
      • Project1.exe (PID: 2492)

    • Creates files or folders in the user directory

      • Project1.exe (PID: 3196)
      • Project1.exe (PID: 4188)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (63.1)
.exe | Win64 Executable (generic) (23.8)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)
.exe | Generic Win/DOS Executable (1.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:07:14 15:03:22+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 11
CodeSize: 1752064
InitializedDataSize: 17408
UninitializedDataSize: -
EntryPoint: 0x1adb9e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileDescription:
FileVersion: 1.0.0.0
InternalName: XBinderOutput.exe
LegalCopyright:
OriginalFileName: XBinderOutput.exe
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
254
Monitored processes
110
Malicious processes
3
Suspicious processes
13

Behavior graph

Click at the process to see the details
start extreme injector v3.exe project.exe extreme injector v3.exe no specs project1.exe conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe conhost.exe no specs slui.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs project.exe no specs extreme injector v3.exe no specs project1.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
132"C:\Users\admin\AppData\Local\Temp\Project.exe" C:\Users\admin\AppData\Local\Temp\Project.exeExtreme Injector v3.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
10
132"C:\Users\admin\AppData\Local\Temp\Project.exe" C:\Users\admin\AppData\Local\Temp\Project.exeExtreme Injector v3.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
10
464\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeProject1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
720"C:\Users\admin\AppData\Local\Temp\chainportComponentsavesCrt\Project1.exe" C:\Users\admin\AppData\Local\Temp\chainportComponentsavesCrt\Project1.exe
Project.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\chainportcomponentsavescrt\project1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
884\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeProject1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
884"C:\Users\admin\AppData\Local\Temp\Extreme Injector v3.exe" C:\Users\admin\AppData\Local\Temp\Extreme Injector v3.exeExtreme Injector v3.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\extreme injector v3.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
888"C:\Users\admin\AppData\Local\Temp\Extreme Injector v3.exe" C:\Users\admin\AppData\Local\Temp\Extreme Injector v3.exeExtreme Injector v3.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\extreme injector v3.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
888"C:\Users\admin\AppData\Local\Temp\chainportComponentsavesCrt\Project1.exe" C:\Users\admin\AppData\Local\Temp\chainportComponentsavesCrt\Project1.exeProject.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
1028"C:\Users\admin\AppData\Local\Temp\Project.exe" C:\Users\admin\AppData\Local\Temp\Project.exeExtreme Injector v3.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
10
Modules
Images
c:\users\admin\appdata\local\temp\project.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1028\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeProject1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
104 191
Read events
103 905
Write events
286
Delete events
0

Modification events

(PID) Process:(6440) Extreme Injector v3.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6440) Extreme Injector v3.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6440) Extreme Injector v3.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6440) Extreme Injector v3.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6652) Project.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6652) Project.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6652) Project.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6652) Project.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3196) Project1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3196) Project1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
2
Suspicious files
7
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
6440Extreme Injector v3.exeC:\Users\admin\AppData\Local\Temp\Project.exeexecutable
MD5:F8A4E70DDDD5A0C2ED59F271C2AD7DA8
SHA256:97241776E7DEF6D35A3A0B7E6D267E93ED5F5C07FD3345830696A993C5A6EBAB
6652Project.exeC:\Users\admin\AppData\Local\Temp\chainportComponentsavesCrt\Project1.pdbbinary
MD5:FBF89ED0E5441BE2315A953A61066869
SHA256:1243738D243555277627CAEACF860BBA56AC9E81A451D6676EE711E54E93AB25
3196Project1.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90binary
MD5:9DF344AD5E61886FF5430D939DD1186D
SHA256:687CFF135AD9C4C6A4E979A274E2621549D4D1D3F02199ACB364371A76DB5615
3196Project1.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25binary
MD5:F0C85321E0EAB9F2A8331E88D2F2FD70
SHA256:A8FFD1502C89D4C3DF41C7F32A21801F643D759A77C91B00E0E343DCDC458A23
6652Project.exeC:\Users\admin\AppData\Local\Temp\chainportComponentsavesCrt\Project1.exeexecutable
MD5:5317B875360771D670BEEE3D99CB9488
SHA256:382323C7A2AE1FB1E1CF3C75B618700F2C5751C2BF3CC536841B21DFC2EA5938
3196Project1.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25binary
MD5:488D9AD1A622611F96689BF476726117
SHA256:360B99030FFD8AF7BC6FD964AACC04ED4CDE909BF08B704144E67E82E537059C
3196Project1.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90binary
MD5:8C034D7DC1F126542B88B3AB2E0A33AC
SHA256:341BB7578990F367A06A81ED37DDF84DF1CEF502B6FD537B0A644E614C936DCA
4188Project1.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5Cbinary
MD5:6A3D85BE685BE436622840405107531A
SHA256:5A8620CADC108A6613FF0A6D54A1F4C73060CF128178358B1A39BC14AEF137A3
4188Project1.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5Cbinary
MD5:15845D3AC46769451E20C9ECE0C80F62
SHA256:3EA9BAADD3CCCD132D5D231FC63284276A13F52EBC9D269BB21C564AE4369AC6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
62
DNS requests
36
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3196
Project1.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEFZnHQTqT5lMbxCBR1nSdZQ%3D
unknown
whitelisted
3196
Project1.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPlNxcMEqnlIVyH5VuZ4lawhZX3QQU9oUKOxGG4QR9DqoLLNLuzGR7e64CEE4o94a2bBo7lCzSxA63QqU%3D
unknown
whitelisted
4188
Project1.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPlNxcMEqnlIVyH5VuZ4lawhZX3QQU9oUKOxGG4QR9DqoLLNLuzGR7e64CEE4o94a2bBo7lCzSxA63QqU%3D
unknown
whitelisted
5368
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4424
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3196
Project1.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCEQDzZE5rbgBQI34JRr174fUd
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
3676
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2856
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
whitelisted
3976
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2472
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6012
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5368
SearchApp.exe
131.253.33.254:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
5368
SearchApp.exe
95.100.146.33:443
th.bing.com
Akamai International B.V.
CZ
unknown
3952
svchost.exe
239.255.255.250:1900
whitelisted
2432
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3196
Project1.exe
140.82.121.4:443
github.com
GITHUB
US
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.174
whitelisted
github.com
  • 140.82.121.4
shared
ocsp.comodoca.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.usertrust.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.sectigo.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
fp-afd-nocache-ccp.azureedge.net
  • 13.107.246.60
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.75
  • 40.126.31.69
  • 20.190.159.0
  • 20.190.159.4
  • 20.190.159.68
  • 40.126.31.71
  • 20.190.159.73
  • 20.190.159.64
whitelisted
fd.api.iris.microsoft.com
  • 20.223.36.55
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Extreme Injector v3.exe