Malware analysis XB36Hazards Launcher.exe Malicious activity

Add for printing

File name:	XB36Hazards Launcher.exe
Full analysis:	https://app.any.run/tasks/0c19e503-de26-496c-8184-fc584be13789
Verdict:	Malicious activity
Analysis date:	June 28, 2024, 04:11:28
OS:	Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:	D7FA5514B7DB10A7E7B6241747D59694
SHA1:	C09D7316A52E63577D9819BFE699BF25EFD073AE
SHA256:	31D054B969F3A7824714CB7A9D346B2758E17EB556D8DDE49DD00E6D2A94C232
SSDEEP:	98304:fRlrxS1ngLfwQH9faVuskghQ+F4Cj5k+biapSEYhxISDfnH63g1+D7m6Z7mnL:fRVxEnhe9izkEQXCj5z8p6wCm6ZqL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - XB36Hazards Launcher.exe (PID: 2452)
SUSPICIOUS
- Searches for installed software
  - XB36Hazards Launcher.exe (PID: 2452)
- Executable content was dropped or overwritten
  - XB36Hazards Launcher.exe (PID: 2452)
- Creates a software uninstall entry
  - XB36Hazards Launcher.exe (PID: 2452)
- Reads security settings of Internet Explorer
  - XB36Hazards Launcher.exe (PID: 2452)
- Reads the date of Windows installation
  - XB36Hazards Launcher.exe (PID: 2452)
INFO
- Checks supported languages
  - XB36Hazards Launcher.exe (PID: 2452)
  - GTA V Save Editor.exe (PID: 4628)
  - GTA V Save Editor.exe (PID: 3108)
- Reads the computer name
  - XB36Hazards Launcher.exe (PID: 2452)
  - GTA V Save Editor.exe (PID: 4628)
  - GTA V Save Editor.exe (PID: 3108)
- Reads the machine GUID from the registry
  - XB36Hazards Launcher.exe (PID: 2452)
  - GTA V Save Editor.exe (PID: 4628)
  - GTA V Save Editor.exe (PID: 3108)
- Disables trace logs
  - XB36Hazards Launcher.exe (PID: 2452)
- Checks proxy server information
  - XB36Hazards Launcher.exe (PID: 2452)
- Creates files or folders in the user directory
  - XB36Hazards Launcher.exe (PID: 2452)
- Creates files in the program directory
  - XB36Hazards Launcher.exe (PID: 2452)
- Reads the software policy settings
  - XB36Hazards Launcher.exe (PID: 2452)
- Create files in a temporary directory
  - XB36Hazards Launcher.exe (PID: 2452)
- Manual execution by a user
  - GTA V Save Editor.exe (PID: 4628)
- Process checks computer location settings
  - XB36Hazards Launcher.exe (PID: 2452)
- Reads Environment values
  - XB36Hazards Launcher.exe (PID: 2452)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Generic CIL Executable (.NET, Mono, etc.) (56.7)
.exe	\|	Win64 Executable (generic) (21.3)
.scr	\|	Windows screen saver (10.1)
.dll	\|	Win32 Dynamic Link Library (generic) (5)
.exe	\|	Win32 Executable (generic) (3.4)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2022:05:11 06:11:36+00:00
ImageFileCharacteristics:	Executable, No line numbers, No symbols, Large address aware
PEType:	PE32
LinkerVersion:	80
CodeSize:	4671488
InitializedDataSize:	4724224
UninitializedDataSize:	-
EntryPoint:	0x47662e
OSVersion:	4
ImageVersion:	-
SubsystemVersion:	4
Subsystem:	Windows GUI
FileVersionNumber:	4.0.0.0
ProductVersionNumber:	4.0.0.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	XB36Hazard's Launcher
CompanyName:	XB36Hazard
FileDescription:	XB36Hazard's Launcher
FileVersion:	4.0.0.0
InternalName:	XB36Hazards Launcher.exe
LegalCopyright:	Copyright © XB36Hazard 2022
LegalTrademarks:	XB36Hazard
OriginalFileName:	XB36Hazards Launcher.exe
ProductName:	XB36Hazard's Launcher
ProductVersion:	4.0.0.0
AssemblyVersion:	4.0.0.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

138

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

2452

"C:\Users\admin\AppData\Local\Temp\XB36Hazards Launcher.exe"

C:\Users\admin\AppData\Local\Temp\XB36Hazards Launcher.exe

explorer.exe

User:

admin

Company:

XB36Hazard

Integrity Level:

HIGH

Description:

XB36Hazard's Launcher

Version:

4.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\xb36hazards launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll

3108

"C:\Program Files (x86)\XB36Hazard\GTA V Save Editor\GTA V Save Editor.exe"

