Malware analysis EzExploit Latest.zip Malicious activity

Add for printing

File name:	EzExploit Latest.zip
Full analysis:	https://app.any.run/tasks/3641f97c-1955-4b47-ba37-4a618647ea6d
Verdict:	Malicious activity
Analysis date:	July 05, 2025, 23:44:56
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	arch-exec java
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v2.0 to extract, compression method=store
MD5:	5996C2043B7521C8E597C835A9AF9185
SHA1:	C353EF679FDF9DCB51CD4D20F7EA7BB49A03B9F9
SHA256:	5A5EC4036808E7CA225BA397729B98B5CA4D1E8073B05E650CF50E53A66B7E2E
SSDEEP:	12288:CludmdD3o5EDN8mDDt9Dl0HwcLDxbE0DTsvLEydq:2udID3o5EDNjDt9DlywcDxbE0DTdn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 120 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 60 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (133.0.6943.127)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (133.0.3065.92)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (136.0)
Mozilla Maintenance Service (136.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- Generic archive extractor
  - WinRAR.exe (PID: 7052)
SUSPICIOUS
- Checks for Java to be installed
  - java.exe (PID: 1036)
  - java.exe (PID: 4860)
  - java.exe (PID: 4808)
  - java.exe (PID: 856)
INFO
- Manual execution by a user
  - cmd.exe (PID: 4572)
  - cmd.exe (PID: 2428)
  - cmd.exe (PID: 7136)
  - cmd.exe (PID: 4552)
- Create files in a temporary directory
  - java.exe (PID: 1036)
  - java.exe (PID: 4860)
  - java.exe (PID: 4808)
  - javaw.exe (PID: 1216)
  - java.exe (PID: 856)
- Checks supported languages
  - java.exe (PID: 1036)
  - java.exe (PID: 4860)
  - java.exe (PID: 4808)
  - javaw.exe (PID: 1216)
  - java.exe (PID: 856)
- Creates files in the program directory
  - java.exe (PID: 1036)
- Reads Microsoft Office registry keys
  - OpenWith.exe (PID: 5552)
- Reads security settings of Internet Explorer
  - OpenWith.exe (PID: 5552)
- Application based on Java
  - javaw.exe (PID: 1216)
- Reads the computer name
  - javaw.exe (PID: 1216)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.zip	\|	ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion:	20
ZipBitFlag:	-
ZipCompression:	None
ZipModifyDate:	2025:04:15 20:29:38
ZipCRC:	0x00000000
ZipCompressedSize:	-
ZipUncompressedSize:	-
ZipFileName:	EzExploit Latest/EzExploit/

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

155

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

856

java -jar snapshot.jar

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_2989500\java.exe

—

cmd.exe

User:

admin

Company:

Oracle Corporation

Integrity Level:

MEDIUM

Description:

Java(TM) Platform SE binary

Exit code:

Version:

8.0.2710.9

Modules

Images
c:\program files (x86)\common files\oracle\java\javapath_target_2989500\java.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

1036

java -jar snapshot.jar

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_2989500\java.exe

—

cmd.exe

User:

admin

Company:

Oracle Corporation

Integrity Level:

MEDIUM

Description:

Java(TM) Platform SE binary

Exit code:

Version:

8.0.2710.9

Modules

Images
c:\program files (x86)\common files\oracle\java\javapath_target_2989500\java.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

1132

\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

—

icacls.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Console Window Host

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1216

"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar "C:\Users\admin\Desktop\EzExploit Latest\EzExploit\snapshot.jar"

C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe

—

OpenWith.exe

User:

admin

Company:

Oracle Corporation

Integrity Level:

MEDIUM

Description:

Java(TM) Platform SE binary

Exit code:

Version:

8.0.2710.9

Modules

Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll

1700

\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Console Window Host

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2040

C:\WINDOWS\System32\slui.exe -Embedding

C:\Windows\System32\slui.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Activation Client

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

2428

C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\Desktop\EzExploit Latest\EzExploit\start.bat" "

C:\Windows\System32\cmd.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Command Processor

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll

2648

\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Console Window Host

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

4552

C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\Desktop\EzExploit Latest\EzExploit\start.bat" "

C:\Windows\System32\cmd.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Command Processor

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll

4572

C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\Desktop\EzExploit Latest\EzExploit\start.bat" "

C:\Windows\System32\cmd.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Command Processor

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll

Add for printing

Total events

7 609

Read events

7 596

Write events

Delete events

Modification events


(PID) Process:	(7052) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	3
Value: C:\Users\admin\Desktop\preferences.zip
(PID) Process:	(7052) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:	(7052) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:	(7052) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\AppData\Local\Temp\EzExploit Latest.zip
(PID) Process:	(7052) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(7052) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(7052) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120
(PID) Process:	(7052) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	mtime
Value: 100
(PID) Process:	(7052) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:	write	Name:	ShellExtBMP
Value:
(PID) Process:	(7052) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:	write	Name:	ShellExtIcon
Value:

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
7052	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa7052.41888\EzExploit Latest\EzExploit\config.yml		text
		MD5:6231121A75F5D415FDC54C9E50DA3B1F	SHA256:FB6EC7C1A4B05F4F0725580156EA053ECE1C4730FE525FA60B4A897A4A549565
7052	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa7052.41888\EzExploit Latest\EzExploit\libraries\cmd_list.jar		java
		MD5:E3F0B6C0FF5ECED03B00C2AEA5B19916	SHA256:008F4D48845C1CC12243FBF0BB8023CD42F2627CA9850FFE237FAD51920A7973
7052	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa7052.41888\EzExploit Latest\EzExploit\espr\VdsPro.jar		compressed
		MD5:49322DFBB0BEAED49C9DC64C94924FB0	SHA256:B1BA51E4D0A434601B25CEA274E01D35085FF7D3422B58DCABCF6B0606A5089F
7052	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa7052.41888\EzExploit Latest\EzExploit\espr\RconFix.jar		java
		MD5:BB0199FAD177D12AC638D2DA61F9A4DF	SHA256:87E3C42B1CDBA0B17983EE04ED656D94EBC2101923F4BA4F6DD96DEA83705751
7052	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa7052.41888\EzExploit Latest\EzExploit\libraries\reconnect_yaml.jar		java
		MD5:0832D6ABFFA9AF5A2ABFDFE389626A93	SHA256:0F21068F22BC3BA87F598E417E1FFB6EA8A6886B44A0E16350045F5476C87731
7052	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa7052.41888\EzExploit Latest\EzExploit\libraries\cmd_alert.jar		java
		MD5:3053817C36BD1DFA1CE52C303D1328E6	SHA256:56E2A960F11637F31DC30D652532950E834161D2AB36A10C0C57C9E445F8DACE
7052	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa7052.41888\EzExploit Latest\EzExploit\java\net\md_5\bungee\module\cmd\server\CommandServer.java		text
		MD5:6E40F8CCD6CE7BEAD2376C595B86DB87	SHA256:EDC15FA70BC5604A75286885B91D481B098401A8A08CBDCED747FCCCEDD3D1C9
7052	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa7052.41888\EzExploit Latest\EzExploit\java\net\md_5\bungee\module\cmd\server\PluginServer.java		text
		MD5:51889CCEE78F54E288B1B123574263A6	SHA256:9C62C485CDAA6E9CBFF1DC7E56097678BEB62B8CF394A94C1275002F3E29D8ED
7052	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa7052.41888\EzExploit Latest\EzExploit\libraries\cmd_server.jar		java
		MD5:A958A700C64F3B6C07BB0E5183B37807	SHA256:A25B5B1C4EB732C149BBB070B97C9C60E2ACBB66916BFBA41D24378745282B6F
7052	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa7052.41888\EzExploit Latest\EzExploit\libraries\cmd_send.jar		java
		MD5:B06755DEDD8D7D81F80C17013C47B16E	SHA256:5002C806A46F7736B85FB6ED1ECB7E555A8A284C01752CB3C6F58EBF4F6E34F6

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1268	svchost.exe	GET	200	23.55.104.172:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
1268	svchost.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
7060	svchost.exe	GET	200	2.23.77.188:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
2180	SIHClient.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
2180	SIHClient.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1268	svchost.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
5944	MoUsoCoreWorker.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
5708	RUXIMICS.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1268	svchost.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
1268	svchost.exe	23.55.104.172:80	crl.microsoft.com	Akamai International B.V.	US	whitelisted
1268	svchost.exe	95.101.149.131:80	www.microsoft.com	Akamai International B.V.	NL	whitelisted
7060	svchost.exe	40.126.31.69:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
7060	svchost.exe	2.23.77.188:80	ocsp.digicert.com	AKAMAI-AS	DE	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	51.104.136.2 40.127.240.158 4.231.128.59	whitelisted
google.com	142.250.185.78	whitelisted
crl.microsoft.com	23.55.104.172	whitelisted
www.microsoft.com	95.101.149.131	whitelisted
login.live.com	40.126.31.69 20.190.159.130 20.190.159.4 20.190.159.23 20.190.159.0 20.190.159.131 20.190.159.2 20.190.159.129	whitelisted
ocsp.digicert.com	2.23.77.188	whitelisted
nexusrules.officeapps.live.com	52.111.227.14	whitelisted
slscr.update.microsoft.com	20.109.210.53	whitelisted
fe3cr.delivery.mp.microsoft.com	20.242.39.171	whitelisted
client.wns.windows.com	172.211.123.249	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

EzExploit Latest.zip

5996C2043B7521C8E597C835A9AF9185

C353EF679FDF9DCB51CD4D20F7EA7BB49A03B9F9

5A5EC4036808E7CA225BA397729B98B5CA4D1E8073B05E650CF50E53A66B7E2E

12288:CludmdD3o5EDN8mDDt9Dl0HwcLDxbE0DTsvLEydq:2udID3o5EDNjDt9DlywcDxbE0DTdn

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Generic archive extractor

SUSPICIOUS

Checks for Java to be installed

INFO

Manual execution by a user

Create files in a temporary directory

Checks supported languages

Creates files in the program directory

Reads Microsoft Office registry keys

Reads security settings of Internet Explorer

Application based on Java

Reads the computer name

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings