File name:

TPS Xiaomi Tool.exe

Full analysis: https://app.any.run/tasks/724d7d95-0949-4dab-b075-952d7b3dea60
Verdict: Malicious activity
Analysis date: May 23, 2020, 00:18:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
MD5:

71B52678AFBE02F88BC172032EE076A3

SHA1:

DC07501DDA620A780073A5B2085D4690E204FBA6

SHA256:

74FEADC84784D0DBA6681C4D4ECA3F4D61C9DEF81CE92DC1D344F98FEBB17AA6

SSDEEP:

196608:/c7Tq+c2LP/hFT93CCoiduA6oERhH0/2EqGijx:U7Tq+jVSdAwU6x

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • adb.exe (PID: 2440)
      • adb.exe (PID: 2340)
      • fastboot.exe (PID: 3944)
      • adb.exe (PID: 3352)
      • adb.exe (PID: 1296)
      • adb.exe (PID: 1848)
      • fastboot.exe (PID: 2492)
      • fastboot.exe (PID: 3196)
      • adb.exe (PID: 1760)
      • fastboot.exe (PID: 3240)
      • adb.exe (PID: 3012)
      • fastboot.exe (PID: 3384)
      • fastboot.exe (PID: 2636)
      • adb.exe (PID: 3916)
      • adb.exe (PID: 2064)
      • fastboot.exe (PID: 3296)
      • adb.exe (PID: 3600)
      • adb.exe (PID: 304)
      • fastboot.exe (PID: 3372)
      • adb.exe (PID: 3588)
      • fastboot.exe (PID: 3044)
      • fastboot.exe (PID: 3596)
      • fastboot.exe (PID: 2248)
      • adb.exe (PID: 2752)
      • adb.exe (PID: 3004)
      • fastboot.exe (PID: 2948)
      • adb.exe (PID: 3876)
      • fastboot.exe (PID: 2064)
      • fastboot.exe (PID: 1464)
      • adb.exe (PID: 3708)
      • adb.exe (PID: 3928)
      • fastboot.exe (PID: 3360)
      • adb.exe (PID: 2488)
      • fastboot.exe (PID: 3748)
      • fastboot.exe (PID: 2376)
      • adb.exe (PID: 3972)
      • adb.exe (PID: 2968)
      • adb.exe (PID: 2452)
      • fastboot.exe (PID: 3744)
      • adb.exe (PID: 2556)
      • fastboot.exe (PID: 1296)
      • fastboot.exe (PID: 1544)
      • adb.exe (PID: 3992)
      • fastboot.exe (PID: 2780)
      • adb.exe (PID: 4068)
      • fastboot.exe (PID: 2776)
      • adb.exe (PID: 4092)
      • fastboot.exe (PID: 3188)
      • adb.exe (PID: 1780)
      • fastboot.exe (PID: 2800)
      • adb.exe (PID: 3588)
      • fastboot.exe (PID: 3664)
      • adb.exe (PID: 2708)
      • fastboot.exe (PID: 480)
      • fastboot.exe (PID: 2592)
      • adb.exe (PID: 1748)
      • adb.exe (PID: 2956)
      • adb.exe (PID: 4068)
      • fastboot.exe (PID: 3276)
      • fastboot.exe (PID: 3196)
      • fastboot.exe (PID: 2012)
      • adb.exe (PID: 2752)
      • fastboot.exe (PID: 3556)
      • adb.exe (PID: 3816)
      • fastboot.exe (PID: 1812)
      • adb.exe (PID: 2104)
      • fastboot.exe (PID: 968)
      • adb.exe (PID: 2248)
      • adb.exe (PID: 2244)
      • adb.exe (PID: 1428)
      • fastboot.exe (PID: 3148)
      • adb.exe (PID: 1844)
      • fastboot.exe (PID: 2500)
      • adb.exe (PID: 3852)
      • fastboot.exe (PID: 2908)
      • fastboot.exe (PID: 1008)
      • fastboot.exe (PID: 2432)
      • adb.exe (PID: 2252)
      • fastboot.exe (PID: 1464)
      • adb.exe (PID: 3736)
      • adb.exe (PID: 1708)
      • fastboot.exe (PID: 3052)
      • adb.exe (PID: 536)
      • adb.exe (PID: 3380)
      • fastboot.exe (PID: 2732)
      • adb.exe (PID: 1536)
      • fastboot.exe (PID: 1564)
      • adb.exe (PID: 1084)
      • fastboot.exe (PID: 2636)
      • adb.exe (PID: 3448)
      • fastboot.exe (PID: 3188)
      • fastboot.exe (PID: 2964)
      • adb.exe (PID: 404)