C:\Program Files (x86)\XB36Hazard\GTA V Save Editor\GTA V Save Editor.exe

—

XB36Hazards Launcher.exe

User:

admin

Company:

XB36Hazard

Integrity Level:

HIGH

Description:

GTA V Save Editor

Exit code:

4294967295

Version:

5.7.0.0

Modules

Images
c:\program files (x86)\xb36hazard\gta v save editor\gta v save editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

3720

"C:\Users\admin\AppData\Local\Temp\XB36Hazards Launcher.exe"

C:\Users\admin\AppData\Local\Temp\XB36Hazards Launcher.exe

—

explorer.exe

User:

admin

Company:

XB36Hazard

Integrity Level:

MEDIUM

Description:

XB36Hazard's Launcher

Exit code:

3221226540

Version:

4.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\xb36hazards launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll

4628

"C:\Program Files (x86)\XB36Hazard\GTA V Save Editor\GTA V Save Editor.exe"

C:\Program Files (x86)\XB36Hazard\GTA V Save Editor\GTA V Save Editor.exe

—

explorer.exe

User:

admin

Company:

XB36Hazard

Integrity Level:

MEDIUM

Description:

GTA V Save Editor

Exit code:

4294967295

Version:

5.7.0.0

Modules

Images
c:\program files (x86)\xb36hazard\gta v save editor\gta v save editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

7 075

Read events

7 041

Write events

Delete events

Modification events


(PID) Process:	(2452) XB36Hazards Launcher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
Operation:	write	Name:	EnableConsoleTracing
Value: 0
(PID) Process:	(2452) XB36Hazards Launcher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XB36Hazards Launcher_RASAPI32
Operation:	write	Name:	EnableFileTracing
Value: 0
(PID) Process:	(2452) XB36Hazards Launcher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XB36Hazards Launcher_RASAPI32
Operation:	write	Name:	EnableAutoFileTracing
Value: 0
(PID) Process:	(2452) XB36Hazards Launcher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XB36Hazards Launcher_RASAPI32
Operation:	write	Name:	EnableConsoleTracing
Value: 0
(PID) Process:	(2452) XB36Hazards Launcher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XB36Hazards Launcher_RASAPI32
Operation:	write	Name:	FileTracingMask
Value:
(PID) Process:	(2452) XB36Hazards Launcher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XB36Hazards Launcher_RASAPI32
Operation:	write	Name:	ConsoleTracingMask
Value:
(PID) Process:	(2452) XB36Hazards Launcher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XB36Hazards Launcher_RASAPI32
Operation:	write	Name:	MaxFileSize
Value: 1048576
(PID) Process:	(2452) XB36Hazards Launcher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XB36Hazards Launcher_RASAPI32
Operation:	write	Name:	FileDirectory
Value: %windir%\tracing
(PID) Process:	(2452) XB36Hazards Launcher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XB36Hazards Launcher_RASMANCS
Operation:	write	Name:	EnableFileTracing
Value: 0
(PID) Process:	(2452) XB36Hazards Launcher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XB36Hazards Launcher_RASMANCS
Operation:	write	Name:	EnableAutoFileTracing
Value: 0

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2452	XB36Hazards Launcher.exe	C:\Users\admin\AppData\Local\XB36Hazard\Launcher\450CF255088DFEDBEFE08C27718784EC07A54D47.XIF		—
		MD5:—	SHA256:—
2452	XB36Hazards Launcher.exe	C:\Users\admin\AppData\Local\Temp\tmp40F0.tmp		—
		MD5:—	SHA256:—
2452	XB36Hazards Launcher.exe	C:\Program Files (x86)\XB36Hazard\GTA V Save Editor\GTA V Save Editor.Ico		image
		MD5:18BBDF1700D1D894B51FAA0D476FD2FB	SHA256:9E8CE5BA677AA3FCF555DC8ABE672EC6366E3F11721E843FDDCAC11E74C08D42
4628	GTA V Save Editor.exe	C:\Users\admin\Documents\XB36Hazard\Logs\GTAV\6-28-2024 4.12.21 AM.LOG.txt		text
		MD5:D89D1D2548A469D98C3DA0F4A559208B	SHA256:55D11E68DF706DBE72C937B9BAA116F561992BBEB72E43C27C21F537FD048E68
2452	XB36Hazards Launcher.exe	C:\Users\admin\Desktop\GTA V Save Editor.lnk		lnk
		MD5:B0B51E605E70F85C4BDA601BFF43655C	SHA256:C35145F96F6907EDB55C5FB431BA417CDE13459A58C31569A8BA414EA0E35618
2452	XB36Hazards Launcher.exe	C:\Program Files (x86)\XB36Hazard\GTA V Save Editor\uninstall.exe		executable
		MD5:B6E8D92C45D78B531C585D143DA08697	SHA256:BF2C67918EADE9ABA6247E0E8789C68E526E02FC4D3DFC516A9734C085961848
2452	XB36Hazards Launcher.exe	C:\Program Files (x86)\XB36Hazard\GTA V Save Editor\uninstall.txt		text
		MD5:9013A5E9A3C12B5ADAFDB1881A507BF5	SHA256:6916114DCA9AB64A9C2D10FD6DD0954AF66247C91BCEB698541B04AFC9D16B57
2452	XB36Hazards Launcher.exe	C:\Users\admin\AppData\Local\Temp\tmpA9C.tmp		binary
		MD5:55A54008AD1BA589AA210D2629C1DF41	SHA256:4BF5122F344554C53BDE2EBB8CD2B7E3D1600AD631C385A5D7CCE23C7785459A
2452	XB36Hazards Launcher.exe	C:\Users\admin\AppData\Local\Temp\tmpCF28.tmp		binary
		MD5:55A54008AD1BA589AA210D2629C1DF41	SHA256:4BF5122F344554C53BDE2EBB8CD2B7E3D1600AD631C385A5D7CCE23C7785459A
2452	XB36Hazards Launcher.exe	C:\Users\admin\Documents\XB36Hazard_Launcher.STARTUP_LOG.txt		text
		MD5:850099B110024551B3642E97604472D6	SHA256:4242982B1EAEA3D40D1F2BD00048DA9ECF9CC68B1DBEC43F49F29A9004EA0139

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3040	OfficeClickToRun.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D	unknown	—	—	unknown
1544	svchost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	unknown
2272	svchost.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	unknown
2272	svchost.exe	GET	200	2.16.164.9:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	unknown
2032	backgroundTaskHost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D	unknown	—	—	unknown
5484	SIHClient.exe	GET	200	88.221.125.143:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	unknown
4028	backgroundTaskHost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D	unknown	—	—	unknown
5484	SIHClient.exe	GET	200	88.221.125.143:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
2272	svchost.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
3868	RUXIMICS.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
1992	MoUsoCoreWorker.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
2452	XB36Hazards Launcher.exe	162.125.66.18:443	www.dropbox.com	DROPBOX	DE	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
4032	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
2452	XB36Hazards Launcher.exe	162.125.66.15:443	uc2a4735802429d7d1a1cf705dd1.dl.dropboxusercontent.com	DROPBOX	DE	malicious
2272	svchost.exe	2.16.164.9:80	crl.microsoft.com	Akamai International B.V.	NL	unknown
2272	svchost.exe	95.101.149.131:80	www.microsoft.com	Akamai International B.V.	NL	unknown

DNS requests

Domain	IP	Reputation
www.dropbox.com	162.125.66.18	shared
uc2a4735802429d7d1a1cf705dd1.dl.dropboxusercontent.com	162.125.66.15	unknown
uc1fccab1d0801f82927cebccc8c.dl.dropboxusercontent.com	162.125.66.15	unknown
settings-win.data.microsoft.com	51.104.136.2	whitelisted
crl.microsoft.com	2.16.164.9 2.16.164.72	whitelisted
www.microsoft.com	95.101.149.131 88.221.125.143	whitelisted
login.live.com	20.190.160.17 40.126.32.74 20.190.160.14 40.126.32.140 40.126.32.134 40.126.32.136 20.190.160.22 40.126.32.133	whitelisted
go.microsoft.com	23.211.9.234	whitelisted
self.events.data.microsoft.com	20.189.173.13	whitelisted
uce5b78181fc6f66f1006020155f.dl.dropboxusercontent.com	162.125.66.15	unknown

Threats

No threats detected

Add for printing

No debug info

General Info

XB36Hazards Launcher.exe

D7FA5514B7DB10A7E7B6241747D59694

C09D7316A52E63577D9819BFE699BF25EFD073AE

31D054B969F3A7824714CB7A9D346B2758E17EB556D8DDE49DD00E6D2A94C232

98304:fRlrxS1ngLfwQH9faVuskghQ+F4Cj5k+biapSEYhxISDfnH63g1+D7m6Z7mnL:fRVxEnhe9izkEQXCj5z8p6wCm6ZqL

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Searches for installed software

Executable content was dropped or overwritten

Creates a software uninstall entry

Reads security settings of Internet Explorer

Reads the date of Windows installation

INFO

Checks supported languages

Reads the computer name

Reads the machine GUID from the registry

Disables trace logs

Checks proxy server information

Creates files or folders in the user directory

Creates files in the program directory

Reads the software policy settings

Create files in a temporary directory

Manual execution by a user

Process checks computer location settings

Reads Environment values

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings