File name:

Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan

Full analysis: https://app.any.run/tasks/55698d8b-921c-4276-8602-9d762f95e8e1
Verdict: Malicious activity
Analysis date: March 01, 2024, 04:57:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

FA1C739BA9C97C2934A36379706252E5

SHA1:

1328E7922DAF2D8F8B4F04AF17FAC05095C65BD3

SHA256:

515FD2BDD1C1F6725F08F8FAC1DD9EBD8C124057F47E578DC1179D10F166C92C

SSDEEP:

98304:9ilShrpeE6dftgY+AOF3s8rbo0nBiGrQYmEV3U/7XfqRIORrev2TstP3cgMiC+Ml:0I/A4CzuXpHAwLMU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.exe (PID: 3672)
      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.exe (PID: 1776)
      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)
      • drvinst.exe (PID: 2860)

    • Starts NET.EXE for service management

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)
      • net.exe (PID: 2364)
      • net.exe (PID: 2100)
      • net.exe (PID: 3464)
      • net.exe (PID: 3848)

    • Creates a writable file in the system directory

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)
      • drvinst.exe (PID: 2860)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.exe (PID: 1776)
      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.exe (PID: 3672)
      • rundll32.exe (PID: 1836)
      • drvinst.exe (PID: 2860)
      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)

    • Reads the Windows owner or organization settings

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)

    • Reads the Internet Settings

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)

    • Reads security settings of Internet Explorer

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)

    • Uses RUNDLL32.EXE to load library

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)

    • Process drops legitimate windows executable

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)

    • The process drops C-runtime libraries

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)

    • Drops a system driver (possible attempt to evade defenses)

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)
      • rundll32.exe (PID: 1836)
      • drvinst.exe (PID: 2860)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 2860)

    • Starts CMD.EXE for commands execution

      • ZKBioOnline.exe (PID: 1740)

    • Executes as Windows Service

      • ZKBioOnline.exe (PID: 1740)
      • ZKOnlineProtect.exe (PID: 1844)

    • Creates files in the driver directory

      • drvinst.exe (PID: 2860)

  • INFO

    • Checks supported languages

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.exe (PID: 3672)
      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 3700)
      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.exe (PID: 1776)
      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)
      • drvinst.exe (PID: 2860)
      • ZKBioOnline.exe (PID: 3392)
      • ZKBioOnline.exe (PID: 2908)
      • ZKOnlineProtect.exe (PID: 1496)
      • ZKBioOnline.exe (PID: 1740)
      • ZKOnlineProtect.exe (PID: 1844)

    • Reads the computer name

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 3700)
      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)
      • drvinst.exe (PID: 2860)
      • ZKBioOnline.exe (PID: 2908)
      • ZKOnlineProtect.exe (PID: 1496)
      • ZKBioOnline.exe (PID: 1740)
      • ZKOnlineProtect.exe (PID: 1844)

    • Create files in a temporary directory

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.exe (PID: 1776)
      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.exe (PID: 3672)
      • rundll32.exe (PID: 1836)

    • Creates files in the program directory

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)

    • Creates a software uninstall entry

      • Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp (PID: 2964)

    • Drops the executable file immediately after the start

      • rundll32.exe (PID: 1836)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 2860)
      • ZKBioOnline.exe (PID: 1740)

    • Reads the software policy settings

      • drvinst.exe (PID: 2860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 41984
InitializedDataSize: 17920
UninitializedDataSize: -
EntryPoint: 0xaad0
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.2.0.36
ProductVersionNumber: 5.2.0.36
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: ZKTeco Inc.
FileDescription: ZKBIOOnline SDK Setup
FileVersion: 5.2.0.36
LegalCopyright: All Rights Reserved, 2020
ProductName: ZKBIOOnline SDK
ProductVersion: 5.2.0.36
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
67
Monitored processes
21
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start lotoor.a!mtb' in file 'zkbioonline.exe' during a scheduled scan.exe lotoor.a!mtb' in file 'zkbioonline.exe' during a scheduled scan.tmp no specs lotoor.a!mtb' in file 'zkbioonline.exe' during a scheduled scan.exe lotoor.a!mtb' in file 'zkbioonline.exe' during a scheduled scan.tmp net.exe no specs net.exe no specs net1.exe no specs net1.exe no specs rundll32.exe drvinst.exe zkbioonline.exe no specs zkbioonline.exe no specs zkonlineprotect.exe no specs net.exe no specs net1.exe no specs zkbioonline.exe cmd.exe no specs certutil.exe no specs net.exe no specs net1.exe no specs zkonlineprotect.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1336C:\Windows\system32\net1 start "ZKOnlineProtectSvr"C:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
1496"C:\Program Files\ZKBIOOnline\bin\ZKOnlineProtect.exe" -iC:\Program Files\ZKBIOOnline\bin\ZKOnlineProtect.exeLotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files\zkbioonline\bin\zkonlineprotect.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1560certutil -addstore -f -enterprise -user root "C:\Program Files\ZKBIOOnline\bin\ZK-rootCA.cer"C:\Windows\System32\certutil.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
CertUtil.exe
Exit code:
0
Version:
6.1.7601.18151 (win7sp1_gdr.130512-1533)
Modules
Images
c:\windows\system32\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
1740"C:\Program Files\ZKBIOOnline\bin\ZKBioOnline.exe"C:\Program Files\ZKBIOOnline\bin\ZKBioOnline.exe
services.exe
User:
SYSTEM
Company:
ZKTECO CO.,LTD.
Integrity Level:
SYSTEM
Description:
ZKBionOnline
Exit code:
0
Version:
5.2.0.36
Modules
Images
c:\program files\zkbioonline\bin\zkbioonline.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\program files\zkbioonline\bin\zkdevicectl.dll
c:\program files\zkbioonline\bin\libcrypto-1_1.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
1776"C:\Users\admin\AppData\Local\Temp\Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.exe" /SPAWNWND=$1A01BC /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.exe
Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp
User:
admin
Company:
ZKTeco Inc.
Integrity Level:
HIGH
Description:
ZKBIOOnline SDK Setup
Exit code:
0
Version:
5.2.0.36
Modules
Images
c:\users\admin\appdata\local\temp\lotoor.a!mtb' in file 'zkbioonline.exe' during a scheduled scan.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1836"C:\Windows\system32\rundll32.exe" libusb0.dll,usb_install_driver_np_rundll C:\Windows\zkdrv\zkusbdevices.infC:\Windows\System32\rundll32.exe
Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
1844"C:\Program Files\ZKBIOOnline\bin\ZKOnlineProtect.exe"C:\Program Files\ZKBIOOnline\bin\ZKOnlineProtect.exeservices.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Exit code:
0
Modules
Images
c:\program files\zkbioonline\bin\zkonlineprotect.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2100"C:\Windows\system32\net.exe" start "ZKOnlineProtectSvr"C:\Windows\System32\net.exeLotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
2152C:\Windows\system32\cmd.exe /c certutil -addstore -f -enterprise -user root "C:\Program Files\ZKBIOOnline\bin\ZK-rootCA.cer"C:\Windows\System32\cmd.exeZKBioOnline.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2328C:\Windows\system32\net1 stop "ZKBIOOnline Service"C:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
Total events
7 678
Read events
7 605
Write events
69
Delete events
4

Modification events

(PID) Process:(2964) Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2964) Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2964) Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2964) Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2964) Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZKBIOOnline SDK_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.6.1 (a)
(PID) Process:(2964) Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZKBIOOnline SDK_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\ZKBIOOnline
(PID) Process:(2964) Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZKBIOOnline SDK_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\ZKBIOOnline\
(PID) Process:(2964) Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZKBIOOnline SDK_is1
Operation:writeName:Inno Setup: Icon Group
Value:
ZKBIOOnline
(PID) Process:(2964) Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZKBIOOnline SDK_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(2964) Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZKBIOOnline SDK_is1
Operation:writeName:Inno Setup: Language
Value:
en
Executable files
103
Suspicious files
4
Text files
15
Unknown types
18

Dropped files

PID
Process
Filename
Type
3672Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.exeC:\Users\admin\AppData\Local\Temp\is-BU444.tmp\Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpexecutable
MD5:1AFBD25DB5C9A90FE05309F7C4FBCF09
SHA256:3BB0EE5569FE5453C6B3FA25AA517B925D4F8D1F7BA3475E58FA09C46290658C
1776Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.exeC:\Users\admin\AppData\Local\Temp\is-M5KMN.tmp\Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpexecutable
MD5:1AFBD25DB5C9A90FE05309F7C4FBCF09
SHA256:3BB0EE5569FE5453C6B3FA25AA517B925D4F8D1F7BA3475E58FA09C46290658C
2964Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpC:\Program Files\ZKBIOOnline\unins000.exeexecutable
MD5:B5BEEA0AC47E432702E60855B393E583
SHA256:5837C13DC38808FF11CC9FBFA3D528CFDE278BD9F5F8DDB9649A1CB40EFD216A
2964Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpC:\Program Files\ZKBIOOnline\bin\is-ONUKE.tmpexecutable
MD5:B004D352AE83A3900A99DC7ABBAAF22B
SHA256:BE55C495775B74E3165130A86ED67C090CAEF1E87A19EE9759FC82B805565756
2964Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpC:\Program Files\ZKBIOOnline\bin\zkfinger\is-205V1.tmpexecutable
MD5:85E3A627614B7E879E6D31D468AA8156
SHA256:E63179CD95D0F567F1F72E5902B53374B5C657F0D86AA177E3FB7A39CBEEFFB5
2964Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpC:\Program Files\ZKBIOOnline\bin\uninstall_stop.battext
MD5:D80381088C9CD1B1A730FF0F44C21243
SHA256:8B13C5430E64278171018B6E397DF0830ED6C79A7348EC138C29EA159AA15FF7
2964Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpC:\Program Files\ZKBIOOnline\bin\ZKOnlineProtect.exeexecutable
MD5:4F652A8DF50EC87CB20879A93DF9ACAD
SHA256:BE591DF258E637400EFE992949752EFE96DF2FCD75F31246546726730CEB4E13
2964Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpC:\Program Files\ZKBIOOnline\bin\is-GUO0D.tmpexecutable
MD5:4F652A8DF50EC87CB20879A93DF9ACAD
SHA256:BE591DF258E637400EFE992949752EFE96DF2FCD75F31246546726730CEB4E13
2964Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpC:\Program Files\ZKBIOOnline\bin\zkfinger\is-4H6T7.tmpexecutable
MD5:44E90736270666D90B9FFB9934E91409
SHA256:4179E6E781B956822E1C435F3AF384AEDB295C4F26CC06BC2E450002F1D82913
2964Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan.tmpC:\Program Files\ZKBIOOnline\bin\ZKBioOnline.exeexecutable
MD5:DEAB74192AB5DDC9B788B9565A62B5DC
SHA256:AEB2317A57E87E607E199EC1C076C091668B96D30C7CCA4EB3CFDDDA9F86CEFE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
ZKBioOnline.exe
BIOKEY_INIT_SIMPLE lasterror = 0
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Lotoor.A!MTB' in file 'ZKBioOnline.exe' during a scheduled scan