| File name: | Elite-Bootstrap.exe |
| Full analysis: | https://app.any.run/tasks/a1e65b1a-de90-4dc3-8250-fb385c3c2919 |
| Verdict: | Malicious activity |
| Threats: | A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. |
| Analysis date: | April 18, 2025, 16:00:37 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32+ executable (GUI) x86-64, for MS Windows, 12 sections |
| MD5: | CFA2DB40EC49A3B15BBC406D2F0917BB |
| SHA1: | 63CDE2B5ED4176F441AA5D4831EB382CD3F0F582 |
| SHA256: | 41A65CE60C09899FC868C5A18F34CB6C4BCBAD2D2115A4CFABA7AEA3003D9043 |
| SSDEEP: | 98304:nAqPhwbYSdBpRnpzuqN9RrwC27+XG/o7grql2W7G05iM27y/ofm79p3dFLXM/GN2:e3s1Iz/kY |
MALICIOUS
M0YV mutex has been found
- Elite-Bootstrap.exe (PID: 6728)
- FlashPlayerUpdateService.exe (PID: 6480)
- AppVClient.exe (PID: 3900)
- DiagnosticsHub.StandardCollector.Service.exe (PID: 1276)
- perfhost.exe (PID: 7692)
- updater.exe (PID: 9184)
- updater.exe (PID: 9212)
- updater.exe (PID: 5964)
- updater.exe (PID: 5436)
- updater.exe (PID: 8228)
- updater.exe (PID: 8264)
- updater.exe (PID: 2092)
- updater.exe (PID: 5156)
- elevation_service.exe (PID: 2564)
Request for a sinkholed resource
- Elite-Bootstrap.exe (PID: 6728)
M0YV has been detected (YARA)
- armsvc.exe (PID: 904)
- alg.exe (PID: 1168)
- GameInputSvc.exe (PID: 4208)
- GameInputSvc.exe (PID: 1020)
- elevation_service.exe (PID: 2564)
- GoogleUpdate.exe (PID: 7228)
- elevation_service.exe (PID: 7272)
- MicrosoftEdgeUpdate.exe (PID: 7280)
- GoogleUpdate.exe (PID: 7404)
- DiagnosticsHub.StandardCollector.Service.exe (PID: 1276)
- MicrosoftEdgeUpdate.exe (PID: 5116)
Changes the autorun value in the registry
- setup.exe (PID: 4424)
SUSPICIOUS
Executes as Windows Service
- armsvc.exe (PID: 904)
- FlashPlayerUpdateService.exe (PID: 6480)
- alg.exe (PID: 1168)
- AppVClient.exe (PID: 3900)
- DiagnosticsHub.StandardCollector.Service.exe (PID: 1276)
- MicrosoftEdgeUpdate.exe (PID: 5364)
- msdtc.exe (PID: 7520)
- Locator.exe (PID: 7788)
- PerceptionSimulationService.exe (PID: 7608)
- perfhost.exe (PID: 7692)
- SensorDataService.exe (PID: 7848)
- PSEXESVC.exe (PID: 7744)
- snmptrap.exe (PID: 7892)
- Spectrum.exe (PID: 7936)
- ssh-agent.exe (PID: 7992)
- VSSVC.exe (PID: 8180)
- vds.exe (PID: 8156)
- wbengine.exe (PID: 7200)
- TieringEngineService.exe (PID: 8064)
- GameInputSvc.exe (PID: 1020)
- WmiApSrv.exe (PID: 7224)
- MicrosoftEdgeUpdate.exe (PID: 7976)
- GoogleUpdate.exe (PID: 8660)
- updater.exe (PID: 9184)
- updater.exe (PID: 8228)
- updater.exe (PID: 2092)
Reads the BIOS version
- Elite-Bootstrap.exe (PID: 6728)
Application launched itself
- MicrosoftEdgeUpdate.exe (PID: 5364)
- GameInputSvc.exe (PID: 1020)
- MicrosoftEdgeUpdate.exe (PID: 5116)
- MicrosoftEdgeUpdate.exe (PID: 7976)
- GoogleUpdate.exe (PID: 8660)
- updater.exe (PID: 9048)
- updater.exe (PID: 9184)
- updater.exe (PID: 5964)
- updater.exe (PID: 8228)
- updater.exe (PID: 2092)
- setup.exe (PID: 4424)
- setup.exe (PID: 5428)
- setup.exe (PID: 7632)
Process drops legitimate windows executable
- Elite-Bootstrap.exe (PID: 6728)
Executable content was dropped or overwritten
- Elite-Bootstrap.exe (PID: 6728)
- svchost.exe (PID: 7536)
- GoogleUpdate.exe (PID: 8660)
- updater.exe (PID: 9048)
- updater.exe (PID: 8228)
- 135.0.7049.96_chrome_installer.exe (PID: 4728)
- setup.exe (PID: 4424)
Process requests binary or script from the Internet
- svchost.exe (PID: 7536)
Potential Corporate Privacy Violation
- svchost.exe (PID: 7536)
There is functionality for taking screenshot (YARA)
- GoogleUpdate.exe (PID: 7228)
Starts itself from another location
- setup.exe (PID: 4424)
