Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Analysis ID:	1428726
MD5:	d5f317dc88e71e133b8b4f547e7762a8
SHA1:	867e8e1790faf642b680e84dc128bf51842a5350
SHA256:	9d694811b5c1915fcebbe45352118cbfc22737e95aba2c2acc69667f7f7e7a34
Tags:	exe
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

PE file contains sections with non-standard names

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe (PID: 6728 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe" MD5: D5F317DC88E71E133B8B4F547E7762A8)

notepad.exe (PID: 3732 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\help.txt MD5: E92D3A824A0578A50D2DD81B5060145F)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

ReversingLabs: Detection: 13%

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 51.75.19.11:3306

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /download/versionhistoryforcreatorpricelist.txt HTTP/1.1User-Agent: BovSoftUploadHost: ttc.bovsoft.com

Source: unknown

DNS traffic detected: queries for: bovsoft.com

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://autodielyvm.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://autodielyvm.sk/inshop/scripts/shop.aspx?ClearSearch=1&action=DoTecDocSearch&searchcode=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://autodily-hk.cz/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://autodily-hk.cz/?searchInput=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://chastite.bg/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://chastite.bg/search/?q=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://eshop.autocentrumm.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://eshop.autocentrumm.sk/partscatalogue/0
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://eshop.autotechna.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://eshop.autotechna.sk/Search/Number?number=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://pointgear.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://pointgear.de/autoteile/teile-g10001.html?q=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2914375591.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2914375591.0000000002A2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ttc.bovsoft.com/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://ttc.bovsoft.com/buy.html#buycreatorpricelistopen
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://ttc.bovsoft.com/download/ExportPriceLists.exe
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://ttc.bovsoft.com/download/versionhistoryforcreatorpricelist.txt
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2913434906.00000000009C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ttc.bovsoft.com/download/versionhistoryforcreatorpricelist.txt$uF
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2913434906.00000000009C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ttc.bovsoft.com/download/versionhistoryforcreatorpricelist.txtSs
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://ttc.bovsoft.com/download/versionhistoryforcreatorpricelist.txtopenU
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://ttc.bovsoft.com/download/versionhistoryforcreatorpricelist.txtopenj
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://ttc.bovsoft.com/index.html#exporterpricelistsDVarFileInfo$
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2914375591.00000000029D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ttc.bovsoft.com/ownload/versionhistoryforcreatorpricelist.txt
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://ttc.bovsoft.com/service/getcodefor_creatorpricelist.php?email=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.auto-doc.at/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.auto-doc.at/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.auto-doc.fr/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.auto-doc.fr/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.auto-doc.it/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.auto-doc.it/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.auto-doc.pt/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.auto-doc.pt/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.auto-onderdelenexpert.nl/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.auto-onderdelenexpert.nl/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.auto-onderdelenshop.be/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.auto-onderdelenshop.be/zoeken?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodielygafa.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodielygafa.sk/inshop/scripts/shop.aspx?ClearSearch=1&action=DoTecDocSearch&searchcode=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodielyonline24.sk
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodielyonline24.sk/spares-search.html?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.be/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.be/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.bg/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.bg/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.co.no/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.co.no/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.co.uk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.co.uk/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.cz/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.cz/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.de/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.dk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.dk/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.ee/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.ee/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.es/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.es/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.fi/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.fi/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.gr/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.gr/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.hu/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.hu/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.lt/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.lt/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.lu/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.lu/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.lv/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.lv/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.nl/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.nl/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.pl/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.pl/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.se/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.se/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.si/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.si/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc.sk/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc24.ro/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autodoc24.ro/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autokarma.ro/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autokarma.ro/cautare-dupa-cod-produs?search=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autonvaraosatpro.fi/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autonvaraosatpro.fi/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autoteiledirekt.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autoteiledirekt.de/suche.html?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autoteilemann.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autoteilemann.de/catalogsearch/result/?q=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autoteileprofi.at/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autoteileprofi.at/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autoteileprofi.ch/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autoteileprofi.ch/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autoteileprofi.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.autoteileprofi.de/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.benl.ebay.be/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.benl.ebay.be/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.bildelarexpert.se/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.bildelarexpert.se/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.bildeleekspert.dk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.bildeleekspert.dk/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.bildelerekspert.co.no/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.bildelerekspert.co.no/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.comco.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.comco.sk/vyhladavanie-a7?q=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.at/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.at/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.ch/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.ch/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.co.uk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.co.uk/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.com/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.com/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.de/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.ie/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.ie/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.it/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.it/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.nl/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.ebay.nl/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.espertoautoricambi.it/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.espertoautoricambi.it/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.expertautopecas.pt/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.expertautopecas.pt/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.expertoautorecambios.es/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.expertoautorecambios.es/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.fifoautoshop.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.fifoautoshop.sk/cautare_articol/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.maxxparts.gr/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.maxxparts.gr/antallaktika/search?s=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.at/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.at/de/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.be/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.be/fr/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.bg/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.bg/bg/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.ch/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.ch/de/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.co.uk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.co.uk/en/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.com/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.com/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.cz/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.cz/cs/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.de/de/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.dk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.dk/da/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.es/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.es/es/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.fi/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.fi/fi/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.gf/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.gf/fr/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.gp/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.gp/fr/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.gr/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.gr/el/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.hu/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.hu/hu/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.ie/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.ie/en/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.it/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.it/it/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.lu/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.lu/fr/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.mq/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.mq/fr/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.nl/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.nl/fl/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.no/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.no/no/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.pt/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.pt/pt/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.re/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.re/fr/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.ro/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.ro/ro/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.se/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.mister-auto.se/sv/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.onparts.gr/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.onparts.gr/antallaktika/search?s=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.oscaro.es/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.oscaro.es/Catalog/PartsList/Find?toFind=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.piecesauto-pro.fr/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.piecesauto-pro.fr/part-finder?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.piecesauto24.com/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.piecesauto24.com/rechercher?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.piecesautopro.be/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.piecesautopro.be/part-finder?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.recambiosviaweb.com/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.recambiosviaweb.com/referencia.html?ref=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.reservedeler24.co.no/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.reservedeler24.co.no/suche.html?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.yakarouler.com/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: http://www.yakarouler.com/recherche?q=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: https://www.atp-autoteile.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: https://www.atp-autoteile.de/products/id/0/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: https://www.autohut.ro
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: https://www.autohut.ro/piese-auto?c=

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000000.1659457918.000000000072D000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameL vs SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2914375591.00000000029D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNOTEPAD.EXE.MUIj% vs SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2914375591.00000000029D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNOTEPAD.EXEj% vs SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2914711204.0000000004320000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameL vs SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Binary or memory string: OriginalFilenameL vs SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: mal56.winEXE@3/3@2/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

File created: C:\Users\user\Desktop\ExporterPriceLists.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000000.1658999797.0000000000401000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: select DISTINCT CAST(LNG_ID AS VARCHAR(*)) as lngid, (LNG_ISO2) as name from TOF_LANGUAGES where LNG_ISO2 IS NOT NULL and LNG_ISO2 <> '' ORDER BY lngid;
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000000.1658999797.0000000000401000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS `CLIENT` (`ID` int(11) NOT NULL AUTO_INCREMENT, `EMAIL` varchar(100) NOT NULL, `SECURKEY` varchar(100) NOT NULL DEFAULT '', `KEYDATA` datetime DEFAULT NULL, `BALLS` int(11) NOT NULL DEFAULT '0', `CONNECT` int(11) NOT NULL DEFAULT '0', PRIMARY KEY (`ID`), KEY `EMAIL_SECURKEY` (`EMAIL`, `SECURKEY`), KEY `KEYDATA` (`KEYDATA`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000000.1658999797.0000000000401000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS `CONNECT` (`ID_CLIENT` int(11) NOT NULL DEFAULT '0', `IP` varchar(30) NOT NULL, `DATA_FOR_DEMO` datetime DEFAULT NULL, KEY `IP` (`IP`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

ReversingLabs: Detection: 13%

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: NATS-SEFI-ADD
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: NATS-DANO-ADD
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: JIS_C6229-1984-b-add
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: jp-ocr-b-add
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: JIS_C6229-1984-hand-add
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: jp-ocr-hand-add
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: ISO_6937-2-add
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	String found in binary or memory: . Re-start program

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Process created: C:\Windows\SysWOW64\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\help.txt
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Process created: C:\Windows\SysWOW64\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\help.txt	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: libeay32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: ssleay32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: libssl32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: efswrt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: msvcp110_win.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

File written: C:\Users\user\Desktop\ExporterPriceLists.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Window found: window name: TComboBox

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Static file information: File size 3392000 > 1048576

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2bf200

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Static PE information: section name: .didata

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809			Jump to behavior

Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2913434906.000000000093E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2913434906.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Process created: C:\Windows\SysWOW64\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\help.txt

Jump to behavior

Source: C:\Windows\SysWOW64\notepad.exe

Queries volume information: C:\Users\user\Desktop\help.txt VolumeInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Process Injection	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	21 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	13%	ReversingLabs
SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	100%	Avira	HEUR/AGEN.1326461

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bovsoft.com	51.75.19.11	true	false		unknown
ttc.bovsoft.com	51.75.19.11	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://www.comco.sk/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.de/de/search_s_refoem_	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.gr/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.co.uk/search?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.auto-doc.fr/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.pt/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.recambiosviaweb.com/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.lt/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.hu/hu/search_s_refoem_	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.autodoc.ee/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.auto-onderdelenshop.be/zoeken?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.ebay.com/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.cz/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.se/search?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.si/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://eshop.autocentrumm.sk/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.autodoc.lv/search?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.hu/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://ttc.bovsoft.com/service/getcodefor_creatorpricelist.php?email=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.mister-auto.pt/pt/search_s_refoem_	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.benl.ebay.be/sch/i.html?_nkw=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autoteileprofi.ch/ersatzteile-suche?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.lu/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.yakarouler.com/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.ebay.at/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.be/fr/search_s_refoem_	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.fi/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.dk/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.de/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://autodielyvm.sk/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.autodoc.bg/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodielygafa.sk/inshop/scripts/shop.aspx?ClearSearch=1&action=DoTecDocSearch&searchcode=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.ebay.ch/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.piecesauto24.com/rechercher?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.gr/search?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.yakarouler.com/recherche?q=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://autodily-hk.cz/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.ebay.it/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.gr/el/search_s_refoem_	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.onparts.gr/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.oscaro.es/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.gp/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.autodoc.lv/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.ch/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.co.no/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.autonvaraosatpro.fi/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.com/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.at/de/search_s_refoem_	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.espertoautoricambi.it/ersatzteile-suche?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.oscaro.es/Catalog/PartsList/Find?toFind=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.fi/search?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.de/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc24.ro/search?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autoteiledirekt.de/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.onparts.gr/antallaktika/search?s=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.ebay.de/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.auto-doc.fr/search?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://eshop.autotechna.sk/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.sk/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autoteileprofi.de/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.bildeleekspert.dk/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.autodielygafa.sk/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodielyonline24.sk	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
https://www.autohut.ro	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.piecesautopro.be/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.dk/search?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://autodielyvm.sk/inshop/scripts/shop.aspx?ClearSearch=1&action=DoTecDocSearch&searchcode=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.fifoautoshop.sk/cautare_articol/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.mister-auto.dk/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.bg/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.mister-auto.ch/de/search_s_refoem_	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.hu/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.autodoc.bg/search?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://ttc.bovsoft.com/download/versionhistoryforcreatorpricelist.txtopenj	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.ebay.at/sch/i.html?_nkw=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.no/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.autodoc.lu/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.ebay.ie/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.es/search?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.fi/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.ro/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.mister-auto.se/sv/search_s_refoem_	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.ie/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.mq/fr/search_s_refoem_	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.mister-auto.cz/cs/search_s_refoem_	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.autodoc.pl/search?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.com/search_s_refoem_	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.de/search?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.cz/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.comco.sk/vyhladavanie-a7?q=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodoc.pl/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.mister-auto.fi/fi/search_s_refoem_	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://chastite.bg/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.autodoc.co.uk/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.ebay.de/sch/i.html?_nkw=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autodielyonline24.sk/spares-search.html?keyword=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autokarma.ro/	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://www.autokarma.ro/cautare-dupa-cod-produs?search=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high
http://ttc.bovsoft.com/download/versionhistoryforcreatorpricelist.txtopenU	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	unknown
http://www.ebay.nl/sch/i.html?_nkw=	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
51.75.19.11	bovsoft.com	France		16276	OVHFR	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428726
Start date and time:	2024-04-19 13:26:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Detection:	MAL
Classification:	mal56.winEXE@3/3@2/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
OVHFR	H6ccnU1094.elf	Get hash	malicious	Mirai, Okiru	Browse	51.210.240.221
	http://tracking.elastic.iscarcup.com/tracking/click?d=XVOGkKKIFI1BUi5gqgZHAdRPhk99njZvP0qXh2IpArKp9RzCSjeoWkfJDrjbcvw75j380eQ4qSrYjhK4RegFgVWSX5L2beQO2AeFGF72kzLV5bUDHAc9_x1G5mw8AznhlHtuepCFbAQZbboWjeiG8YOae_yZBP5-luynay2YDr9Jmf0rVcJIVEgp8xRayU7B_A2	Get hash	malicious	Unknown	Browse	46.105.88.234
	http://www.sushi-idea.com	Get hash	malicious	Unknown	Browse	51.83.143.92
	SecuriteInfo.com.Win64.Evo-gen.10533.31255.exe	Get hash	malicious	Unknown	Browse	51.38.43.18
	https://netflixfreeprimeofficle.blogspot.com/	Get hash	malicious	HTMLPhisher	Browse	54.39.128.162
	TiKj3IVDj4.exe	Get hash	malicious	Mint Stealer	Browse	51.38.43.18
	TiKj3IVDj4.exe	Get hash	malicious	Mint Stealer	Browse	51.38.43.18
	6VXQ3TUNZo.elf	Get hash	malicious	Mirai	Browse	145.239.88.141
	ZOHH8muwjh.elf	Get hash	malicious	Mirai	Browse	139.99.246.126
	https://msteams.link/WK80	Get hash	malicious	Phisher	Browse	145.239.37.162

