Click to jump to signature section
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Avira: detected |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | ReversingLabs: Detection: 31% |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Virustotal: Detection: 41% | Perma Link |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2115644955.000000014007C000.00000002.00000001.01000000.00000006.sdmp | Binary or memory string: -----BEGIN PUBLIC KEY----- | memstr_46d88a26-2 |
Source: unknown | HTTPS traffic detected: 104.26.0.5:443 -> 192.168.2.5:49708 version: TLS 1.2 |
Source: | Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\x64\Release\XBundlerTlsHelper.pdb source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2116203527.0000000141EA2000.00000040.00000001.01000000.00000006.sdmp |
Source: | Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2116203527.00000001420D6000.00000040.00000001.01000000.00000006.sdmp |
Source: | Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2116203527.00000001420D6000.00000040.00000001.01000000.00000006.sdmp |
Source: Joe Sandbox View | IP Address: 104.26.0.5 104.26.0.5 |
Source: Joe Sandbox View | JA3 fingerprint: ce5f3254611a8c095a3d821d44539877 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic | DNS traffic detected: DNS query: keyauth.win |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2115438203.00000000004EC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://keyauth.win/api/1.2/ |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2115438203.00000000004EC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://keyauth.win/api/1.2/L |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2115438203.00000000004EC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://keyauth.win/api/1.2/y= |
Source: unknown | Network traffic detected: HTTP traffic on port 49708 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49708 |
Source: unknown | HTTPS traffic detected: 104.26.0.5:443 -> 192.168.2.5:49708 version: TLS 1.2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4712 -s 516 |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Static PE information: Section: .reloc ZLIB complexity 1.5 |
Source: classification engine | Classification label: mal84.evad.winEXE@18/1@1/2 |
Source: C:\Windows\System32\WerFault.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6164:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6300:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7148:120:WilError_03 |
Source: C:\Windows\System32\WerFault.exe | File created: C:\ProgramData\Microsoft\Windows\WER\Temp\cf61b6f6-cc49-4c74-9e0c-ecd7a63a3e68 | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | ReversingLabs: Detection: 31% |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Virustotal: Detection: 41% |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | String found in binary or memory: iphlpapi.dllif_nametoindexkernel32LoadLibraryExA\/AddDllDirectory |
Source: unknown | Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5 | find /i /v "md5" | find /i /v "certutil" | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\certutil.exe certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5 | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\find.exe find /i /v "md5" | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\find.exe find /i /v "certutil" | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\cmd.exe cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\timeout.exe timeout /t 5 | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4712 -s 516 | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5 | find /i /v "md5" | find /i /v "certutil" | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\certutil.exe certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5 | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\find.exe find /i /v "md5" | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\find.exe find /i /v "certutil" | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\cmd.exe cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\timeout.exe timeout /t 5 | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: msvcp140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: certcli.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: cryptui.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: ntdsapi.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: certca.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: logoncli.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: dsrole.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\certutil.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\find.exe | Section loaded: ulib.dll | Jump to behavior |
Source: C:\Windows\System32\find.exe | Section loaded: fsutilext.dll | Jump to behavior |
Source: C:\Windows\System32\find.exe | Section loaded: ulib.dll | Jump to behavior |
Source: C:\Windows\System32\find.exe | Section loaded: fsutilext.dll | Jump to behavior |
Source: C:\Windows\System32\timeout.exe | Section loaded: version.dll | Jump to behavior |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Static PE information: Image base 0x140000000 > 0x60000000 |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Static file information: File size 37365264 > 1048576 |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x2304c00 |
Source: | Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\x64\Release\XBundlerTlsHelper.pdb source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2116203527.0000000141EA2000.00000040.00000001.01000000.00000006.sdmp |
Source: | Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2116203527.00000001420D6000.00000040.00000001.01000000.00000006.sdmp |
Source: | Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2116203527.00000001420D6000.00000040.00000001.01000000.00000006.sdmp |
Source: initial sample | Static PE information: section where entry point is pointing to: .boot |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Static PE information: section name: .themida |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Static PE information: section name: .boot |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Window searched: window name: FilemonClass | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Window searched: window name: PROCMON_WINDOW_CLASS | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Window searched: window name: RegmonClass | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | System information queried: FirmwareTableInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion | Jump to behavior |
Source: C:\Windows\System32\timeout.exe TID: 1576 | Thread sleep count: 34 > 30 | Jump to behavior |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2115438203.00000000004EC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | System information queried: ModuleInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Thread information set: HideFromDebugger | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Open window title or class name: regmonclass |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Open window title or class name: process monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Open window title or class name: procmon_window_class |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Open window title or class name: registry monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Open window title or class name: filemonclass |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Open window title or class name: file monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process queried: DebugPort | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process queried: DebugPort | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process queried: DebugObjectHandle | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process queried: DebugPort | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process queried: DebugPort | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process queried: DebugFlags | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process queried: DebugObjectHandle | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Memory protected: page execute and read and write | page guard | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | NtQueryInformationProcess: Indirect: 0x14259EAF8 | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | NtQuerySystemInformation: Indirect: 0x1424CD11B | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | NtQueryInformationProcess: Indirect: 0x14255F38B | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | NtSetInformationThread: Indirect: 0x142592491 | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5 | find /i /v "md5" | find /i /v "certutil" | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe | Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\certutil.exe certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5 | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\find.exe find /i /v "md5" | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\find.exe find /i /v "certutil" | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\cmd.exe cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\timeout.exe timeout /t 5 | Jump to behavior |