Source: file.exe |
ReversingLabs: Detection: 39% |
Source: file.exe |
Virustotal: Detection: 26% |
Perma Link |
Source: unknown |
HTTPS traffic detected: 40.126.28.21:443 -> 192.168.2.6:49730 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.6:49739 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.6:49751 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49755 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49903 version: TLS 1.2 |
Source: file.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\Users\weckb\source\repos\Hider\Hider\obj\x64\Release\Hider.pdb source: file.exe |
Source: |
Binary string: System.pdb source: WERA598.tmp.dmp.8.dr |
Source: |
Binary string: mscorlib.pdb source: WERA598.tmp.dmp.8.dr |
Source: |
Binary string: System.ni.pdbRSDS source: WERA598.tmp.dmp.8.dr |
Source: |
Binary string: mscorlib.pdb`u source: WERA598.tmp.dmp.8.dr |
Source: |
Binary string: mscorlib.ni.pdb source: WERA598.tmp.dmp.8.dr |
Source: |
Binary string: Hider.pdb source: WERA598.tmp.dmp.8.dr |
Source: |
Binary string: System.Core.pdb source: WERA598.tmp.dmp.8.dr |
Source: |
Binary string: mscorlib.ni.pdbRSDS7^3l source: WERA598.tmp.dmp.8.dr |
Source: |
Binary string: System.ni.pdb source: WERA598.tmp.dmp.8.dr |
Source: |
Binary string: System.pdb source: WERA598.tmp.dmp.8.dr |
Source: |
Binary string: System.Core.ni.pdbRSDS source: WERA598.tmp.dmp.8.dr |
Source: |
Binary string: System.Core.ni.pdb source: WERA598.tmp.dmp.8.dr |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Roaming |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft |
Jump to behavior |
Source: Joe Sandbox View |
IP Address: 23.96.180.189 23.96.180.189 |
Source: Joe Sandbox View |
IP Address: 152.195.19.97 152.195.19.97 |
Source: Joe Sandbox View |
IP Address: 162.159.61.3 162.159.61.3 |
Source: Joe Sandbox View |
IP Address: 13.107.213.41 13.107.213.41 |
Source: Joe Sandbox View |
JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.223.211.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.223.211.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.223.211.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.193.120.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.28.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.223.211.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.223.211.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.223.211.49 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: global traffic |
HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGM2drrEGIjAmrptIyAXvUUKA6OIe-ySYacs_ONuGqcLPZ0C5SpcxXRb7Ie2okyXzxVOmn6xdyb0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-11; NID=513=Ahwj4U3Ui8jgfQR44V5HcUfU9wtPpTIfoKEIzwwWBq9uNBVlTWZqa5DRonLpB69N5Kk1EbnUavZUKmpPMPd1-8iMwjN3I2SiMEJwmoVfCtksk6azmWQ_XV12AF3EVXVMRFx8IZwvAOY1Xq3oy6Ps8kzXrV8SonqoVQpHm4R9pnc |
Source: global traffic |
HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGM2drrEGIjCdA8oBvLI_S0w4PuM0ZhnBnCrUHPr5Jc23MWKF6F2bqb9Kv221D-U0CKCuK9i3gdQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-11; NID=513=Ahwj4U3Ui8jgfQR44V5HcUfU9wtPpTIfoKEIzwwWBq9uNBVlTWZqa5DRonLpB69N5Kk1EbnUavZUKmpPMPd1-8iMwjN3I2SiMEJwmoVfCtksk6azmWQ_XV12AF3EVXVMRFx8IZwvAOY1Xq3oy6Ps8kzXrV8SonqoVQpHm4R9pnc |
Source: global traffic |
HTTP traffic detected: GET /ext/analytic?do=init&from=Chrome4 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /ext/installed?1=1&from=Chrome4 HTTP/1.1Host: xot.traxa41.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=edgeChromium&v=20240426.38&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22edgeChromium%22,%22version%22:%22117%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22ntp.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22dhp%22,%22pageExperiments%22:[%22prg-1s-mm-wid-t%22,%22prg-1s-sm-workid%22,%22prg-1s-sptunifyt1a%22,%22prg-1s-twid%22,%22prg-1s-workid%22,%22prg-1s-wpocfpc%22,%22prg-1sw-bknpani%22,%22prg-1sw-fagaip%22,%22prg-1sw-finvldc%22,%22prg-1sw-fipthi7%22,%22prg-1sw-flashsemi%22,%22prg-1sw-fli-vidc%22,%22prg-1sw-hupsell-4%22,%22prg-1sw-hupsell-tip%22,%22prg-1sw-hupsell-tr4%22,%22prg-1sw-iconmap%22,%22prg-1sw-ins-nb%22,%22prg-1sw-iplsd-ntp%22,%22prg-1sw-iplsdc-ntp%22,%22prg-1sw-iplsdc1p2%22,%22prg-1sw-iplsdp1%22,%22prg-1sw-iplsdp2%22,%22prg-1sw-nfyspot%22,%22prg-1sw-nucombo102c%22,%22prg-1sw-p1wtrclm%22,%22prg-1sw-pde0%22,%22prg-1sw-pulsev2%22,%22prg-1sw-pulsev210%22,%22prg-1sw-rr2fn%22,%22prg-1sw-rr2fp%22,%22prg-1sw-saeeotc%22,%22prg-1sw-sal2bqrfd3c1%22,%22prg-1sw-sauiel0v7_cc%22,%22prg-1sw-sim-adapt%22,%22prg-1sw-socc-ntp%22,%22prg-1sw-socc-p1%22,%22prg-1sw-socc-p2%22,%22prg-1sw-srdus%22,%22prg-1sw-tsk-cmsev%22,%22prg-1sw-wxcfinst%22,%22prg-1sw-wxmptreplace%22,%22prg-2unified-uc-t%22,%22prg-ad-bswpto%22,%22prg-ad-bswpto50%22,%22prg-ad-hpdisprfsh%22,%22prg-adspeek%22,%22prg-autos-tpc%22,%22prg-cg-ad-active%22,%22prg-cg-dom-cleac%22,%22prg-cg-in-gm-xn-ads%22,%22prg-cg-ingames-xn-ads%22,%22prg-cg-notf%22,%22prg-cg-notf2%22,%22prg-chpg-ldgw%22,%22prg-cm-tsoint-t1%22,%22prg-cookiesync%22,%22prg-fin-cdicon%22,%22prg-fin-cnosign%22,%22prg-lazyippl2%22,%22prg-me-titles%22,%22prg-mon-qcrfs%22,%22prg-msclck-rf%22,%22prg-ntp-grticon%22,%22prg-open-in-new%22,%22prg-p2-add-pred%22,%22prg-p2-pred-noicon%22,%22prg-p2-tfins%22,%22prg-p2-tsk-cmsev%22,%22prg-pr2-pagecontext%22,%22prg-pr2-rmplchdr-t1%22,%22prg-pr2-saupsellc2%22,%22prg-pr2-shoreline%22,%22prg-pr2-sidebar%22,%22prg-pr2-sidebar-t%22,%22prg-pr2-svganima%22,%22prg-river-infod2%22,%22prg-river-infodl%22,%22prg-rpt2%22,%22prg-sh-bd-disgb%22,%22prg-sh-bd-newbanner%22,%22prg-sh-bd-newchckot%22,%22prg-sh-bd-nwchk%22,%22prg-sh-bd-pagoff%22,%22prg-sh-bd-tc%22 |