File name:

342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27

Full analysis: https://app.any.run/tasks/b8dc7fdd-3f0a-43fe-9313-a56f5c1481f5
Verdict: Malicious activity
Analysis date: March 24, 2025, 09:19:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

323DA47187F457C7017D94DE8144BB54

SHA1:

40E591FD74C7C45D435A1AC73ACADC70F9827451

SHA256:

342BE5609D534DBF52F5CE3EF0FA29A1BBF5E7B15D0CCF0464A78F4DCD490A27

SSDEEP:

98304:fAdsXbMpc2o5anNLS6S+5Ji0TphRkgJvYm3Sr096AUellFV3MfGejUk/DlBZo80c:M5g

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Antivirus name has been found in the command line (generic signature)

      • taskkill.exe (PID: 7932)
      • taskkill.exe (PID: 2148)
      • taskkill.exe (PID: 5576)
      • taskkill.exe (PID: 7440)
      • taskkill.exe (PID: 7736)

    • Starts NET.EXE to view/add/change user profiles

      • net.exe (PID: 8964)
      • net.exe (PID: 8864)
      • net.exe (PID: 8568)
      • net.exe (PID: 8452)
      • net.exe (PID: 8624)
      • net.exe (PID: 8888)
      • net.exe (PID: 8384)
      • net.exe (PID: 9040)
      • net.exe (PID: 8436)
      • 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exe (PID: 7600)
      • net.exe (PID: 8376)
      • net.exe (PID: 8560)
      • net.exe (PID: 8940)
      • net.exe (PID: 8412)
      • net.exe (PID: 8536)
      • net.exe (PID: 8428)
      • net.exe (PID: 8616)
      • net.exe (PID: 8404)
      • net.exe (PID: 9144)
      • net.exe (PID: 9356)
      • net.exe (PID: 8052)
      • net.exe (PID: 10644)
      • net.exe (PID: 9312)
      • net.exe (PID: 12220)
      • net.exe (PID: 12328)
      • net.exe (PID: 14320)
      • net.exe (PID: 10464)
      • net.exe (PID: 9232)
      • net.exe (PID: 12024)
      • net.exe (PID: 10520)
      • net.exe (PID: 11276)
      • net.exe (PID: 13040)
      • net.exe (PID: 9020)
      • net.exe (PID: 10232)
      • net.exe (PID: 10660)
      • net.exe (PID: 15236)
      • net.exe (PID: 11464)
      • net.exe (PID: 9320)
      • net.exe (PID: 11420)
      • net.exe (PID: 11048)
      • net.exe (PID: 11152)
      • net.exe (PID: 5332)
      • net.exe (PID: 9388)
      • net.exe (PID: 13292)
      • net.exe (PID: 14020)
      • net.exe (PID: 8696)
      • net.exe (PID: 8496)
      • net.exe (PID: 9200)
      • net.exe (PID: 12608)
      • net.exe (PID: 10528)
      • net.exe (PID: 11132)
      • net.exe (PID: 10152)
      • net.exe (PID: 10476)
      • net.exe (PID: 10680)
      • net.exe (PID: 8664)
      • net.exe (PID: 11068)
      • net.exe (PID: 10712)
      • net.exe (PID: 12816)
      • net.exe (PID: 9396)
      • net.exe (PID: 10140)
      • net.exe (PID: 12040)
      • net.exe (PID: 9280)
      • net.exe (PID: 11412)
      • net.exe (PID: 14752)
      • net.exe (PID: 9272)
      • net.exe (PID: 10960)
      • net.exe (PID: 13616)
      • net.exe (PID: 13860)
      • net.exe (PID: 14124)
      • net.exe (PID: 11968)
      • net.exe (PID: 13688)
      • net.exe (PID: 13164)
      • net.exe (PID: 15164)
      • net.exe (PID: 12596)
      • net.exe (PID: 15008)
      • net.exe (PID: 11396)
      • net.exe (PID: 12696)
      • net.exe (PID: 13504)
      • net.exe (PID: 15220)
      • net.exe (PID: 14044)
      • net.exe (PID: 14384)
      • net.exe (PID: 14196)
      • net.exe (PID: 13912)
      • net.exe (PID: 12760)
      • net.exe (PID: 11216)
      • net.exe (PID: 14300)
      • net.exe (PID: 13800)
      • net.exe (PID: 12864)
      • net.exe (PID: 13016)
      • net.exe (PID: 11564)
      • net.exe (PID: 9604)
      • net.exe (PID: 13948)
      • net.exe (PID: 11552)
      • net.exe (PID: 12408)
      • net.exe (PID: 11984)
      • net.exe (PID: 13116)
      • net.exe (PID: 12492)
      • net.exe (PID: 15184)
      • net.exe (PID: 12444)
      • net.exe (PID: 12684)
      • net.exe (PID: 11832)
      • net.exe (PID: 10936)
      • net.exe (PID: 10968)
      • net.exe (PID: 13228)
      • net.exe (PID: 15112)
      • net.exe (PID: 14928)
      • net.exe (PID: 11840)
      • net.exe (PID: 11376)
      • net.exe (PID: 13460)
      • net.exe (PID: 15088)
      • net.exe (PID: 14572)
      • net.exe (PID: 11484)
      • net.exe (PID: 9348)
      • net.exe (PID: 12396)
      • net.exe (PID: 13340)
      • net.exe (PID: 14248)
      • net.exe (PID: 12664)
      • net.exe (PID: 12104)
      • net.exe (PID: 12280)
      • net.exe (PID: 12008)
      • net.exe (PID: 12784)
      • net.exe (PID: 10984)
      • net.exe (PID: 11900)
      • net.exe (PID: 14236)
      • net.exe (PID: 12056)
      • net.exe (PID: 11328)
      • net.exe (PID: 13768)
      • net.exe (PID: 11308)
      • net.exe (PID: 13540)
      • net.exe (PID: 13720)
      • net.exe (PID: 12112)
      • net.exe (PID: 12232)
      • net.exe (PID: 14684)
      • net.exe (PID: 13572)
      • net.exe (PID: 14836)
      • net.exe (PID: 10900)
      • net.exe (PID: 14900)
      • net.exe (PID: 11640)
      • net.exe (PID: 14996)
      • net.exe (PID: 14360)
      • net.exe (PID: 11616)
      • net.exe (PID: 14656)
      • net.exe (PID: 12152)
      • net.exe (PID: 11880)
      • net.exe (PID: 12172)
      • net.exe (PID: 13176)
      • net.exe (PID: 15064)
      • net.exe (PID: 13520)
      • net.exe (PID: 13448)
      • net.exe (PID: 12560)
      • net.exe (PID: 12428)
      • net.exe (PID: 11008)
      • net.exe (PID: 12524)
      • net.exe (PID: 14716)
      • net.exe (PID: 13248)
      • net.exe (PID: 11936)
      • net.exe (PID: 14180)
      • net.exe (PID: 11796)
      • net.exe (PID: 12644)
      • net.exe (PID: 12808)
      • net.exe (PID: 13404)
      • net.exe (PID: 11920)
      • net.exe (PID: 12892)
      • net.exe (PID: 14136)
      • net.exe (PID: 11156)
      • net.exe (PID: 12096)
      • net.exe (PID: 12940)
      • net.exe (PID: 13976)
      • net.exe (PID: 12964)
      • net.exe (PID: 13076)
      • net.exe (PID: 14604)
      • net.exe (PID: 14340)
      • net.exe (PID: 14408)
      • net.exe (PID: 12592)
      • net.exe (PID: 13644)
      • net.exe (PID: 14500)
      • net.exe (PID: 13388)
      • net.exe (PID: 12352)
      • net.exe (PID: 14516)
      • net.exe (PID: 14944)
      • net.exe (PID: 13108)
      • net.exe (PID: 12572)
      • net.exe (PID: 14796)
      • net.exe (PID: 15040)
      • net.exe (PID: 14884)
      • net.exe (PID: 13008)
      • net.exe (PID: 11532)

    • Changes the autorun value in the registry

      • 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exe (PID: 7600)

    • Starts NET.EXE to view/change users localgroup

      • net.exe (PID: 8584)
      • net.exe (PID: 8548)
      • net.exe (PID: 8988)
      • 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exe (PID: 7600)
      • net.exe (PID: 8912)
      • net.exe (PID: 8444)
      • net.exe (PID: 8392)
      • net.exe (PID: 8420)
      • net.exe (PID: 10536)
      • net.exe (PID: 9292)
      • net.exe (PID: 8844)
      • net.exe (PID: 10508)
      • net.exe (PID: 9372)
      • net.exe (PID: 9176)
      • net.exe (PID: 11108)
      • net.exe (PID: 12376)
      • net.exe (PID: 12304)
      • net.exe (PID: 2096)
      • net.exe (PID: 9332)
      • net.exe (PID: 8204)
      • net.exe (PID: 10172)
      • net.exe (PID: 12084)
      • net.exe (PID: 12548)
      • net.exe (PID: 11020)
      • net.exe (PID: 10672)
      • net.exe (PID: 9244)
      • net.exe (PID: 14416)
      • net.exe (PID: 11092)
      • net.exe (PID: 8488)
      • net.exe (PID: 9420)
      • net.exe (PID: 12720)
      • net.exe (PID: 13060)
      • net.exe (PID: 11724)
      • net.exe (PID: 13136)
      • net.exe (PID: 14376)
      • net.exe (PID: 13208)
      • net.exe (PID: 10976)
      • net.exe (PID: 14704)
      • net.exe (PID: 12672)
      • net.exe (PID: 14856)
      • net.exe (PID: 11356)
      • net.exe (PID: 14540)
      • net.exe (PID: 15080)
      • net.exe (PID: 12800)
      • net.exe (PID: 12200)
      • net.exe (PID: 14084)
      • net.exe (PID: 11952)
      • net.exe (PID: 11856)
      • net.exe (PID: 12248)
      • net.exe (PID: 12628)
      • net.exe (PID: 13928)
      • net.exe (PID: 11800)
      • net.exe (PID: 12032)
      • net.exe (PID: 11456)
      • net.exe (PID: 11912)
      • net.exe (PID: 12348)
      • net.exe (PID: 11504)
      • net.exe (PID: 13736)
      • net.exe (PID: 14972)
      • net.exe (PID: 10948)
      • net.exe (PID: 12736)
      • net.exe (PID: 12468)
      • net.exe (PID: 13996)
      • net.exe (PID: 12300)
      • net.exe (PID: 11404)
      • net.exe (PID: 13424)
      • net.exe (PID: 12536)
      • net.exe (PID: 13532)
      • net.exe (PID: 11992)
      • net.exe (PID: 13272)
      • net.exe (PID: 12984)
      • net.exe (PID: 14160)
      • net.exe (PID: 12128)
      • net.exe (PID: 13672)
      • net.exe (PID: 12920)
      • net.exe (PID: 14920)
      • net.exe (PID: 15136)
      • net.exe (PID: 9168)
      • net.exe (PID: 14628)
      • net.exe (PID: 10888)
      • net.exe (PID: 13824)
      • net.exe (PID: 15256)
      • net.exe (PID: 13368)
      • net.exe (PID: 14220)
      • net.exe (PID: 10436)
      • net.exe (PID: 15212)
      • net.exe (PID: 12580)
      • net.exe (PID: 15028)
      • net.exe (PID: 11288)
      • net.exe (PID: 14272)
      • net.exe (PID: 14780)
      • net.exe (PID: 12832)
      • net.exe (PID: 13588)
      • net.exe (PID: 13480)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exe (PID: 7600)

    • Uses TASKKILL.EXE to kill process

      • 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exe (PID: 7600)

    • There is functionality for taking screenshot (YARA)

      • 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exe (PID: 7600)

  • INFO

    • Checks supported languages

      • 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exe (PID: 7600)

    • Reads the computer name

      • 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exe (PID: 7600)

    • Reads the time zone

      • net1.exe (PID: 19248)
      • net1.exe (PID: 19116)

    • UPX packer has been detected

      • 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exe (PID: 7600)

    • Checks proxy server information

      • slui.exe (PID: 6712)

    • Reads the software policy settings

      • slui.exe (PID: 6712)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (30.9)
.exe | Win64 Executable (generic) (27.3)
.exe | UPX compressed Win32 Executable (26.8)
.dll | Win32 Dynamic Link Library (generic) (6.5)
.exe | Win32 Executable (generic) (4.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:24 06:56:49+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 733184
InitializedDataSize: 2072576
UninitializedDataSize: -
EntryPoint: 0x92429
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
1 046
Monitored processes
901
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exe taskkill.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs conhost.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs regini.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs conhost.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs net.exe no specs net.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
536C:\WINDOWS\system32\net1 localgroup administrators admin /addC:\Windows\SysWOW64\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Net Command
Exit code:
2
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\sechost.dll
780\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1072\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1128C:\WINDOWS\system32\net1 user ByGM ByGM12333333C:\Windows\SysWOW64\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Net Command
Exit code:
2
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\sechost.dll
1132C:\WINDOWS\system32\net1 user BY GM 1xsadjkwlajsl /addC:\Windows\SysWOW64\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Net Command
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\sechost.dll
1180\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1184\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1228taskkill /f /im VsTskMgr.exeC:\Windows\SysWOW64\taskkill.exe342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
1276C:\WINDOWS\system32\net1 user BY GM 1xsadjkwlajsl /addC:\Windows\SysWOW64\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Net Command
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\sechost.dll
1452\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
15 071
Read events
15 046
Write events
25
Delete events
0

Modification events

(PID) Process:(7600) 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\360Safe\safemon
Operation:writeName:ExecAccess
Value:
0
(PID) Process:(7600) 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\360Safe\safemon
Operation:writeName:MonAccess
Value:
0
(PID) Process:(7600) 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\360Safe\safemon
Operation:writeName:SiteAccess
Value:
0
(PID) Process:(7600) 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\360Safe\safemon
Operation:writeName:UDiskAccess
Value:
0
(PID) Process:(7600) 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:System
Value:
C:\Program Files\System.dll
(PID) Process:(7600) 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exeKey:HKEY_CURRENT_USER\SoftWare \Microsoft \Windows \CurrentVersion \Policies\WinOldApp
Operation:writeName:Disabled
Value:
1
(PID) Process:(7600) 342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Interner Settings\Zones\3
Operation:writeName:1803
Value:
3
Executable files
1
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
7600342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exeC:\Users\admin\Desktop\ExtraDll.dllexecutable
MD5:C35425AD1F0C32225D307310DECCC335
SHA256:48773D597155DC39DD172C26867972DA89DD61FCEE0D138433EDA26A2D8633B7
7600342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27.exeC:\Users\admin\Desktop\www.initext
MD5:DF98F458D660ECDF388D0D7098B92879
SHA256:CE80722C95F952938A53B800A0633BF85625C06AD7D6CC9C9C3A8D5EE1F4D979
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
20
DNS requests
4
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
POST
500
20.83.72.98:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6392
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7512
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6712
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
342be5609d534dbf52f5ce3ef0fa29a1bbf5e7b15d0ccf0464a78f4dcd490a27