    • Application was dropped or rewritten from another process

      • Xiaomi Tool.exe (PID: 1400)
      • emmcdl.exe (PID: 2412)
      • fastboot.exe (PID: 2492)
      • adb.exe (PID: 2440)
      • adb.exe (PID: 2340)
      • emmcdl.exe (PID: 440)
      • fastboot.exe (PID: 3944)
      • adb.exe (PID: 1296)
      • adb.exe (PID: 3352)
      • fastboot.exe (PID: 3196)
      • adb.exe (PID: 1848)
      • emmcdl.exe (PID: 2484)
      • adb.exe (PID: 3916)
      • adb.exe (PID: 1760)
      • fastboot.exe (PID: 2636)
      • fastboot.exe (PID: 3240)
      • emmcdl.exe (PID: 2124)
      • adb.exe (PID: 3012)
      • fastboot.exe (PID: 3384)
      • emmcdl.exe (PID: 2628)
      • adb.exe (PID: 2064)
      • fastboot.exe (PID: 3296)
      • emmcdl.exe (PID: 3976)
      • emmcdl.exe (PID: 3800)
      • adb.exe (PID: 304)
      • fastboot.exe (PID: 3664)
      • adb.exe (PID: 3600)
      • fastboot.exe (PID: 3372)
      • emmcdl.exe (PID: 1340)
      • adb.exe (PID: 2708)
      • fastboot.exe (PID: 3044)
      • emmcdl.exe (PID: 2712)
      • emmcdl.exe (PID: 3240)
      • adb.exe (PID: 2752)
      • adb.exe (PID: 3588)
      • fastboot.exe (PID: 2248)
      • fastboot.exe (PID: 3596)
      • emmcdl.exe (PID: 3144)
      • fastboot.exe (PID: 2948)
      • adb.exe (PID: 3004)
      • emmcdl.exe (PID: 2096)
      • adb.exe (PID: 3876)
      • fastboot.exe (PID: 1464)
      • emmcdl.exe (PID: 1840)
      • adb.exe (PID: 3708)
      • fastboot.exe (PID: 2064)
      • emmcdl.exe (PID: 1604)
      • adb.exe (PID: 3928)
      • fastboot.exe (PID: 3360)
      • emmcdl.exe (PID: 3776)
      • fastboot.exe (PID: 3748)
      • emmcdl.exe (PID: 3016)
      • adb.exe (PID: 3972)
      • fastboot.exe (PID: 2376)
      • emmcdl.exe (PID: 3872)
      • adb.exe (PID: 2968)
      • fastboot.exe (PID: 1296)
      • adb.exe (PID: 2488)
      • emmcdl.exe (PID: 2316)
      • fastboot.exe (PID: 2780)
      • adb.exe (PID: 2556)
      • adb.exe (PID: 2452)
      • fastboot.exe (PID: 3744)
      • emmcdl.exe (PID: 3760)
      • adb.exe (PID: 4092)
      • emmcdl.exe (PID: 4000)
      • fastboot.exe (PID: 1544)
      • adb.exe (PID: 3992)
      • fastboot.exe (PID: 3188)
      • emmcdl.exe (PID: 1876)
      • fastboot.exe (PID: 2776)
      • adb.exe (PID: 4068)
      • emmcdl.exe (PID: 3472)
      • adb.exe (PID: 1748)
      • emmcdl.exe (PID: 3704)
      • fastboot.exe (PID: 2800)
      • adb.exe (PID: 3588)
      • fastboot.exe (PID: 2592)
      • fastboot.exe (PID: 480)
      • emmcdl.exe (PID: 1784)
      • adb.exe (PID: 1780)
      • emmcdl.exe (PID: 2456)
      • emmcdl.exe (PID: 3372)
      • fastboot.exe (PID: 3196)
      • fastboot.exe (PID: 3276)
      • adb.exe (PID: 4068)
      • adb.exe (PID: 2248)
      • emmcdl.exe (PID: 956)
      • emmcdl.exe (PID: 2828)
      • emmcdl.exe (PID: 3092)
      • adb.exe (PID: 2956)
      • emmcdl.exe (PID: 3464)
      • fastboot.exe (PID: 3556)
      • adb.exe (PID: 3816)
      • emmcdl.exe (PID: 2928)
      • adb.exe (PID: 2104)
      • fastboot.exe (PID: 1812)
      • emmcdl.exe (PID: 3160)
      • fastboot.exe (PID: 968)
      • adb.exe (PID: 2752)
      • adb.exe (PID: 2244)
      • fastboot.exe (PID: 2908)
      • adb.exe (PID: 1428)
      • emmcdl.exe (PID: 1920)
      • fastboot.exe (PID: 3148)
      • emmcdl.exe (PID: 1444)
      • adb.exe (PID: 1844)
      • fastboot.exe (PID: 2500)
      • emmcdl.exe (PID: 3596)
      • adb.exe (PID: 3852)
      • emmcdl.exe (PID: 3460)
      • fastboot.exe (PID: 2012)
      • fastboot.exe (PID: 1008)
      • emmcdl.exe (PID: 2900)
      • fastboot.exe (PID: 1464)
      • adb.exe (PID: 3736)
      • emmcdl.exe (PID: 2368)
      • emmcdl.exe (PID: 564)
      • fastboot.exe (PID: 2432)
      • adb.exe (PID: 1708)
      • adb.exe (PID: 2252)
      • adb.exe (PID: 536)
      • emmcdl.exe (PID: 2296)
      • adb.exe (PID: 3380)
      • emmcdl.exe (PID: 1252)
      • fastboot.exe (PID: 2732)
      • adb.exe (PID: 1536)
      • fastboot.exe (PID: 2964)
      • fastboot.exe (PID: 1564)
      • emmcdl.exe (PID: 3028)
      • fastboot.exe (PID: 3052)
      • fastboot.exe (PID: 3188)
      • emmcdl.exe (PID: 1388)
      • adb.exe (PID: 1084)
      • fastboot.exe (PID: 2636)
      • emmcdl.exe (PID: 3720)
      • adb.exe (PID: 3448)
      • emmcdl.exe (PID: 2120)
      • adb.exe (PID: 404)
      • fastboot.exe (PID: 3704)
      • emmcdl.exe (PID: 3912)

  • SUSPICIOUS

    • Application launched itself

      • adb.exe (PID: 2340)
      • adb.exe (PID: 3352)

    • Executable content was dropped or overwritten

      • TPS Xiaomi Tool.exe (PID: 3224)

    • Starts Internet Explorer

      • Xiaomi Tool.exe (PID: 1400)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3760)
      • iexplore.exe (PID: 3980)

    • Changes internet zones settings

      • iexplore.exe (PID: 3760)

    • Application launched itself

      • iexplore.exe (PID: 3760)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3980)

    • Dropped object may contain TOR URL's

      • iexplore.exe (PID: 3980)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 3980)
      • iexplore.exe (PID: 3760)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3760)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3760)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:02:03 20:38:25+01:00
PEType: PE32
LinkerVersion: 9
CodeSize: 169984
InitializedDataSize: 784384
UninitializedDataSize: -
EntryPoint: 0x1e64b
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 03-Feb-2016 19:38:25
Detected languages:
  • English - United States
  • Process Default Language
Debug artifacts:
  • d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000E8

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 4
Time date stamp: 03-Feb-2016 19:38:25
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00029604
0x00029800
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.7094
.rdata
0x0002B000
0x000058A3
0x00005A00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.09421
.data
0x00031000
0x00021608
0x00001800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
3.58964
.rsrc
0x00053000
0x000B8544
0x000B8600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
2.58497

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.25329
1875
Latin 1 / Western European
English - United States
RT_MANIFEST
2
1.9858
270376
Latin 1 / Western European
Process Default Language
RT_ICON
3
2.15448
67624
Latin 1 / Western European
Process Default Language
RT_ICON
4
2.31235
38056
Latin 1 / Western European
Process Default Language
RT_ICON
5
2.50636
16936
Latin 1 / Western European
Process Default Language
RT_ICON
6
2.7127
9640
Latin 1 / Western European
Process Default Language
RT_ICON
7
3.1586
482
Latin 1 / Western European
English - United States
RT_STRING
8
3.11685
460
Latin 1 / Western European
English - United States
RT_STRING
9
3.15447
494
Latin 1 / Western European
English - United States
RT_STRING
10
2.99727
326
Latin 1 / Western European
English - United States
RT_STRING

Imports

COMCTL32.dll (delay-loaded)
KERNEL32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
324
Monitored processes
145
Malicious processes
6
Suspicious processes
89

Behavior graph

Click at the process to see the details
drop and start start tps xiaomi tool.exe xiaomi tool.exe no specs adb.exe adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs iexplore.exe adb.exe iexplore.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe fastboot.exe no specs emmcdl.exe no specs adb.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
304"bin\adb.exe" devicesC:\Users\admin\AppData\Local\Temp\RarSFX0\bin\adb.exe
Xiaomi Tool.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\bin\adb.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\rarsfx0\bin\adbwinapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
404"bin\adb.exe" devicesC:\Users\admin\AppData\Local\Temp\RarSFX0\bin\adb.exe
Xiaomi Tool.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\bin\adb.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\rarsfx0\bin\adbwinapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
440"bin\emmcdl.exe" -lC:\Users\admin\AppData\Local\Temp\RarSFX0\bin\emmcdl.exeXiaomi Tool.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\bin\emmcdl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
480"bin\fastboot.exe" devicesC:\Users\admin\AppData\Local\Temp\RarSFX0\bin\fastboot.exeXiaomi Tool.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\bin\fastboot.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\rarsfx0\bin\adbwinapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
536"bin\adb.exe" devicesC:\Users\admin\AppData\Local\Temp\RarSFX0\bin\adb.exe
Xiaomi Tool.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\bin\adb.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\rarsfx0\bin\adbwinapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
564"bin\emmcdl.exe" -lC:\Users\admin\AppData\Local\Temp\RarSFX0\bin\emmcdl.exeXiaomi Tool.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\conhost.exe
c:\users\admin\appdata\local\temp\rarsfx0\bin\emmcdl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
956"bin\emmcdl.exe" -lC:\Users\admin\AppData\Local\Temp\RarSFX0\bin\emmcdl.exeXiaomi Tool.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\bin\emmcdl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
968"bin\fastboot.exe" devicesC:\Users\admin\AppData\Local\Temp\RarSFX0\bin\fastboot.exeXiaomi Tool.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\bin\fastboot.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\rarsfx0\bin\adbwinapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1008"bin\fastboot.exe" devicesC:\Users\admin\AppData\Local\Temp\RarSFX0\bin\fastboot.exeXiaomi Tool.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\bin\fastboot.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\rarsfx0\bin\adbwinapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1084"bin\adb.exe" devicesC:\Users\admin\AppData\Local\Temp\RarSFX0\bin\adb.exe
Xiaomi Tool.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\conhost.exe
c:\users\admin\appdata\local\temp\rarsfx0\bin\adb.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
Total events
2 042
Read events
1 164
Write events
607
Delete events
271

Modification events

(PID) Process:(3224) TPS Xiaomi Tool.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3224) TPS Xiaomi Tool.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(1400) Xiaomi Tool.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{17FE9752-0B5A-4665-84CD-569794602F5C} {7F9185B0-CB92-43C5-80A9-92277A4F7B54} 0xFFFF
Value:
0100000000000000EE67F9C99730D601
(PID) Process:(3760) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
3689971736
(PID) Process:(3760) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30814359
(PID) Process:(3760) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3760) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3760) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3760) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3760) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
Executable files
7
Suspicious files
16
Text files
120
Unknown types
18

Dropped files

PID
Process
Filename
Type
3224TPS Xiaomi Tool.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\prog\prog_emmc_firehose_8936.mbno
MD5:CC092B13B1BB46B5893C0474CB372CFE
SHA256:50F761ECA927F15FD274551AB568EC575E8DC4DA21BA6DAF51D16365DECF90D4
3224TPS Xiaomi Tool.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\prog\prog_emmc_firehose_8916_ddr.mbno
MD5:0C40029189817BF87AA256D6E10EBAAE
SHA256:081B5FA07A28FD9702A54980A149FD4430E3686EB82E530181571C3F73BC0771
3224TPS Xiaomi Tool.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\prog\prog_emmc_firehose_8937_ddr.mbno
MD5:394762FC9B12E789EC8C83A2B3C68A32
SHA256:0F09CCE0B0063AA787F5D3D7A3A1C8C679340B836055CD43B2BECF95E4683A16
3224TPS Xiaomi Tool.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\prog\prog_emmc_firehose_8953_ddr.mbno
MD5:7432B18B3DE13A4006CD18456926DA4A
SHA256:9F4F747E6B34AD4367C8D2A16939FDAC98EF1F99135C0EE3C804E764B3290926
3224TPS Xiaomi Tool.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\prog\prog_emmc_firehose_8953.mbno
MD5:328B4F0F88F79CF718318FDCE7A05223
SHA256:106DA54E2B265E89A9A8990FBA09F2B5DD31827908620A54A955FD13B3AE146A
3224TPS Xiaomi Tool.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\prog\prog_emmc_firehose_8976_ddr.mbno
MD5:8391F1D9FC965F0F5B3954BCC8955398
SHA256:A95B538AD6838BC3DD47CD5BDD54D901EF063561EB1E902A34FC3B0A19D0DF3F
3224TPS Xiaomi Tool.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\prog\prog_emmc_firehose_8974.mbnbinary
MD5:74F11B10B33C1988494B947C64A006B8
SHA256:964B5C486B200AA6462733A682F9CEAD3EBFAD555CE2FF3622FEA8B279B006EE
3224TPS Xiaomi Tool.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\prog\prog_emmc_firehose_8917_ddr.mbno
MD5:0C9D056A3B7EBE489CB9277BD2943902
SHA256:8FE42241E7710A29D2723DEBDB2D6C8AC44432FF3EDFABA3BF45F4EEF25AA3A8
3224TPS Xiaomi Tool.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\prog\prog_ufs_firehose_8996.elfo
MD5:03622174F2483AC36702C260A640D5BD
SHA256:4DF0F3BA55CEDDBC119C8B5F12BCC2AAEE4D204517CB29FDACF6F14B6390BFA7
3224TPS Xiaomi Tool.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\TestPoints\Capricornimage
MD5:8405F1012ED74BDE66E951AB3C5A769E
SHA256:79787E52D8D830F21D4F0278ABC276C1E62E680B321C6E3E1EBAF0156E86A113
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
40
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3980
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEA6O%2BBjVXZc2rpJ%2B516RAgc%3D
US
der
471 b
whitelisted
3980
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
3980
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEA6O%2BBjVXZc2rpJ%2B516RAgc%3D
US
der
471 b
whitelisted
3760
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
3980
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
US
der
471 b
whitelisted
3980
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAlYH7M%2B8vLc4AsLWUhBAKk%3D
US
der
471 b
whitelisted
3980
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAlYH7M%2B8vLc4AsLWUhBAKk%3D
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3980
iexplore.exe
157.240.221.16:443
scontent-lhr8-1.xx.fbcdn.net
US
unknown
3980
iexplore.exe
157.240.1.23:443
scontent-lht6-1.xx.fbcdn.net
Facebook, Inc.
US
whitelisted
157.240.20.19:443
static.xx.fbcdn.net
Facebook, Inc.
US
whitelisted
3980
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3980
iexplore.exe
157.240.20.19:443
static.xx.fbcdn.net
Facebook, Inc.
US
whitelisted
3760
iexplore.exe
204.79.197.200:80
www.facebook.com
Microsoft Corporation
US
whitelisted
3980
iexplore.exe
157.240.20.35:443
facebook.com
Facebook, Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.facebook.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
static.xx.fbcdn.net
  • 157.240.20.19
whitelisted
scontent-lht6-1.xx.fbcdn.net
  • 157.240.1.23
whitelisted
scontent-lhr8-1.xx.fbcdn.net
  • 157.240.221.16
whitelisted
external-lht6-1.xx.fbcdn.net
  • 157.240.1.23
whitelisted
facebook.com
  • 157.240.20.35
whitelisted
fbcdn.net
  • 157.240.20.35
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
TPS Xiaomi Tool.exe