INFO
Checks supported languages
- Elite-Bootstrap.exe (PID: 6728)
- armsvc.exe (PID: 904)
- FlashPlayerUpdateService.exe (PID: 6480)
- MicrosoftEdgeUpdate.exe (PID: 5364)
- MicrosoftEdgeUpdate.exe (PID: 5116)
- MicrosoftEdgeUpdate.exe (PID: 7976)
- MicrosoftEdgeUpdate.exe (PID: 8208)
- GoogleUpdate.exe (PID: 8660)
- UpdaterSetup.exe (PID: 8960)
- GoogleUpdate.exe (PID: 8996)
- updater.exe (PID: 9068)
- updater.exe (PID: 9048)
- updater.exe (PID: 9184)
- updater.exe (PID: 9212)
- updater.exe (PID: 5964)
- updater.exe (PID: 5436)
- updater.exe (PID: 8228)
- updater.exe (PID: 8264)
- updater.exe (PID: 2092)
- 135.0.7049.96_chrome_installer.exe (PID: 4728)
- setup.exe (PID: 4424)
- setup.exe (PID: 7012)
- updater.exe (PID: 5156)
- setup.exe (PID: 5428)
- setup.exe (PID: 6988)
- setup.exe (PID: 7632)
- setup.exe (PID: 8080)
Creates files or folders in the user directory
- Elite-Bootstrap.exe (PID: 6728)
Reads the computer name
- armsvc.exe (PID: 904)
- Elite-Bootstrap.exe (PID: 6728)
- FlashPlayerUpdateService.exe (PID: 6480)
- MicrosoftEdgeUpdate.exe (PID: 5364)
- MicrosoftEdgeUpdate.exe (PID: 5116)
- MicrosoftEdgeUpdate.exe (PID: 7976)
- MicrosoftEdgeUpdate.exe (PID: 8208)
- GoogleUpdate.exe (PID: 8660)
- GoogleUpdate.exe (PID: 8996)
- updater.exe (PID: 9048)
- updater.exe (PID: 9184)
- updater.exe (PID: 9212)
- updater.exe (PID: 5964)
- updater.exe (PID: 5436)
- updater.exe (PID: 8228)
- updater.exe (PID: 8264)
- updater.exe (PID: 2092)
- 135.0.7049.96_chrome_installer.exe (PID: 4728)
- setup.exe (PID: 4424)
- updater.exe (PID: 5156)
- setup.exe (PID: 7632)
Process checks whether UAC notifications are on
- Elite-Bootstrap.exe (PID: 6728)
- updater.exe (PID: 9048)
- updater.exe (PID: 9184)
- updater.exe (PID: 5964)
- updater.exe (PID: 8228)
- updater.exe (PID: 2092)
Executes as Windows Service
- elevation_service.exe (PID: 2564)
- elevation_service.exe (PID: 7272)
- SearchIndexer.exe (PID: 7372)
The sample compiled with english language support
- Elite-Bootstrap.exe (PID: 6728)
- GoogleUpdate.exe (PID: 8660)
- svchost.exe (PID: 7536)
- updater.exe (PID: 9048)
- updater.exe (PID: 8228)
- 135.0.7049.96_chrome_installer.exe (PID: 4728)
- setup.exe (PID: 4424)
- elevation_service.exe (PID: 7272)
Checks proxy server information
- Elite-Bootstrap.exe (PID: 6728)
- slui.exe (PID: 8924)
Creates files in the program directory
- SearchIndexer.exe (PID: 7372)
- GoogleUpdate.exe (PID: 8660)
- updater.exe (PID: 9048)
- UpdaterSetup.exe (PID: 8960)
- GoogleUpdate.exe (PID: 8996)
- updater.exe (PID: 9068)
- updater.exe (PID: 8228)
- updater.exe (PID: 2092)
- setup.exe (PID: 5428)
- setup.exe (PID: 4424)
Reads the software policy settings
- MicrosoftEdgeUpdate.exe (PID: 8208)
- MicrosoftEdgeUpdate.exe (PID: 7976)
- GoogleUpdate.exe (PID: 8660)
- GoogleUpdate.exe (PID: 8996)
- updater.exe (PID: 2092)
- slui.exe (PID: 8924)
Reads Environment values
- MicrosoftEdgeUpdate.exe (PID: 8208)
Reads the machine GUID from the registry
- GoogleUpdate.exe (PID: 8660)
- GoogleUpdate.exe (PID: 8996)
- updater.exe (PID: 2092)
Create files in a temporary directory
- svchost.exe (PID: 7536)
Reads security settings of Internet Explorer
- SearchProtocolHost.exe (PID: 8832)
Auto-launch of the file from Registry key
- setup.exe (PID: 4424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Generic Win/DOS Executable (50) |
|---|---|---|
| .exe | | | DOS Executable Generic (49.9) |
EXIF
EXE
| MachineType: | AMD AMD64 |
|---|---|
| TimeStamp: | 2025:03:27 10:12:51+00:00 |
| ImageFileCharacteristics: | Executable, Large address aware |
| PEType: | PE32+ |
| LinkerVersion: | 14.29 |
| CodeSize: | 421888 |
| InitializedDataSize: | 129024 |
| UninitializedDataSize: | - |
| EntryPoint: | 0xc14058 |
| OSVersion: | 6 |
| ImageVersion: | - |
| SubsystemVersion: | 6 |
| Subsystem: | Windows GUI |
Total processes
188
Monitored processes
60
Malicious processes
26
Suspicious processes
1
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 904 | "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe | services.exe | ||||||||||||
User: SYSTEM Company: Adobe Inc. Integrity Level: SYSTEM Description: Acrobat Update Service Version: 1.824.460.1042 Modules
| |||||||||||||||
| 1020 | C:\WINDOWS\System32\GameInputSvc.exe | C:\Windows\System32\GameInputSvc.exe | services.exe | ||||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: GameInput Host Service Version: 0.2309.19041.4046 | |||||||||||||||
| 1168 | C:\WINDOWS\System32\alg.exe | C:\Windows\System32\alg.exe | services.exe | ||||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Application Layer Gateway Service Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1188 | "C:\Users\admin\Desktop\Elite-Bootstrap.exe" | C:\Users\admin\Desktop\Elite-Bootstrap.exe | — | explorer.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 3221226540 Modules
| |||||||||||||||
| 1276 | C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | services.exe | ||||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft (R) Diagnostics Hub Standard Collector Version: 11.00.19041.3930 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2092 | "C:\Program Files (x86)\Google\GoogleUpdater\137.0.7115.0\updater.exe" --system --windows-service --service=update | C:\Program Files (x86)\Google\GoogleUpdater\137.0.7115.0\updater.exe | services.exe | ||||||||||||
User: SYSTEM Company: Google LLC Integrity Level: SYSTEM Description: Google Updater (x64) Version: 137.0.7115.0 Modules
| |||||||||||||||
| 2196 | C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s Dnscache | C:\Windows\System32\svchost.exe | services.exe | ||||||||||||
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: Host Process for Windows Services Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2564 | "C:\Program Files\Google\Chrome\Application\122.0.6261.70\elevation_service.exe" | C:\Program Files\Google\Chrome\Application\122.0.6261.70\elevation_service.exe | services.exe | ||||||||||||
User: SYSTEM Company: Google LLC Integrity Level: SYSTEM Description: Google Chrome Version: 122.0.6261.70 Modules
| |||||||||||||||
| 3900 | C:\WINDOWS\system32\AppVClient.exe | C:\Windows\System32\AppVClient.exe | services.exe | ||||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Application Virtualization Client Service Exit code: 0 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 4208 | "C:\WINDOWS\System32\GameInputSvc.exe" Global\GameInputSession_5 | C:\Windows\System32\GameInputSvc.exe | GameInputSvc.exe | ||||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: GameInput Host Service Version: 0.2309.19041.4046 | |||||||||||||||
Total events
36 435
Read events
31 341
Write events
5 033
Delete events
61
Modification events
| (PID) Process: | (5364) MicrosoftEdgeUpdate.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\UsageStats\Daily\Integers |
| Operation: | write | Name: | omaha_version |
Value: 1100B90003000100 | |||
| (PID) Process: | (5364) MicrosoftEdgeUpdate.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\UsageStats\Daily\Booleans |
| Operation: | write | Name: | is_system_install |
Value: 01000000 | |||
| (PID) Process: | (5364) MicrosoftEdgeUpdate.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\UsageStats\Daily\Counts |
| Operation: | write | Name: | goopdate_main |
Value: 1500000000000000 | |||
| (PID) Process: | (5364) MicrosoftEdgeUpdate.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\UsageStats\Daily\Counts |
| Operation: | write | Name: | goopdate_constructor |
Value: 1500000000000000 | |||
| (PID) Process: | (5364) MicrosoftEdgeUpdate.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\UsageStats\Daily\Integers |
| Operation: | write | Name: | windows_major_version |
Value: 0A00000000000000 | |||
| (PID) Process: | (7372) SearchIndexer.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Search\Preferences |
| Operation: | delete value | Name: | DataDirectory |
Value: | |||
| (PID) Process: | (7372) SearchIndexer.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search |
| Operation: | write | Name: | SchemaCacheTimestamp |
Value: 30F44CD30259DA01 | |||
| (PID) Process: | (7372) SearchIndexer.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager |
| Operation: | write | Name: | UseSystemTemp |
Value: 0 | |||
| (PID) Process: | (7372) SearchIndexer.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\VolumeInfoCache\C: |
| Operation: | write | Name: | DriveType |
Value: 3 | |||
| (PID) Process: | (7372) SearchIndexer.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\VolumeInfoCache\C: |
| Operation: | write | Name: | VolumeLabel |
Value: | |||
Executable files
160
Suspicious files
36
Text files
7
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6728 | Elite-Bootstrap.exe | C:\Windows\System32\AppVClient.exe | executable | |
MD5:1E60DAA4843CC6F09115429CA65D8349 | SHA256:74EE66CD709A40B37503B2946604F9A0D5EC9E6D17C22119082EBDE98E6F1501 | |||
| 6728 | Elite-Bootstrap.exe | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe | executable | |
MD5:C3AA8E530A846F86567149CD6471C37F | SHA256:019C7E88333A580993145852666C7F7BFC1F2F77358CB888EB6889283F0E93EF | |||
| 6728 | Elite-Bootstrap.exe | C:\Windows\System32\FXSSVC.exe | executable | |
MD5:D0F21E85FE06B44D00AE088CE9027B1E | SHA256:00BD992DA6861628C8828DD5FF1AE10CC889407AF64A052344A8F5CF74FD6225 | |||
| 3900 | AppVClient.exe | C:\Windows\System32\config\systemprofile\AppData\Roaming\26b799fa89ba8c8f.bin | binary | |
MD5:252EA1A40D49D138A09D8B1730AF7BD1 | SHA256:EDE2E50B182DC0D9F7925982156E4AB49F616E80A9FFDBEB2B2C3EBC86129B86 | |||
| 6728 | Elite-Bootstrap.exe | C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | executable | |
MD5:FC8608ECD461A4630BFD526EC28DD0AD | SHA256:F806B5558C187BE6A9EA79F46F90121C64DA11814F5A793EE42E221AF1E320E7 | |||
| 6728 | Elite-Bootstrap.exe | C:\Windows\System32\alg.exe | executable | |
MD5:791DA26F58FAE632FE1CE3F68068B76A | SHA256:A64294D2CFC59122408A4463003469E01E854520BE39446845C11580DDB468D4 | |||
| 5364 | MicrosoftEdgeUpdate.exe | C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log | binary | |
MD5:057E95F0231203F834C94A220F65CB57 | SHA256:3F2097C8A161FB1334C3E32857753DCF3FB0E9B435F2D0C7D10D35DCABD526A3 | |||
| 6728 | Elite-Bootstrap.exe | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | executable | |
MD5:BB148C152EAD6B20C70CFC2B779288D8 | SHA256:7895E6BFEFE35C5F4978F115E7B354981F11640028690E44486B52E3D1762A69 | |||
| 6728 | Elite-Bootstrap.exe | C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe | executable | |
MD5:F67BF3834E6E662913FF12D716A1186C | SHA256:B48713917339F1252A779F6928D0B29A6DE20B828FCFF24B1E4B606B2BCD5A4C | |||
| 6728 | Elite-Bootstrap.exe | C:\Windows\System32\GameInputSvc.exe | executable | |
MD5:472E424C4C502753C465528EB197053C | SHA256:0E2649F4FAF941997FFBFA74FF5ADA3312D150875371F42F03F0486EB40B9BD9 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
831
TCP/UDP connections
135
DNS requests
125
Threats
28
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6728 | Elite-Bootstrap.exe | POST | 200 | 52.11.240.239:80 | http://pywolwnvd.biz/wmuvinm | unknown | — | — | malicious |
2564 | RUXIMICS.exe | GET | 200 | 23.216.77.7:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
— | — | GET | 204 | 142.250.186.142:443 | https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.36.372&applang=&machine=1&version=1.3.36.372&userid=&osversion=10.0&servicepack= | unknown | — | — | — |
— | — | POST | 200 | 13.213.51.196:80 | http://ssbzmoy.biz/m | unknown | — | — | unknown |
1276 | DiagnosticsHub.StandardCollector.Service.exe | POST | 200 | 52.11.240.239:80 | http://pywolwnvd.biz/dax | unknown | — | — | malicious |
— | — | POST | 200 | 13.213.51.196:80 | http://ssbzmoy.biz/tgpdnvpeobabc | unknown | — | — | malicious |
1276 | DiagnosticsHub.StandardCollector.Service.exe | POST | 200 | 52.11.240.239:80 | http://cvgrf.biz/jujnled | unknown | — | — | malicious |
6728 | Elite-Bootstrap.exe | POST | 200 | 52.11.240.239:80 | http://cvgrf.biz/xtvjxulefobhni | unknown | — | — | malicious |
6728 | Elite-Bootstrap.exe | POST | 200 | 3.229.117.57:80 | http://npukfztj.biz/yknraflsyhsgllc | unknown | — | — | malicious |
1276 | DiagnosticsHub.StandardCollector.Service.exe | POST | 302 | 72.52.178.23:80 | http://przvgke.biz/aiadjarb | unknown | — | — | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
2564 | RUXIMICS.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2564 | RUXIMICS.exe | 23.216.77.7:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
6728 | Elite-Bootstrap.exe | 52.11.240.239:80 | pywolwnvd.biz | AMAZON-02 | US | malicious |
1276 | DiagnosticsHub.StandardCollector.Service.exe | 52.11.240.239:80 | pywolwnvd.biz | AMAZON-02 | US | malicious |
— | — | 239.255.255.250:1900 | — | — | — | whitelisted |
— | — | 13.213.51.196:80 | ssbzmoy.biz | AMAZON-02 | SG | malicious |
— | — | 142.250.186.78:443 | clients2.google.com | GOOGLE | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
pywolwnvd.biz |
| malicious |
ssbzmoy.biz |
| malicious |
clients2.google.com |
| whitelisted |
cvgrf.biz |
| malicious |
npukfztj.biz |
| malicious |
przvgke.biz |
| unknown |
ww12.przvgke.biz |
| malicious |
Threats
PID | Process | Class | Message |
|---|---|---|---|
6728 | Elite-Bootstrap.exe | A Network Trojan was detected | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz |
6728 | Elite-Bootstrap.exe | A Network Trojan was detected | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst |
— | — | A Network Trojan was detected | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz |
— | — | A Network Trojan was detected | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst |
1276 | DiagnosticsHub.StandardCollector.Service.exe | A Network Trojan was detected | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz |
1276 | DiagnosticsHub.StandardCollector.Service.exe | A Network Trojan was detected | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst |
2196 | svchost.exe | A Network Trojan was detected | ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) |
2196 | svchost.exe | A Network Trojan was detected | ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) |
1276 | DiagnosticsHub.StandardCollector.Service.exe | Misc activity | ET INFO Namecheap URL Forward |
6728 | Elite-Bootstrap.exe | Misc activity | ET INFO Namecheap URL Forward |