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
File Type:	Unicode text, UTF-8 (with BOM) text
Category:	dropped
Size (bytes):	692
Entropy (8bit):	5.270819692700389
Encrypted:	false
SSDEEP:	12:001YcVm5Oe9Df1Ycz1BOexEsf1YcTESEOIXBUr1Yc2oml1Ycs9omJOIXBhDMC:0MY39DdYshrdY6gUhYDVY39rhDMC
MD5:	4004F62F50B7BDA22F2772EE920D3E5C
SHA1:	0D2AC8623A1CAA62A509F4DCFABAB175EDB841D3
SHA-256:	AE6FAEBA676FF84254D24365E5DBB75E2820B6DDD9E8AF1F545D8B9006769F1A
SHA-512:	1715F08CB69EBFEDDA1DA421C8D25B906E82CE141025CEFE5CF2D7EEC62C8B0433690036F6B44016ADDACA23525E9BF0717AB2F5F9DA07F90EE13BE63D3D9049
Malicious:	false
Reputation:	low
Preview:	."AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.18 released Sep 26, 2018 (Major Update).[+] Fixed internet connection......"AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.17 released May 24, 2017 (Major Update).[+] Fixed function export prices for AUTODOC company......"AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.16 released April 29, 2017 (Major Update).[+] Added new suppliers :...AUTOHUT.RO..AUTOKARMA.RO........"AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.15 released Nov 28, 2016 (Major Update)."AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.14 released Nov 27, 2016 (Major Update).[+] Added new suppliers :...YAKAROULER.COM !!! errors

C:\Users\user\Desktop\ExporterPriceLists.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
File Type:	Unicode text, UTF-8 text, with no line terminators
Category:	dropped
Size (bytes):	3
Entropy (8bit):	1.584962500721156
Encrypted:	false
SSDEEP:	3:g:g
MD5:	ECAA88F7FA0BF610A5A26CF545DCD3AA
SHA1:	57218C316B6921E2CD61027A2387EDC31A2D9471
SHA-256:	F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
SHA-512:	37C783B80B1D458B89E712C2DFE2777050EFF0AEFC9F6D8BEEDEE77807D9AEB2E27D14815CF4F0229B1D36C186BB5F2B5EF55E632B108CC41E9FB964C39B42A5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.

C:\Users\user\Desktop\help.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2615
Entropy (8bit):	5.039067018947502
Encrypted:	false
SSDEEP:	48:cj8UcZDwB/iWN6oasIcXl3IOrMwO+ajc4IdDcdUO8c/cOqUQjkVKpTE7ej+7vmiN:i1IDwYoaaV3IiMvZjn4DQ/hCBpTEaCLt
MD5:	E36FF594BFB9E63C2D04AAD8A6C7015F
SHA1:	6EB724E13891C8E24039675B01C9E6884FB31BE2
SHA-256:	E1FDA86D9AC7BE80FCAF61E73B3D81D40DB0958932120B94E7A7597734B00DA0
SHA-512:	8CDD8D8F471E926A3903F57594B68B74EABE7DD727344D10434AAB649726A37C35A360B910D68D2B2133F5418F9BAC022F7150ABC41CDD6156F37C0F933C3D47
Malicious:	false
Reputation:	low
Preview:	******AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS *****..Multi-threaded program to automate to getting prices of spare parts from ..different suppliers, which enables to determine the price without login on ..site to supplier, with this program you can : .. ------------.. 1. Create table parts for various manufacturers.. 2. Get prices for spare parts on the supplier according to the specified brands and part numbers.. 3. Make price comparisons specified parts for different suppliers.. 4. Export data in Excel-format.. 5. Free add the site of your supplier or your store to possible to compare prices....***************** NECESSARY PARAMETERS *********************..- Installed MS Excel..- Have a connection to the Internet..- Registration program, AS UNREGISTERED VERSION HAVE SPEED LIMIT FOR GETTING PRICES (delay 1 seconds for each thread)....*********************** SETTING *****************************....panel [SETTING DATA].. 1. Run program.. 2.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.506911259473275
TrID:	Win32 Executable (generic) a (10002005/4) 98.45% Inno Setup installer (109748/4) 1.08% Win32 EXE PECompact compressed (generic) (41571/9) 0.41% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02%
File name:	SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
File size:	3'392'000 bytes
MD5:	d5f317dc88e71e133b8b4f547e7762a8
SHA1:	867e8e1790faf642b680e84dc128bf51842a5350
SHA256:	9d694811b5c1915fcebbe45352118cbfc22737e95aba2c2acc69667f7f7e7a34
SHA512:	ce233f2925e7bd5f97a72ed001aa03686581988966bdbcca7a2897a6b33a7823525c43d991c846dd61a3b9bf64601b43e59e8cb5dbb723dcf90b19877afac96a
SSDEEP:	24576:cWg3SYQsLpDYhPaZ9o691FsBqSM3RmlZ6Usy+SO8jGSkCe/orb4xi5NACpV+yH5V:yLsYSMmlTyw5gxxEN9/nPvREyTJvgFx
TLSH:	A3F54B13B388603AD1B71E3B4D3B92956D3BBE602E258C5B6FB4594C0F39A406D39B47
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	06032307093b1b58

Static PE Info

General

Entrypoint:	0x6c5690
Entrypoint Section:	.itext
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x5BAB45AB [Wed Sep 26 08:39:07 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	e3b7cac744b0e18db7528b327b62f54f

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
push ebx
mov eax, 006B9100h
call 00007FAF754E1E20h
mov ebx, dword ptr [006D486Ch]
mov eax, dword ptr [ebx]
call 00007FAF755B535Bh
mov eax, dword ptr [ebx]
mov dl, 01h
call 00007FAF755B708Eh
mov ecx, dword ptr [006D4AF8h]
mov eax, dword ptr [ebx]
mov edx, dword ptr [00693730h]
call 00007FAF755B5357h
mov ecx, dword ptr [006D4B78h]
mov eax, dword ptr [ebx]
mov edx, dword ptr [0068E46Ch]
call 00007FAF755B5344h
mov ecx, dword ptr [006D47B8h]
mov eax, dword ptr [ebx]
mov edx, dword ptr [006924A0h]
call 00007FAF755B5331h
mov ecx, dword ptr [006D44F0h]
mov eax, dword ptr [ebx]
mov edx, dword ptr [00692DF4h]
call 00007FAF755B531Eh
mov ecx, dword ptr [006D49A8h]
mov eax, dword ptr [ebx]
mov edx, dword ptr [00693094h]
call 00007FAF755B530Bh
mov eax, dword ptr [ebx]
call 00007FAF755B5454h
pop ebx
call 00007FAF754DCF02h
nop
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2db000	0x3d60	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x31a000	0x2d200	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2e2000	0x37ec4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2e1000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2dbb5c	0x968	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x2df000	0x326	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2bf0d0	0x2bf200	282c23469c3fd3126a8ca922ab3aa39f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0x2c1000	0x4724	0x4800	e60637762a440f5fbe2751dcd5ab3084	False	0.3746744791666667	data	5.467774544217047	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x2c6000	0xec68	0xee00	667c36637f32c4457bf8c413e84360d8	False	0.6785386029411765	data	6.7708310419630955	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x2d5000	0x5bdc	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x2db000	0x3d60	0x3e00	acb649938be4dea4ddd8357db91b936a	False	0.3104208669354839	data	5.2388728160560145	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0x2df000	0x326	0x400	d160420505c4cebaf6fe05d09698010e	False	0.36328125	data	3.253612237752191	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x2e0000	0x48	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x2e1000	0x18	0x200	b2c72f5218dab46f1ee053ee01c208aa	False	0.05078125	data	0.17014565200323517	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x2e2000	0x37ec4	0x38000	d30231ef12c56eeae57f4ce07c3a49d9	False	0.578887939453125	data	6.734207501370108	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x31a000	0x2d200	0x2d200	1ae51859aea48e5936d4c0d5647da32d	False	0.2731237015235457	data	6.06472223323129	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x31b138	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	English	United States	0.38636363636363635
RT_CURSOR	0x31b26c	0x134	data	English	United States	0.4642857142857143
RT_CURSOR	0x31b3a0	0x134	data	English	United States	0.4805194805194805
RT_CURSOR	0x31b4d4	0x134	data	English	United States	0.38311688311688313
RT_CURSOR	0x31b608	0x134	data	English	United States	0.36038961038961037
RT_CURSOR	0x31b73c	0x134	data	English	United States	0.4090909090909091
RT_CURSOR	0x31b870	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	English	United States	0.4967532467532468
RT_BITMAP	0x31b9a4	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.43103448275862066
RT_BITMAP	0x31bb74	0x1e4	Device independent bitmap graphic, 36 x 19 x 4, image size 380	English	United States	0.46487603305785125
RT_BITMAP	0x31bd58	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.43103448275862066
RT_BITMAP	0x31bf28	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.39870689655172414
RT_BITMAP	0x31c0f8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.4245689655172414
RT_BITMAP	0x31c2c8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.5021551724137931
RT_BITMAP	0x31c498	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.5064655172413793
RT_BITMAP	0x31c668	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.39655172413793105
RT_BITMAP	0x31c838	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.5344827586206896
RT_BITMAP	0x31ca08	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.39655172413793105
RT_ICON	0x31cbd8	0x2bd0	Device independent bitmap graphic, 94 x 188 x 8, image size 0	Ukrainian	Ukrain	0.3602888730385164
RT_STRING	0x31f7a8	0xce	data	Russian	Russia	0.6359223300970874
RT_STRING	0x31f878	0xc4	data	English	United States	0.6122448979591837
RT_STRING	0x31f93c	0xc4	Matlab v4 mat-file (little endian) u, numeric, rows 0, columns 0	French	France	0.6377551020408163
RT_STRING	0x31fa00	0x6a	data	French	France	0.660377358490566
RT_STRING	0x31fa6c	0x7c	data	German	Germany	0.7016129032258065
RT_STRING	0x31fae8	0x88	data	German	Germany	0.6470588235294118
RT_STRING	0x31fb70	0x106	data	Italian	Italy	0.5916030534351145
RT_STRING	0x31fc78	0x78	data	Polish	Poland	0.7333333333333333
RT_STRING	0x31fcf0	0xac	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	Portuguese	Portugal	0.6976744186046512
RT_STRING	0x31fd9c	0x66	data	Portuguese	Portugal	0.5980392156862745
RT_STRING	0x31fe04	0x66	data			0.6764705882352942
RT_STRING	0x31fe6c	0xa0	data			0.60625
RT_STRING	0x31ff0c	0x15c	data			0.5344827586206896
RT_STRING	0x320068	0x31c	data			0.4271356783919598
RT_STRING	0x320384	0x3a4	data			0.3465665236051502
RT_STRING	0x320728	0x34c	data			0.4324644549763033
RT_STRING	0x320a74	0x538	data			0.38547904191616766
RT_STRING	0x320fac	0x58c	data			0.3471830985915493
RT_STRING	0x321538	0x5d4	data			0.3344504021447721
RT_STRING	0x321b0c	0x6e4	data			0.3287981859410431
RT_STRING	0x3221f0	0x414	data			0.3706896551724138
RT_STRING	0x322604	0x3ac	data			0.3670212765957447
RT_STRING	0x3229b0	0x3a0	data			0.43103448275862066
RT_STRING	0x322d50	0x304	data			0.44559585492227977
RT_STRING	0x323054	0x474	data			0.31666666666666665
RT_STRING	0x3234c8	0x54c	data			0.2617994100294985
RT_STRING	0x323a14	0x408	data			0.35755813953488375
RT_STRING	0x323e1c	0x464	data			0.40213523131672596
RT_STRING	0x324280	0xa0	data			0.7
RT_STRING	0x324320	0xe0	data			0.6473214285714286
RT_STRING	0x324400	0x300	data			0.4153645833333333
RT_STRING	0x324700	0x268	data			0.487012987012987
RT_STRING	0x324968	0x3d4	data			0.37755102040816324
RT_STRING	0x324d3c	0x374	data			0.3733031674208145
RT_STRING	0x3250b0	0x3f4	data			0.3241106719367589
RT_STRING	0x3254a4	0x5dc	data			0.3333333333333333
RT_STRING	0x325a80	0x37c	data			0.3710762331838565
RT_STRING	0x325dfc	0x3fc	data			0.3686274509803922
RT_STRING	0x3261f8	0x24c	data			0.39625850340136054
RT_STRING	0x326444	0xb8	data			0.657608695652174
RT_STRING	0x3264fc	0xf0	data			0.5791666666666667
RT_STRING	0x3265ec	0x340	data			0.42788461538461536
RT_STRING	0x32692c	0x480	data			0.2994791666666667
RT_STRING	0x326dac	0x36c	data			0.4018264840182648
RT_STRING	0x327118	0x2f4	data			0.4060846560846561
RT_RCDATA	0x32740c	0x82e8	data	English	United States	0.11261637622344235
RT_RCDATA	0x32f6f4	0x10	data			1.5
RT_RCDATA	0x32f704	0x9b8	data			0.592443729903537
RT_RCDATA	0x3300bc	0x11339	Delphi compiled form 'TForm1'			0.36496018848375605
RT_RCDATA	0x3413f8	0xc15	Delphi compiled form 'TForm2'			0.31684448755253797
RT_RCDATA	0x342010	0x117e	Delphi compiled form 'TForm3'			0.43010272443054937
RT_RCDATA	0x343190	0x27c	Delphi compiled form 'TForm4'			0.6053459119496856
RT_RCDATA	0x34340c	0x3574	Delphi compiled form 'TForm5'			0.271484945922245
RT_GROUP_CURSOR	0x346980	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0x346994	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0x3469a8	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x3469bc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x3469d0	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x3469e4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x3469f8	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_ICON	0x346a0c	0x14	data	Ukrainian	Ukrain	1.15
RT_VERSION	0x346a20	0x370	data	Ukrainian	Ukrain	0.44772727272727275
RT_MANIFEST	0x346d90	0x352	XML 1.0 document, ASCII text, with CRLF line terminators	Ukrainian	Ukrain	0.4776470588235294

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey
user32.dll	LoadStringW, MessageBoxA, CharNextW
kernel32.dll	lstrcmpiA, LoadLibraryA, LocalFree, LocalAlloc, GetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, IsValidLocale, GetSystemDefaultUILanguage, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetUserDefaultUILanguage, GetLocaleInfoW, GetLastError, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringW, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, CreateFileW, CloseHandle
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
user32.dll	CreateWindowExW, WindowFromPoint, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetClassLongW, SetCaretPos, SetCapture, SetActiveWindow, SendMessageA, SendMessageW, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PtInRect, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, OffsetRect, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsClipboardFormatAvailable, IsChild, IsCharAlphaNumericW, IsCharAlphaW, InvalidateRect, IntersectRect, InsertMenuItemW, InsertMenuW, InflateRect, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropW, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongW, GetClassInfoW, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DestroyCaret, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, CreateCaret, CreateAcceleratorTableW, CountClipboardFormats, CopyIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
msimg32.dll	AlphaBlend
gdi32.dll	UnrealizeObject, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyPolyline, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBitmapBits, FrameRgn, ExtTextOutW, ExtFloodFill, ExtCreatePen, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, Chord, BitBlt, Arc, AbortDoc
version.dll	VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
kernel32.dll	lstrcpyW, lstrcmpiA, WriteProcessMemory, WriteFile, WideCharToMultiByte, WaitNamedPipeW, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtectEx, VirtualFree, VirtualAlloc, TryEnterCriticalSection, TerminateThread, SystemTimeToTzSpecificLocalTime, SystemTimeToFileTime, SwitchToThread, SuspendThread, Sleep, SizeofResource, SignalObjectAndWait, SetThreadPriority, SetThreadLocale, SetNamedPipeHandleState, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReleaseMutex, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, IsDebuggerPresent, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryExW, LoadLibraryW, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetTempPathW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileTime, GetFileSize, GetFileAttributesExW, GetFileAttributesW, GetExitCodeThread, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchangeAdd, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoW, EnterCriticalSection, DeleteFileW, DeleteCriticalSection, CreateThread, CreateMutexW, CreateFileW, CreateEventW, CompareStringA, CompareStringW, CloseHandle
advapi32.dll	RegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey
oleaut32.dll	GetErrorInfo, SysFreeString
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CLSIDFromProgID, CLSIDFromString, StringFromCLSID, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID
comctl32.dll	InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
IMAGEHLP.DLL	ImageDirectoryEntryToData
kernel32.dll	Sleep
ole32.dll	CLSIDFromString, CoTaskMemFree, StringFromCLSID
oleaut32.dll	SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
wininet.dll	InternetSetFilePointer, InternetReadFile, InternetQueryDataAvailable, InternetOpenUrlW, InternetOpenW, InternetCloseHandle
shell32.dll	ShellExecuteW
winspool.drv	OpenPrinterW, EnumPrintersW, DocumentPropertiesW, ClosePrinter
winspool.drv	GetDefaultPrinterW
wsock32.dll	WSACleanup, WSAStartup, WSAGetLastError, gethostbyname, socket, shutdown, setsockopt, send, select, recv, inet_addr, htons, connect, closesocket
kernel32.dll	MulDiv

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Ukrainian	Ukrain
Russian	Russia
French	France
German	Germany
Italian	Italy
Polish	Poland
Portuguese	Portugal

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 13:26:56.381606102 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:26:56.587878942 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:26:56.588144064 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:26:57.038921118 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:26:57.039340019 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:26:57.242379904 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:26:57.242436886 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:26:57.242626905 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:26:57.445955992 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:26:57.449408054 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:26:57.652225971 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:26:57.705243111 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:00.531662941 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:00.734704018 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:00.751684904 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:00.957384109 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:00.957447052 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:00.957488060 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:00.957529068 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:00.957566977 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:00.957607985 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:00.957680941 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:00.957720995 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:00.960216045 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.005964041 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.212316990 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.212811947 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.415894032 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.415986061 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416026115 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416045904 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.416064978 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416127920 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.416134119 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416178942 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416215897 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416225910 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.416256905 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416295052 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416304111 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.416333914 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416372061 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416378975 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.416409969 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416448116 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416454077 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.416486979 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416542053 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416557074 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.416585922 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416624069 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416627884 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.416665077 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.416713953 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.619496107 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.619555950 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.619596004 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.619616985 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.619635105 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.619677067 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.619688034 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.619718075 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.619755983 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.619796991 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.619813919 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.619834900 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.619853973 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.619873047 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.619914055 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.619939089 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.619954109 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.619991064 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620009899 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.620028973 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620065928 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620080948 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.620132923 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620172977 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620193005 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.620210886 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620249987 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620270014 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.620290041 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620331049 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620347977 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.620368004 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620419979 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.620424986 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620464087 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620501041 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620507002 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.620539904 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620579004 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620579958 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.620616913 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620655060 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620661020 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.620693922 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620729923 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620738983 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.620769024 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620806932 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620811939 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.620850086 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620887995 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620913029 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.620927095 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.620981932 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.823817968 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.823880911 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.823919058 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.823957920 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.823998928 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824039936 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824078083 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824117899 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.824117899 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.824117899 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.824161053 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824203014 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824239969 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824276924 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824316025 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824347973 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.824364901 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.824373007 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824412107 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824451923 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824464083 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.824491978 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824529886 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824544907 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.824568033 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824604988 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824615955 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.824645042 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824682951 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824702978 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.824721098 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824759007 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824774027 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.824798107 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824836969 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824848890 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.824875116 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824913025 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824920893 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.824949980 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.824987888 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825001955 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825027943 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825067043 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825079918 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825104952 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825144053 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825156927 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825181007 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825221062 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825232029 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825263023 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825299978 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825314045 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825339079 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825376034 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825381994 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825413942 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825450897 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825459957 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825489044 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825525045 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825536013 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825563908 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825602055 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825614929 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825640917 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825679064 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825692892 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825716972 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825753927 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825766087 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825792074 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825830936 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825844049 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825869083 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825907946 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825922966 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.825947046 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.825984001 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826003075 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.826021910 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826060057 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826076984 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.826097012 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826142073 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826150894 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.826183081 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826221943 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826234102 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.826260090 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826297998 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826311111 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.826337099 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826375008 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826385975 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.826412916 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826451063 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826462984 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.826488018 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826525927 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826539993 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.826566935 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826602936 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826616049 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:01.826642990 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:01.826697111 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:02.029690027 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:02.029757023 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:02.029795885 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:02.029819012 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:02.029843092 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:02.029863119 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:02.029884100 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:02.029920101 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:02.029952049 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:02.029961109 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:02.029980898 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:02.080231905 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:02.446659088 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:02.446686029 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:02.449564934 CEST	49731	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:02.650299072 CEST	3306	49730	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:02.650484085 CEST	49730	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:02.655378103 CEST	3306	49731	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:02.655488968 CEST	49731	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:02.863375902 CEST	3306	49731	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:02.864218950 CEST	49731	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:03.071064949 CEST	3306	49731	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:03.071126938 CEST	3306	49731	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:03.071410894 CEST	49731	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:03.277615070 CEST	3306	49731	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:03.330368996 CEST	49731	3306	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:03.889436960 CEST	49732	80	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:04.096307039 CEST	80	49732	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:04.096661091 CEST	49732	80	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:04.113818884 CEST	49732	80	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:04.318484068 CEST	80	49732	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:04.318952084 CEST	80	49732	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:04.319014072 CEST	80	49732	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:04.319052935 CEST	80	49732	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:04.319092035 CEST	80	49732	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:04.319123983 CEST	49732	80	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:04.319123983 CEST	49732	80	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:04.319123983 CEST	49732	80	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:04.319123983 CEST	49732	80	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:04.319133997 CEST	80	49732	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:04.319174051 CEST	80	49732	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:04.319176912 CEST	49732	80	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:04.319215059 CEST	80	49732	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:04.319375992 CEST	49732	80	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:04.319375992 CEST	49732	80	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:04.320993900 CEST	49732	80	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:04.320993900 CEST	49732	80	192.168.2.4	51.75.19.11
Apr 19, 2024 13:27:13.274558067 CEST	3306	49731	51.75.19.11	192.168.2.4
Apr 19, 2024 13:27:13.274645090 CEST	49731	3306	192.168.2.4	51.75.19.11

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 13:26:56.046761036 CEST	51490	53	192.168.2.4	1.1.1.1
Apr 19, 2024 13:26:56.377300978 CEST	53	51490	1.1.1.1	192.168.2.4
Apr 19, 2024 13:27:03.599628925 CEST	55646	53	192.168.2.4	1.1.1.1
Apr 19, 2024 13:27:03.885878086 CEST	53	55646	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 19, 2024 13:26:56.046761036 CEST	192.168.2.4	1.1.1.1	0x54e5	Standard query (0)	bovsoft.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 13:27:03.599628925 CEST	192.168.2.4	1.1.1.1	0xeb07	Standard query (0)	ttc.bovsoft.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 19, 2024 13:26:56.377300978 CEST	1.1.1.1	192.168.2.4	0x54e5	No error (0)	bovsoft.com		51.75.19.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 13:27:03.885878086 CEST	1.1.1.1	192.168.2.4	0xeb07	No error (0)	ttc.bovsoft.com		51.75.19.11	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ttc.bovsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49732	51.75.19.11	80	6728	C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Timestamp	Bytes transferred	Direction	Data
Apr 19, 2024 13:27:04.113818884 CEST	114	OUT	GET /download/versionhistoryforcreatorpricelist.txt HTTP/1.1 User-Agent: BovSoftUpload Host: ttc.bovsoft.com
Apr 19, 2024 13:27:04.318952084 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 19 Apr 2024 11:27:03 GMT Content-Type: text/plain Content-Length: 8403 Last-Modified: Wed, 26 Sep 2018 08:41:04 GMT Connection: keep-alive Keep-Alive: timeout=60 ETag: "5bab4620-20d3" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes Data Raw: ef bb bf 22 41 55 54 4f 4d 41 54 49 4f 4e 20 43 52 45 41 54 49 4f 4e 20 4f 46 20 50 52 49 43 45 2d 4c 49 53 54 53 20 4f 46 20 53 50 41 52 45 20 50 41 52 54 53 22 20 31 2e 32 2e 31 38 20 72 65 6c 65 61 73 65 64 20 53 65 70 20 32 36 2c 20 32 30 31 38 20 28 4d 61 6a 6f 72 20 55 70 64 61 74 65 29 0a 5b 2b 5d 20 46 69 78 65 64 20 69 6e 74 65 72 6e 65 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 0a 0a 0a 0a 0a 0a 22 41 55 54 4f 4d 41 54 49 4f 4e 20 43 52 45 41 54 49 4f 4e 20 4f 46 20 50 52 49 43 45 2d 4c 49 53 54 53 20 4f 46 20 53 50 41 52 45 20 50 41 52 54 53 22 20 31 2e 32 2e 31 37 20 72 65 6c 65 61 73 65 64 20 4d 61 79 20 32 34 2c 20 32 30 31 37 20 28 4d 61 6a 6f 72 20 55 70 64 61 74 65 29 0a 5b 2b 5d 20 46 69 78 65 64 20 66 75 6e 63 74 69 6f 6e 20 65 78 70 6f 72 74 20 70 72 69 63 65 73 20 66 6f 72 20 41 55 54 4f 44 4f 43 20 63 6f 6d 70 61 6e 79 0a 0a 0a 0a 0a 0a 22 41 55 54 4f 4d 41 54 49 4f 4e 20 43 52 45 41 54 49 4f 4e 20 4f 46 20 50 52 49 43 45 2d 4c 49 53 54 53 20 4f 46 20 53 50 41 52 45 20 50 41 52 54 53 22 20 31 2e 32 2e 31 36 20 72 65 6c 65 61 73 65 64 20 41 70 72 69 6c 20 32 39 2c 20 32 30 31 37 20 28 4d 61 6a 6f 72 20 55 70 64 61 74 65 29 0a 5b 2b 5d 20 41 64 64 65 64 20 6e 65 77 20 73 75 70 70 6c 69 65 72 73 20 3a 0a 0a 09 41 55 54 4f 48 55 54 2e 52 4f 0a 09 41 55 54 4f 4b 41 52 4d 41 2e 52 4f 0a 0a 09 0a 09 0a 0a 0a 22 41 55 54 4f 4d 41 54 49 4f 4e 20 43 52 45 41 54 49 4f 4e 20 4f 46 20 50 52 49 43 45 2d 4c 49 53 54 53 20 4f 46 20 53 50 41 52 45 20 50 41 52 54 53 22 20 31 2e 32 2e 31 35 20 72 65 6c 65 61 73 65 64 20 4e 6f 76 20 32 38 2c 20 32 30 31 36 20 28 4d 61 6a 6f 72 20 55 70 64 61 74 65 29 0a 22 41 55 54 4f 4d 41 54 49 4f 4e 20 43 52 45 41 54 49 4f 4e 20 4f 46 20 50 52 49 43 45 2d 4c 49 53 54 53 20 4f 46 20 53 50 41 52 45 20 50 41 52 54 53 22 20 31 2e 32 2e 31 34 20 72 65 6c 65 61 73 65 64 20 4e 6f 76 20 32 37 2c 20 32 30 31 36 20 28 4d 61 6a 6f 72 20 55 70 64 61 74 65 29 0a 5b 2b 5d 20 41 64 64 65 64 20 6e 65 77 20 73 75 70 70 6c 69 65 72 73 20 3a 0a 0a 09 59 41 4b 41 52 4f 55 4c 45 52 2e 43 4f 4d 20 21 21 21 20 65 72 72 6f 72 73 20 6d 61 79 20 6f 63 63 75 72 20 66 6f 72 20 73 6f 6d 65 20 62 72 61 6e 64 73 20 77 68 65 72 65 20 70 61 72 74 73 20 63 6f 64 65 73 20 6f 72 20 6d 6f 64 69 66 69 65 64 20 6e 61 6d 65 20 62 72 61 6e 64 20 64 6f 20 6e 6f 74 20 6d 61 74 63 68 20 77 69 74 68 20 63 6f 72 72 65 63 74 20 73 70 65 6c 6c 69 6e 67 0a 09 50 4f 49 4e 54 47 45 41 52 2e 44 45 0a 09 50 49 45 43 45 53 41 55 54 4f 32 34 2e 43 4f 4d 0a 0a 0a 09 0a 09 0a 09 0a 0a 22 41 55 54 4f 4d 41 54 49 4f 4e 20 43 52 45 41 54 49 4f 4e 20 4f 46 20 50 52 49 43 45 2d 4c 49 53 54 53 20 4f 46 20 53 50 41 52 45 20 50 41 52 54 53 22 20 31 2e 32 2e 31 33 20 72 65 6c 65 61 73 65 64 20 46 65 62 20 32 34 2c 20 32 30 31 36 20 28 4d 61 6a 6f 72 20 55 70 64 61 74 65 29 0a 5b 2b 5d 20 41 64 64 65 64 20 6e 65 77 20 73 75 70 70 6c 69 65 72 73 20 3a 0a Data Ascii: "AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.18 released Sep 26, 2018 (Major Update)[+] Fixed internet connection"AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.17 released May 24, 2017 (Major Update)[+] Fixed function export prices for AUTODOC company"AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.16 released April 29, 2017 (Major Update)[+] Added new suppliers :AUTOHUT.ROAUTOKARMA.RO"AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.15 released Nov 28, 2016 (Major Update)"AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.14 released Nov 27, 2016 (Major Update)[+] Added new suppliers :YAKAROULER.COM !!! errors may occur for some brands where parts codes or modified name brand do not match with correct spellingPOINTGEAR.DEPIECESAUTO24.COM"AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.13 released Feb 24, 2016 (Major Update)[+] Added new suppliers :
Apr 19, 2024 13:27:04.319014072 CEST	1289	IN	Data Raw: 0a 09 41 55 54 4f 44 49 4c 59 2d 48 4b 2e 43 5a 0a 09 41 55 54 4f 2d 44 4f 43 2e 41 54 0a 09 41 55 54 4f 44 4f 43 2e 44 45 0a 09 41 55 54 4f 44 4f 43 2e 42 47 0a 09 41 55 54 4f 44 4f 43 2e 4c 55 0a 09 41 55 54 4f 44 4f 43 2e 45 45 0a 09 41 55 54 Data Ascii: AUTODILY-HK.CZAUTO-DOC.ATAUTODOC.DEAUTODOC.BGAUTODOC.LUAUTODOC.EEAUTODOC.DKAUTODOC.CZAUTODOC.BEAUTODOC.ESAUTODOC.FIAUTO-DOC.FRAUTODOC.CO.UKAUTODOC.GRAUTODOC.HUAUTO-DOC.ITAUTODOC.LTAUTODOC.LVAUTODOC.NLAUT
Apr 19, 2024 13:27:04.319052935 CEST	1289	IN	Data Raw: 72 69 63 65 73 20 66 6f 72 20 57 69 6e 31 30 2f 57 69 6e 38 20 66 6f 72 20 6c 6f 63 61 6c 65 20 6f 66 20 50 43 20 77 68 69 63 68 20 77 61 73 20 73 65 74 20 62 79 20 64 65 66 61 75 6c 74 20 66 72 6f 6d 20 77 69 6e 64 6f 77 73 0a 0a 0a 0a 0a 0a 22 Data Ascii: rices for Win10/Win8 for locale of PC which was set by default from windows"AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.8 released Jan 06, 2016 (Major Update)[+] Added new suppliers :- CHASTITE.BG"AUTOMATION CREATION
Apr 19, 2024 13:27:04.319092035 CEST	1289	IN	Data Raw: 20 41 64 64 65 64 20 6e 65 77 20 73 75 70 70 6c 69 65 72 73 20 3a 0a 09 2d 20 41 55 54 4f 54 45 43 48 4e 41 2e 53 4b 0a 0a 0a 0a 0a 0a 22 41 55 54 4f 4d 41 54 49 4f 4e 20 43 52 45 41 54 49 4f 4e 20 4f 46 20 50 52 49 43 45 2d 4c 49 53 54 53 20 4f Data Ascii: Added new suppliers :- AUTOTECHNA.SK"AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.2.3 released Oct 20, 2015 (Major Update)[+] Added new suppliers :- OSCARO.ES- AUTOTEILEDIREKT.DE- AUTODIELYONLINE24.SK- RESERVEDELER24.
Apr 19, 2024 13:27:04.319133997 CEST	1289	IN	Data Raw: 72 2f 5d 20 74 6f 20 63 6f 6d 70 61 72 65 20 70 72 69 63 65 73 20 21 21 21 20 46 6f 72 20 74 68 69 73 20 73 75 70 70 6c 69 65 72 20 65 72 72 6f 72 73 20 6d 61 79 20 6f 63 63 75 72 20 66 6f 72 20 73 6f 6d 65 20 62 72 61 6e 64 73 20 77 68 65 72 65 Data Ascii: r/] to compare prices !!! For this supplier errors may occur for some brands where parts codes do not match with correct spelling"AUTOMATION CREATION OF PRICE-LISTS OF SPARE PARTS" 1.1.2 released February 12, 2015 (Major Update)"AUTOMAT
Apr 19, 2024 13:27:04.319174051 CEST	1289	IN	Data Raw: 73 20 70 72 6f 67 72 61 6d 20 79 6f 75 20 63 61 6e 20 3a 20 0a 20 20 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 20 20 31 2e 20 43 72 65 61 74 65 20 74 61 62 6c 65 20 70 61 72 74 73 20 66 6f 72 20 76 61 72 69 6f 75 73 20 6d 61 6e 75 66 61 63 74 Data Ascii: s program you can : ------------ 1. Create table parts for various manufacturers 2. Get prices for spare parts on the supplier according to the specified brands and part numbers 3. Make price comparisons specified parts for differ
Apr 19, 2024 13:27:04.319215059 CEST	1001	IN	Data Raw: 45 58 50 4f 52 54 22 5d 2e 0a 0a 20 20 20 50 2e 53 2e 20 64 6f 20 6e 6f 74 20 73 70 65 63 69 66 79 20 61 20 6c 61 72 67 65 20 6e 75 6d 62 65 72 20 66 6f 72 20 22 4e 55 4d 42 45 52 20 4f 46 20 54 48 52 45 41 44 53 20 46 4f 52 20 45 58 50 4f 52 54 Data Ascii: EXPORT"]. P.S. do not specify a large number for "NUMBER OF THREADS FOR EXPORT", as large number of the flow of the site can take as DDos-attack- Select necessary brands [panel "BRANDS"]- If you want to specify additional product group

Target ID:	0
Start time:	13:26:54
Start date:	19/04/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe"
Imagebase:	0x400000
File size:	3'392'000 bytes
MD5 hash:	D5F317DC88E71E133B8B4F547E7762A8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	13:27:02
Start date:	19/04/2024
Path:	C:\Windows\SysWOW64\notepad.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\help.txt
Imagebase:	0x430000
File size:	165'888 bytes
MD5 hash:	E92D3A824A0578A50D2DD81B5060145F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\versionhistoryforcreatorpricelist[1].txt

C:\Users\user\Desktop\ExporterPriceLists.ini

C:\Users\user\Desktop\help.txt

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

Windows Analysis Report
SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe