Windows
Analysis Report
badata_x64.dll.dll
Overview
General Information
Detection
Score: | 4 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
Analysis Advice
Sample searches for specific file, try point organization specific fake files to the analysis machine |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample crashes during execution, try analyze it on another analysis machine |
- System is w10x64
- loaddll64.exe (PID: 6244 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\bad ata_x64.dl l.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52) - conhost.exe (PID: 6168 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6524 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\bad ata_x64.dl l.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - rundll32.exe (PID: 6600 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\bada ta_x64.dll .dll",#1 MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 5004 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 600 -s 536 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - WerFault.exe (PID: 7504 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 600 -s 384 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 6504 cmdline:
rundll32.e xe C:\User s\user\Des ktop\badat a_x64.dll. dll,Abort MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 4956 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 504 -s 528 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - WerFault.exe (PID: 8100 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 504 -s 600 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 5572 cmdline:
rundll32.e xe C:\User s\user\Des ktop\badat a_x64.dll. dll,AddBur nDevice MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 6860 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 5 572 -s 528 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - WerFault.exe (PID: 5816 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 5 572 -s 604 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - rundll32.exe (PID: 7512 cmdline:
rundll32.e xe C:\User s\user\Des ktop\badat a_x64.dll. dll,AddDir MD5: EF3179D498793BF4234F708D3BE28633) - WerFault.exe (PID: 7828 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 512 -s 528 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - WerFault.exe (PID: 8044 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 512 -s 656 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) - WerFault.exe (PID: 8128 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 244 -s 588 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- chrome.exe (PID: 2076 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://% 3cfnc1%3e( 79)/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7320 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2336 --fi eld-trial- handle=203 6,i,181348 0390239778 7512,71469 6086446335 9065,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Process created: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 4_2_00000286C5337201 | |
Source: | Code function: | 4_2_00000286C5337B81 | |
Source: | Code function: | 4_2_00000286C5338501 | |
Source: | Code function: | 4_2_00000286C5330E79 | |
Source: | Code function: | 4_2_00000286C5337461 | |
Source: | Code function: | 4_2_00000286C53376C1 | |
Source: | Code function: | 4_2_00000286C5338631 | |
Source: | Code function: | 4_2_00000286C5337921 | |
Source: | Code function: | 10_2_000001762C7A82FB | |
Source: | Code function: | 10_2_000001762C7A81CB | |
Source: | Code function: | 10_2_000001762C79EE61 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 21 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Rundll32 | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 System Information Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 142.250.189.14 | true | false | high | |
www.google.com | 142.250.217.132 | true | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.217.132 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436345 |
Start date and time: | 2024-05-04 13:52:17 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 34 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | badata_x64.dll.dll (renamed file extension from exe to dll) |
Original Sample Name: | badata_x64.dll.exe |
Detection: | CLEAN |
Classification: | clean4.winDLL@40/37@4/3 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.189.3, 142.250.68.14, 142.251.2.84, 34.104.35.123, 199.232.210.172, 192.229.211.108, 52.168.117.173, 13.89.179.12, 172.217.14.67, 20.42.73.29, 142.250.217.142, 52.182.143.212
- Excluded domains from analysis (whitelisted): clients1.google.com, onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, update.googleapis.com, umwatson.events.data.microsoft.com, clients.l.google.com
- Execution Graph export aborted for target loaddll64.exe, PID 6244 because there are no executed function
- Execution Graph export aborted for target rundll32.exe, PID 5572 because there are no executed function
- Execution Graph export aborted for target rundll32.exe, PID 6504 because there are no executed function
- Execution Graph export aborted for target rundll32.exe, PID 6600 because there are no executed function
- Execution Graph export aborted for target rundll32.exe, PID 7512 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
Time | Type | Description |
---|---|---|
13:53:44 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | LockBit ransomware, PureLog Stealer | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
google.com | Get hash | malicious | FormBook, GuLoader | Browse |
| |
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | LockBit ransomware, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll64.exe_33699c824f9c2edcea33082e96eb61413f0e629_606702e6_93a04a0f-f5a5-4238-8707-8e68348ea6b1\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8587058753255724 |
Encrypted: | false |
SSDEEP: | 192:Avwd66YV0WVwYjg2ZFAlzuiFOZ24lO81:AvwdxY2WVwYjmzuiFOY4lO81 |
MD5: | D561AC5BA3ED6A7C7922DD6C8443F830 |
SHA1: | A5C9B37BA35818440566AAA25DD7B544C3960302 |
SHA-256: | 3FC91B3F65949C435BA9AA2882573F14FDFEA2F6DE1A506BD8F9FFA969DC0C6B |
SHA-512: | 13C1CEF228A32FBB0190E0D24173B538B4307549727726680BB5450CA4AE550B1AA61B4454E515D5C3F7B6A23EAF4371C5F8DEBF6FDE8F0B06D8BA5B187A7A45 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_20b35f4e9e7e4ee7dfdaf2f7e2bfa18e82db71be_2631c2b9_7d75c075-c21f-4abb-b272-410a49a270ad\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8707327632668097 |
Encrypted: | false |
SSDEEP: | 192:A1Qip7yBd0knI+3jL5mZFUzuiFOZ24lO8J:A1Qip+BekI+3j1zuiFOY4lO8J |
MD5: | 4DC9268C82E11A923A541BA2B985123E |
SHA1: | 6670DE9FE81BCE746703CE252AA637EC4C9D1550 |
SHA-256: | BACE39098E35F5B384DDB158FD913480B4C0F267B8C9249634C58BAB42CFA03F |
SHA-512: | 6BE760DD85C7AAECCC19D987AC6A41344F0D3113FEE75CD4328B7CB7BFA89AA4B54C1CCD73C9E91BCE075059AB1977A36435E7A1AF14743F0FE80D69FBFE2975 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_20b35f4e9e7e4ee7dfdaf2f7e2bfa18e82db71be_2631c2b9_89437b38-9572-46da-9fa9-bdab69a1f727\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8710454804008346 |
Encrypted: | false |
SSDEEP: | 192:AYxiAly3d0knI+3jL5mZFUzuiFOZ24lO8J:AYxiAg3ekI+3j1zuiFOY4lO8J |
MD5: | 1E9B6AE0FCEEF85ECBE2F43A4D54EF6B |
SHA1: | 820E5F4E35A89675EBEA8A456A88A98792EF14E3 |
SHA-256: | B81007A8A53F0DCEEE415689151A341E10FDBBADBC08E504E7A457B72569F380 |
SHA-512: | A0862D93106A42FD72F8557AB796BBB70204F85E0C02FE0D78219D812164964AE1AD5A142586F6F479B9BB25936E39105DD83AAD76627DB07EAB52B2B9A926CA |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_20b35f4e9e7e4ee7dfdaf2f7e2bfa18e82db71be_2631c2b9_95596a0f-33ed-48ac-9d1b-a100d67c7c53\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8708803570516137 |
Encrypted: | false |
SSDEEP: | 192:Alihykd0knI+3jL5mZFUzuiFOZ24lO8J:AliEkekI+3j1zuiFOY4lO8J |
MD5: | E2A7A95414642D099F9CB727BFED8C93 |
SHA1: | E31B613BBF34C1FF2C0D5E729E50342E51760719 |
SHA-256: | 790C26DB99AFD92EB0E8F0E3DDC237D8C387A8203C81B6524079797085B34D5C |
SHA-512: | 0F77C6C48B97453C00D4843BB454BC85B30C07419533AF3B91FE99194DC8955E4050F70918A3154D84F3F75B149B1E3E7DBB41DB62058B5FAFFE976EDD6A1CCB |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_20b35f4e9e7e4ee7dfdaf2f7e2bfa18e82db71be_2631c2b9_fb8576ae-1f92-4593-b2a8-4ec6080766d6\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8706302020055443 |
Encrypted: | false |
SSDEEP: | 192:Ajiiy/d0knI+3jL5mZFUzuiFOZ24lO8Jl:Aji//ekI+3j1zuiFOY4lO8Jl |
MD5: | 19081DE99D2AA9DEBE48074A3AA35C86 |
SHA1: | FBFC7D15D8F446605F840CB16B987211553A3826 |
SHA-256: | 4886A391248E104488CB6C0083B7CEC68CEA4C48A8AEE0A3315F26B24CBB2D7D |
SHA-512: | ECEFD163C1CE709597DF8A08127DA93F4EC554C684609F3E8AE4F117D26A973FFD04E63879DC5E37A203648A73D2630BCCCF3737369B6081257A65F737FF3EC2 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_31793adb08f1679e480d49537b44d5657e0eb9d_2631c2b9_53cea94a-5e5d-4b98-9d19-9416f69297f1\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8469839783148989 |
Encrypted: | false |
SSDEEP: | 96:/P7F4o0liplxyKyzsjM4Rv1yHpSsQXIDcQwc6FcEycw3ykXaXz+HbHgSQgJjw8hT:/TF47ip7yz60eBYTjjrzuiFzZ24lO8+ |
MD5: | E2850CDB9A4CCD18C94FFC7882655D7A |
SHA1: | 7E372923F98EE78A2C8A9F188800C6D5F582C380 |
SHA-256: | 839654B0654E962C88C7615E7F9A9F0C4852990B98582ECEBF37FC6DDD3842D0 |
SHA-512: | A16B702CDF70639602ECB5C6331C6AD85D9E9A101E76F36AB10A4C900E8F65AFC6C087C2ECDF5AA32C6CB87515BBC6DB575A99A02B5E2916E8F21601F4ADD0DF |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_31793adb08f1679e480d49537b44d5657e0eb9d_2631c2b9_95798867-7b70-41f8-99c5-d59a644d3dc3\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8469372939264773 |
Encrypted: | false |
SSDEEP: | 96:/C7seK5yliCxyKyNsjM4Rv1yHpSsQXIDcQwc6FcEycw3ykXaXz+HbHgSQgJjw8hl:/+sb2iiyN60eBYTjjDzuiFzZ24lO8+ |
MD5: | CF4FC8E78F9E23F11B547F48759ABAB5 |
SHA1: | 5C4FB7150CC8BF8011FB44D7A3EDDD249C83ACAF |
SHA-256: | 47E3EF9D5FE3EA8C7000C682FC1805F6A6851507EC2B0831AA4E2498A12C99D9 |
SHA-512: | 535FEBA25DB5BBBAAA3FFBDF2AA0CC199286820B3A25A023ABA5C17FECD348F1412BB3F7BED86A1DD7E97BAC692A6D0E8BDB8F992262E76CFCFEE1FC664999A5 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_31793adb08f1679e480d49537b44d5657e0eb9d_2631c2b9_ea3eaa38-4707-4dc2-90ab-b2db92566c5c\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8468340687543389 |
Encrypted: | false |
SSDEEP: | 96://7NuBgliArxyKyFsjM4Rv1yHpSsQXIDcQwc6FcEycw3ykXaXz+HbHgSQgJjw8hl:/jN3iAlyF60eBYTjjDzuiFzZ24lO8+ |
MD5: | A4C8E1915BE7D5C9A03E979C6CE37F1E |
SHA1: | A0D77550E1505D5EFF8BA7C95E61DC37984306E2 |
SHA-256: | 605C545E1177AF089867E8F6119BBC702529FE3AB589754A906B9FB89AA47671 |
SHA-512: | 69ED3B3C0A760D29E6368EB79DA11121244BE346E709371A6076C8617DE9B7D718C83AEFCDF48950C2263F3354E3FBA55CE34B40B5EC228D24CF0217F5713EC7 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_31793adb08f1679e480d49537b44d5657e0eb9d_2631c2b9_ebf9c3e4-6606-465a-a0ee-a6f73001d978\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8470012312911169 |
Encrypted: | false |
SSDEEP: | 96:/57I/0/liXxyKy2sjM4Rv1yHpSsQXIDcQwc6FcEycw3ykXaXz+HbHgSQgJjw8h8M:/lIM9ihy260eBYTjjTzuiFzZ24lO8+ |
MD5: | 0DF8368F45CEEBDB1B72A6DCF600D927 |
SHA1: | D9EACA4C8DCE95C490F3CCC122C4773A51004153 |
SHA-256: | 0187398AF47289F67F0202C4FB7933EFF2850C26B728005D42F325CB993AD03E |
SHA-512: | 0305C2F44E0A4E8CA8A000F6838CF52206138F3F4F086A338C82ABC466873B0F160F77E33E7200C21A95BDDF1056B8C3D445357F4122B6AC69B48E3DA5F55BA1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64130 |
Entropy (8bit): | 1.8472382758561652 |
Encrypted: | false |
SSDEEP: | 384:mUlQLhhusXli3TYkLBOmIA1RmUUd3hdbqxa96bxdgG4:mUlxSqfPQixfmG4 |
MD5: | 25D8850D11E8C073D605D5558036CA38 |
SHA1: | 135D90655A72DA833726833B8A065A6DDDF0C7DF |
SHA-256: | 550225D4005ACD94D80AE022CA7281FD52AE07513FD9C4D73B948B9B1EAC5349 |
SHA-512: | 9634F41DCCC7607853A48E00457540AD58DB8723C83A4A9B557B3E1554D0ADCBBC01BA609C0591F5956CFBDACCFEA5A497B9FA4533F69960E08136ECB73D2F82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 63942 |
Entropy (8bit): | 1.8611625650799375 |
Encrypted: | false |
SSDEEP: | 192:YasDEOpXqkOM8jph4Zf/9MIw7CdpCgdbk2JcBihVSjjPdUGI3j4:M3srlPsf/9MbcQySHanz4 |
MD5: | 51DCD01555755DEB382C8AE7B7AEBE17 |
SHA1: | 41B864A6355E44B165C7FD3431E9CCBBD89C407C |
SHA-256: | 97D72C5E6250F37C5EEFF32889C8ECF890678E8F01ED8774A67D8B87F6446997 |
SHA-512: | 43ED4F06C221056CD09D23CBFD8F0D1E3E72A595A10913A5182289C582F740D4DD4040D9C4B6CDF92DD830EE68CF06D4F92F7838BB24980D89CE4631809FF235 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8534 |
Entropy (8bit): | 3.6933269890583182 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJtYuNu6Ye680gmfwwGApBO89bUuzoff8m:R6lXJrE6YTXgmfww3UqofR |
MD5: | B439C12359A3C6FE17ADA13F4371BA2E |
SHA1: | 58DF784766B57DBFD93976DBE1AE2BCD837D1814 |
SHA-256: | A2B84B3346787CBDFD3C5E0591D56EC401EE7AC8C8EB05700CA01C0F0A769C61 |
SHA-512: | E07A22066D928F0A578BB8386C6C889AB3C01BE1AEC2CCF26AAFA1B4C833BEDD9C99ECF3DC528930404EA74C63CB0E570C380DD8BFF308F1DE554D0B0D9D41E8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4773 |
Entropy (8bit): | 4.47549578445893 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg771I9UHWpW8VYgYm8M4JCpCBiFLyq85mQpptSTSy6d:uIjfuI7L27V4JOapoOy6d |
MD5: | C89F2AAAEE1EF33AB0662D71626BC9AB |
SHA1: | 5CDD0A1F04BB0BCECCF5CC125ED410AF75BC2DCA |
SHA-256: | B26EAAD579EA1F01451B5A9B597A13A0216368734E7DAE927F0335B993C11931 |
SHA-512: | 47AC87D7ED69C95C1FE0EFF059674A2F6E8996D066703A89D9453A74A822260F2AC44F644C970B992D4F113A26BD5F789C6CC71806D16B2467E201402763D5A1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8528 |
Entropy (8bit): | 3.6934642630950965 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJJMJjN6Y1s8gmfwwGApB3q89bUizofC8m:R6lXJ4N6Ye8gmfwwTU2of4 |
MD5: | 2C0A447F1FA2E12598424B9424332C3A |
SHA1: | 24D84574FB75E990893CA269CCC7E46FCD08E7F5 |
SHA-256: | BFF41CFA6598069A8A1D2B5358D00BB67BD6EF93166D666B51879E8AD812D666 |
SHA-512: | 8E643715863BF2C6C273DB399946C23090CB9E7FB5A8625A176256861E2A0F2D2FD163849D4856FB4438A56B1BAA79BEA8407421B86A245573EEDE7DA893BEF5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4773 |
Entropy (8bit): | 4.475350857912075 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg771I9UHWpW8VYUYm8M4JCpCBiFUyq85mQMe4ptSTSCd:uIjfuI7L27V0JZ44poOCd |
MD5: | 5451840350E4E6FA5ED5466D8E808443 |
SHA1: | 9EC974DEE7368109A4BF0740BCC6E236784E02DF |
SHA-256: | 8238C81165AD3947CC0040B1A4F65193F25DB3633431A92C2A1AE3461590532D |
SHA-512: | FACDAE4FFE515192EE35ECA8322F1A172254C8D7E1A9110204A1F821071A6FE64735869A3038CA8B700970C041A63FADD73A1EAB4ECE2C0922BD3A4F9402EEFB |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 63838 |
Entropy (8bit): | 1.8468330771862371 |
Encrypted: | false |
SSDEEP: | 192:hSOlOpX2OM8jP8OSY+mAMTKED6i1KQOJmZCsedWkjzV8c/ZV:YXlAfMJL1KlqfeYk6c/L |
MD5: | D141C97F0A43D6027814332C6F1F1589 |
SHA1: | 7EFD1DCB04DD590C66B4954DA29E051E102BFD5F |
SHA-256: | 212E64E6267006A286342B8D96A93B8DF9ECC7C5A9874BDAF60A69FF58250FB2 |
SHA-512: | 1BC47E10F09E30FC8B5920CEBC17E0D54BBB900975C77D97FC891FCA45F1B110E61F669BFD011EFC4E49743D84C7A19F92F7475D4B311C0A9455C1CDF03F9289 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8530 |
Entropy (8bit): | 3.6932795613496157 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJA0pEub6Y128gmfwwGApBH89bxYzofWbm:R6lXJDpEub6YU8gmfwwIx8ofL |
MD5: | FFFEB7C09AC8A76828E150A338F05BEE |
SHA1: | 9ABD5E9F3F887916D58322F12AB62C12215E45A3 |
SHA-256: | 2C1789176BE05ACBDAF6C507E17D119A774068DD88FA2401BB0956993D2FBF6C |
SHA-512: | 24BD58A8F3509CA13C6AF265314F60C856289FBDBC6450FA363261BFDCD12DF57068077C1CC44F01BA6A45CCEE4124C1252D8290FE4DE7EAEE5F8B81C0DF57BE |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4773 |
Entropy (8bit): | 4.474951189111563 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg771I9UHWpW8VY8Ym8M4JCpCBiFt8yq85mQ4ptSTS4d:uIjfuI7L27VkJT3poO4d |
MD5: | C9A3598FD6E2F6033D1FF25DB8B8F2D5 |
SHA1: | 85E49FC8684D970F82985A010AD782F6CEB44B04 |
SHA-256: | F79AE018986A883B4FADE8526580FAA76F919FEEBDDBADBE909279743AACE959 |
SHA-512: | 37F188F14F077D4A86CF6E3DF77837F94A6EDDA1023115659A66F7941D8C916F09C9210F10D7E9AC6B585AE0069DE01BC6EFBEA96D3ADC39194DE48C739F86DF |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65918 |
Entropy (8bit): | 1.7953241507327842 |
Encrypted: | false |
SSDEEP: | 192:e66O8XV2BOM8jBg00kqiV1w2Wzd6C6uxR9Hq06aunE:5allg0PHV1Lu6CPxRtq8 |
MD5: | 6E8E94F71B0E037F4D4C67A9CB822A47 |
SHA1: | 648E6B89D6D67B6BC9CF1B3F0A32B9C2CB51E9EF |
SHA-256: | 07AF679E92272BA909DA4307B1EA9AAC576C89D690F256ED9ABBDA255BD25FF7 |
SHA-512: | D729184E2A8C488B0A7145D73295DF73652A840392820ACAB93350C8E96774D88228FF81BE9558C130DAF2EF91BF814C3FAC1656BFCD4F11B01495D9BF7D79DE |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8534 |
Entropy (8bit): | 3.6937682000898073 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJEGM/t6Y1s8gmfwwGApBQ89bROBlzofV7m:R6lXJ1M/t6YO8gmfwwdROBRofE |
MD5: | F6927AA95D6F72FFE9056BF07C801B6C |
SHA1: | EBE33B411EB5AE76D5474BD2AA0A7248371B2CBD |
SHA-256: | 12542A02AAA15FDB10D7A4C2890A9BDFA4CDC92E2854BE6F18A6149FFA278D40 |
SHA-512: | 1FE7900327D56860CDCCEA1B96F2ABA57767B264D417814ABFA5C46D78678C9920DB64BBFAD4375289DB9A46D6AA33F13701B4B68A91E33C2443E2F05727B76F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4773 |
Entropy (8bit): | 4.47552649147989 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg771I9UHWpW8VYEYm8M4JCpCBiFXyq85mQYrXQptSTSUd:uIjfuI7L27V8JyrrApoOUd |
MD5: | 74CC262C4D9BFE57E1259BD5DF641361 |
SHA1: | 42AE4258D2E804DB629ED3A5D8867617C558AAB9 |
SHA-256: | 9626515CE9D7058FD95D6666055B6AC4144E60E89A96D506ADE08E827AE79985 |
SHA-512: | B204E3FC8AEA167BD5D33BA56B47FC3460C13A1E2412E1B8555AC7E9BC7DF24B74CCC28F64C9B547129C6D851D721E413E138D87B562773D6999EAACCBBA538D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66212 |
Entropy (8bit): | 1.8730348581057308 |
Encrypted: | false |
SSDEEP: | 192:aeVmjX8ttTOPbJE02zpCj0SR1BbFW8+msO4dcEe11lvmzWVDo/a:QAt8Pu0wCASR1PW8+m34qEe111Rt |
MD5: | 8741939D6F9D7C274EF71B47C4D67B91 |
SHA1: | 0CA9FE29F6BBD5AED89A8D179ACE33B24371730C |
SHA-256: | CCC6FE3DFB6CE055441859FF12579E2716EC9E143698F2497B1DDFBCEC68A9C0 |
SHA-512: | D4976D71A217C730AB596AB50DB621E6BE40957C674FB7AE3AC7C3CC8E1892696871B7811CC17EF789A392F9854C2A53C0F87A896DEB01B7CCED282FA76ABC5F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8734 |
Entropy (8bit): | 3.6991471064557246 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ1QN26Y9hM2/gmfXrpBM89bsO0of2wEvEm:R6lXJyN26YrM2/gmfXNs1of2wm |
MD5: | AC37EB6B9CC4C8AE13C38D978D1AE6B5 |
SHA1: | 6D737F6160B3D54EB65545576E04CFDCE61F4E66 |
SHA-256: | 48AE3D99A32856CD1DD7B130AD2002A4181CE265F8392ACDD511EA21B8F716C5 |
SHA-512: | C22E1D747ABE916D802307C345BC99EE7FEA95CF53B60779B76DE2A24709F72A0FF7A431B6EFE42D93067CE7E6DD0957ED13414ED62680E61323286C71ED8AB0 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4640 |
Entropy (8bit): | 4.43355539501313 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg771I9UHWpW8VYpYm8M4J8iFxayq85DzWFV1xUd:uIjfuI7L27VZJ/axF7xUd |
MD5: | 77C980A82FD75058DFD233FB56F51C8B |
SHA1: | 71E570DE2AC38C7FA066E6D0421FBCC33AFA1593 |
SHA-256: | 4409D9CEC7D90F03A0F3261C4ACC9425B20D1982166F757D72657B1082E3592D |
SHA-512: | 76E2D2914990952DD14C678D2BB2DF8FB549528049FC56D97DCB1864E4CB4A7BB8CC4F3258A4876140467FF70F6E76AB0A5C50BBB57010C39AA420A6713B94C0 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32214 |
Entropy (8bit): | 2.3052693617785134 |
Encrypted: | false |
SSDEEP: | 192:/zdP1HyHwPXOM6ZCQ82833wD6KXXh1JhYFHTf:buHwP+vZ833wD6KXXlhaj |
MD5: | F4728FDFE5D0A3E829F70BBCCE6C0E2C |
SHA1: | 78FB51E8F10909A858B05B192A267A95A215AC49 |
SHA-256: | 0D909631DF22C0759CDB5A593EA6ECDAED9799E453DE0C3FD31E29C163A64AA4 |
SHA-512: | 92878B0871547207FB6B9FAACE3DC4BAB58AF645F7B1DDD1D9CCDB0326F23C43D3C2CFD21D022A851916ED15FA88AAE652DC89CD4886CAD0A650F886DE1A4428 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10066 |
Entropy (8bit): | 3.7065818700471485 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJtnxq6Ye280gmf9iNt8pDv89b1uJYItaoknLQfdHm:R6lXJ9xq6YfXgmf9iNj1QYItaoknLQfQ |
MD5: | 9EC86097966F434625477F7DA3DC2647 |
SHA1: | 4B288205A2BB1D41EF9ACF7DD17B0CA6E596DC42 |
SHA-256: | 240D38C1FCBF6B16812794055DC9700650C4527A48CF8D4FD0416175FD45B4A5 |
SHA-512: | 21EC2E5946BEDC5F223022EA3C40BBC8F8734108AC5FBA44FFD22E847A7C5DF621AE0E628A0B495E3F54BCB8171BC89744B51103A00F8E060DCF07FD10A1B36F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4898 |
Entropy (8bit): | 4.4661753319096755 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg771I9UHWpW8VYw5Ym8M4JCpCBYgFCDyq8vhBY2ptSTSyQd:uIjfuI7L27VnoJcDWrpoOyQd |
MD5: | CB541F9215880CA318B604EACA33986B |
SHA1: | 34C689894FCDA892E5A05DA7341EFA9017DE9B5D |
SHA-256: | 21F58857F3C5E1DE5A5DEEFA39A0E061379F25F681357C7BC04627BFC1653C17 |
SHA-512: | 74EA4A253D0847F3D92E98E7D929508A0D637192B64A0EFF5244F2AF6E8C6F28A71449B5B3516CED0533199345C492CB94E8B3DDB98CDF9CFD6522484C1FE820 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 33420 |
Entropy (8bit): | 2.214158111701388 |
Encrypted: | false |
SSDEEP: | 192:3hHP1V8WAwnaU3XOM6ZqQ17PnwD6UlSdS1a:RIWAwV+vZNnwD6UlSd |
MD5: | C8677C8235A47AAF7900F55240A9C50F |
SHA1: | D201C643609445A2212A1B41A6D5090247C3095C |
SHA-256: | 101A192301BFF128F60E003227216BB2D1F2E4BFB31DBA7071C14E84889CA51E |
SHA-512: | C35DFD6BEE918BF5B52B1E7540923C0C06B0F73AA1488DE96235AD6EC221AA462C11BE9B2B7FF10D1C7404B2410965E0A056A8ADB691DA84361D2DC3D2E44AC3 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10230 |
Entropy (8bit): | 3.7087450254537644 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJECzq6YeFjgmf9iNt8pDRC89bgOBlJxfJXJ8MluCf8Mgm:R6lXJxzq6Y8jgmf9iNY7gOBrxfJXJ8MJ |
MD5: | 1A54AD993087FA62E324A1077FD70A56 |
SHA1: | A04E67CEAA1241E402E9546BD58709A81E6E2263 |
SHA-256: | A8818C8E3E163F40E098457165B81DED9CB8B54CB506EF8C47CEDE1D83EE9685 |
SHA-512: | 5B6392075F6057DB156FA8296A2CAC8E892C466133F13689FB4D401CDED423DC4BD312C8AA8D57827D08FBFCD34D0D8256D97D1EC2424DD409A78CEF09F7319F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4898 |
Entropy (8bit): | 4.464995376151546 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs5Jg771I9UHWpW8VYBYm8M4JCpCBYgFTMyq8vhBYfrXQptSTSud:uIjfLI7L27VtJOWOrApoOud |
MD5: | D2BE5D7FF4AAADBAB2E5D69547DBE41B |
SHA1: | 193B8C929735E9F03DCC036CB18421CF4FABC002 |
SHA-256: | AF65AE7AAA185ED30BA5E6ABD0A6D007D198134AA9EF378A9ACA687A311AE5E4 |
SHA-512: | B0BD4F13E11A0B6F133A86DED882ADCFCCF39320774E3AD7FEB612DDA0CD2237E5E30E171AF067880E2248DEEF1506CD8DD03FCBE12AF9420B126A1E8F8A963F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 33196 |
Entropy (8bit): | 2.2371896754092733 |
Encrypted: | false |
SSDEEP: | 192:++1P17Qhwc7Yyt5U4XOM6ZiQjD9MIDwDaqt4VBXAOH:nAhw7yV+vZP9MOwDJ42OH |
MD5: | DF4998E65ACD6DE8A245510F2258222F |
SHA1: | F04FF0147C065D1A44D35B1DF6482A47D5DED21C |
SHA-256: | 1835967E2E96BBB8B713DB81A5F5DBABE87624F9E88280BBD7A24BAE7E1FBC59 |
SHA-512: | 1128F58072F730DD49A67239AEF581ABC0BB2605D351AB0B710AA63C534DE2FEB2AF07E6B23F6015649DC693C4A8931115913B19D79EE5E56D7A6997F303EF2B |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10080 |
Entropy (8bit): | 3.7068720757385165 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJJM4X06YeEjgmf9iNt8pDRC89bNiJD2wi4dXJ8SfGvm:R6lXJtX06YNjgmf9iNY7NMD2wi4dXJ84 |
MD5: | C40430BA99711FD372ADCE7F26C20A5A |
SHA1: | EEA77B9AD6F5F144BFC3A355A36B004082D53AB8 |
SHA-256: | 0F13DC03EEF922FBECDE3C9C51C80899279646BD717841BFB13D45E2FB65ADB2 |
SHA-512: | 9636555B2C98A275AB724D79114D2FB07A5758F3F6DC8E52316B5CAE33FC7B91EBA613A7F03FA41EBB52EB6CDD812FE4EAE803AB9D75A4EB8D26B5C30575CCD9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4898 |
Entropy (8bit): | 4.465470252482648 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs5Jg771I9UHWpW8VYK5Ym8M4JCpCBYgFNSyq8vhBYJe4ptSTSYd:uIjfLI7L27VKJrSW74poOYd |
MD5: | FAD4C10DABDA25F671247E25A848BCDF |
SHA1: | 032BBD56ABF3D409DE5ED564C267E19E79E032EB |
SHA-256: | FC92E4FC7162C7387C045A54999EF47C58BAF059A97368A89818D5E6A02B0B0D |
SHA-512: | 861BC766AC243D06F2D6D99CABB95A223DA6F767FB7CD4C28126A67458267D45F18C53B879BCC0B2C07264C3E99BD49ACC5242BA4D8E5B9B96AA8BF1054711E8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32972 |
Entropy (8bit): | 2.248357858470906 |
Encrypted: | false |
SSDEEP: | 192:KRfP17Qhw0LzqUPXOM6ZiQr23IxwDiT1stU3Dk+i:EChwgzt+vZHxwDixstDV |
MD5: | A16A074608A2A15654F6A4C431E4B085 |
SHA1: | 71FF1D2EC95185C62B5CA5E1F834B24862697163 |
SHA-256: | B5E463BCCC6D9F633A97F3958B67B75B6F6E843DCF3DCF32EB772986C3F560CA |
SHA-512: | E865CFCF0B4F032FC100334EB48A028334D74A1642DCACAA1367C2A503CF5BED6DB67D2694999CF6C9F05684694B84CA3CFDFB93CB88D1A541C279B02AF1D30A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10236 |
Entropy (8bit): | 3.707184021124613 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJAsI6Yegmjgmf9iNt8pDa89bqYJpiHQqlUEnlfbOm:R6lXJrI6Y4jgmf9iNIqmpiHQqlUEnlfL |
MD5: | 47867CF28097935AA8956AE73139F3CF |
SHA1: | 3B66807FEF03EAB2967CCE1179F53E5EE800C34A |
SHA-256: | 2122C09CE6994CA751794DFC2949DACA7575D2EC01C1BDB8FE1CF038448A11EB |
SHA-512: | 711329470CBBE89BB5234C09AF027EECA775F827354EA9CD21184D0926B5FC83FB0432494A2F77797161BF40EFC478D0559304E322EE19895EF584BCD62E0028 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4898 |
Entropy (8bit): | 4.460504683500209 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs5Jg771I9UHWpW8VY3Ym8M4JCpCBYgFr2ryq8vhBYjptSTSCd:uIjfLI7L27VvJ4WWpoOCd |
MD5: | C4DCFB06567CFCC1B1E3A3132132F090 |
SHA1: | 54652D7E95BED2B090333A39504FC4494CC5BB8C |
SHA-256: | 4C93D285D4A6C5DC0E69FD92150A96D5B0F5AF8EC6AA7DD2EB74DC48DF584F27 |
SHA-512: | EB10945CD7AE56C3F12D1833467CBBE7DAF7994DE783F51432F1A13748F4496072309195654894C256EE64B81A7367D7D5E68EBDA15A831539D0F02F4D8C44E8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.469009994101972 |
Encrypted: | false |
SSDEEP: | 6144:+IXfpi67eLPU9skLmb0b47WSPKaJG8nAgejZMMhA2gX4WABl0uNHdwBCswSb0:TXD947WlLZMM6YFH9+0 |
MD5: | 2E9D0DE008D212D6D8D58D3C5A4E612D |
SHA1: | 696C8B3C1284E87168A73F0D0319E3729768D8AE |
SHA-256: | 343212856FB0E63196CA39E7AEE456013527B429A19FAB3FE1DC641037FAEA5B |
SHA-512: | D5110F0BE3CF879D778DA6E8618B48D2557E42CF4A93ABE5936D7001A888D28E75B711D48C97DD4D72B8A5AE52EF689E9FC684E6A75BFC06AFF32BE056D6B98A |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.248799598890663 |
TrID: |
|
File name: | badata_x64.dll.dll |
File size: | 4'201'984 bytes |
MD5: | 63799db91ff4c343eb071cfe3b67321d |
SHA1: | d368ced88e0cab4fd211c45e66e8dfa6985714b3 |
SHA256: | 8c432e84946ab677d87d3fa9f263597f30d31adf8611df25744eeeb85dd4faaf |
SHA512: | 4cb9945abf9ea89b70849a3d5022349619038c1d4d436de60e9ee745fd221deea66930c22744e633dceea98a5522fc580b319abbc6103a404b58a4ec8ffe0113 |
SSDEEP: | 98304:D8ocMa2hVtltuaKs5lE1PQm7dBOW/Y3K+4T+3n:D8oNa2hVtltuaKs5lqPhB |
TLSH: | 70167D4A6BB941A5C5A6D139C67B8A0BE3F2B8502B3187DF02614B5D2F337F1093E725 |
File Content Preview: | MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........-.[.CW[.CW[.CW>x@VO.CW>xFV..CW...W_.CW.vGVy.CW.v@VW.CW.vFV..CW>xGV..CW>xEVZ.CW>xBV|.CW[.BW..CW.wKVW.CW|..WZ.CW.wGVX.CW.wFV..C |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x180278154 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x180000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x63E425EC [Wed Feb 8 22:45:00 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 5577390a221143e6c84c72ee9b135055 |
Instruction |
---|
dec eax |
mov dword ptr [esp+08h], ebx |
dec eax |
mov dword ptr [esp+10h], esi |
push edi |
dec eax |
sub esp, 20h |
dec ecx |
mov edi, eax |
mov ebx, edx |
dec eax |
mov esi, ecx |
cmp edx, 01h |
jne 00007F75707D5707h |
call 00007F75707D5DB4h |
dec esp |
mov eax, edi |
mov edx, ebx |
dec eax |
mov ecx, esi |
dec eax |
mov ebx, dword ptr [esp+30h] |
dec eax |
mov esi, dword ptr [esp+38h] |
dec eax |
add esp, 20h |
pop edi |
jmp 00007F75707D5594h |
int3 |
int3 |
int3 |
dec eax |
mov eax, esp |
dec eax |
mov dword ptr [eax+18h], ebx |
dec eax |
mov dword ptr [eax+20h], esi |
dec eax |
mov dword ptr [eax+10h], edx |
dec eax |
mov dword ptr [eax+08h], ecx |
push edi |
inc ecx |
push esi |
inc ecx |
push edi |
dec eax |
sub esp, 30h |
dec ebp |
mov edi, ecx |
dec ebp |
mov esi, eax |
dec eax |
mov esi, edx |
dec eax |
mov edi, ecx |
xor ebx, ebx |
dec eax |
mov dword ptr [eax-20h], ebx |
mov byte ptr [eax-28h], bl |
dec ecx |
cmp ebx, esi |
je 00007F75707D5723h |
dec eax |
mov ecx, edi |
dec ecx |
mov eax, edi |
dec eax |
mov edx, dword ptr [0004C311h] |
call edx |
dec eax |
add edi, esi |
dec eax |
mov dword ptr [esp+50h], edi |
dec eax |
inc ebx |
dec eax |
mov dword ptr [esp+28h], ebx |
jmp 00007F75707D56DCh |
mov byte ptr [esp+20h], 00000001h |
dec eax |
mov ebx, dword ptr [esp+60h] |
dec eax |
mov esi, dword ptr [esp+68h] |
dec eax |
add esp, 30h |
inc ecx |
pop edi |
inc ecx |
pop esi |
pop edi |
ret |
dec eax |
sub esp, 38h |
dec eax |
mov dword ptr [esp+20h], FFFFFFFEh |
call 00007F7570648C0Fh |
nop |
jmp 00007F75707D5704h |
xor eax, eax |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x3bbd60 | 0x1954 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3bd6b4 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4fb000 | 0x529 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x4d9000 | 0x21948 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x4fc000 | 0x114aa | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3516e0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x351800 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x351700 | 0x100 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2c3000 | 0x14e0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x2c1fac | 0x2c2000 | 075ca53247e7d7d7001782eba578cc75 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x2c3000 | 0xfe988 | 0xfea00 | 359cac9dd9984aa73fc60886395f41f4 | False | 0.29186322563819345 | data | 4.626154973642015 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x3c2000 | 0x116534 | 0xda00 | 109bd0befdee975d255ae30981056895 | False | 0.3007454128440367 | Targa image data - Color 24774 x 28903 x 8 +16516 +20645 - 1-bit alpha - four way interleave | 4.913842031336163 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x4d9000 | 0x21948 | 0x21a00 | df64e50825dd96a00eaf8bf305ae8fb2 | False | 0.5062441914498141 | PEX Binary Archive | 6.296634644337165 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x4fb000 | 0x529 | 0x600 | 0ce30680c556f6d9ff405a1e8c54d237 | False | 0.380859375 | data | 4.976087619962544 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x4fc000 | 0x114a4 | 0x11600 | 108494dc8bb8f996882e61b6f603d29a | False | 0.10410577787769784 | data | 5.450124513944441 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_MANIFEST | 0x4fb088 | 0x323 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.48816936488169366 |
RT_MANIFEST | 0x4fb3ac | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
DLL | Import |
---|---|
SHLWAPI.dll | PathStripToRootW, PathFindExtensionW, PathRemoveFileSpecW, PathIsUNCW, StrCpyW, PathFindFileNameW, StrFormatKBSizeW |
SETUPAPI.dll | SetupDiGetClassDevsW, SetupDiGetDeviceInterfaceDetailW, SetupDiEnumDeviceInterfaces, SetupDiDestroyDeviceInfoList |
KERNEL32.dll | TlsFree, CreateSemaphoreA, TlsSetValue, SetThreadPriority, GetCurrentThread, DuplicateHandle, GetThreadPriority, TlsGetValue, SetLastError, TlsAlloc, GetCurrentProcessId, EnterCriticalSection, LeaveCriticalSection, GetCurrentProcess, GetProcessAffinityMask, CreateEventA, SetEvent, GetACP, GetCurrentThreadId, LoadLibraryA, GetSystemDirectoryA, CopyFileW, GetSystemDirectoryW, InitializeCriticalSection, CreateThread, ReadFile, GetFileAttributesW, DeleteFileW, GetModuleHandleW, LocalFree, LocalAlloc, CreateSemaphoreW, ReleaseSemaphore, LoadLibraryW, GetProcAddress, FreeLibrary, CreateEventW, ResetEvent, DeviceIoControl, GetDriveTypeW, FindNextFileW, FindFirstFileW, FindClose, GetVersionExW, GetSystemInfo, GetNativeSystemInfo, CloseHandle, SetThreadContext, GetThreadContext, ResumeThread, SuspendThread, SetFileTime, CreateFileW, WideCharToMultiByte, TerminateThread, WaitForSingleObject, MultiByteToWideChar, FindResourceW, RtlUnwind, SizeofResource, GlobalAlloc, GlobalSize, GlobalLock, GlobalUnlock, GlobalFree, MulDiv, FormatMessageW, OutputDebugStringA, EncodePointer, FreeResource, GetModuleFileNameW, GetModuleHandleExW, LoadLibraryExW, GlobalDeleteAtom, lstrcmpW, GlobalAddAtomW, GlobalFindAtomW, CreateActCtxW, ActivateActCtx, DeactivateActCtx, FindActCtxSectionStringW, QueryActCtxW, CompareStringW, VirtualProtect, lstrcmpA, GetPrivateProfileIntW, GetPrivateProfileStringW, WritePrivateProfileStringW, GlobalReAlloc, GlobalHandle, LocalReAlloc, GlobalGetAtomNameW, FileTimeToSystemTime, GlobalFlags, lstrcpyW, GetLocaleInfoW, WaitForMultipleObjects, GetUserDefaultUILanguage, FindResourceExW, SetErrorMode, GetCurrentDirectoryW, FlushFileBuffers, GetFileSize, GetFullPathNameW, GetVolumeInformationW, LockFile, SetEndOfFile, SetFilePointer, UnlockFile, WriteFile, lstrcmpiW, GetWindowsDirectoryW, VerSetConditionMask, VerifyVersionInfoW, FileTimeToLocalFileTime, GetFileAttributesExW, GetFileSizeEx, GetFileTime, SystemTimeToTzSpecificLocalTime, GetTempPathW, GetProfileIntW, SearchPathW, GetTempFileNameW, GetUserDefaultLCID, WaitForSingleObjectEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, OutputDebugStringW, SwitchToThread, LCMapStringW, GetStringTypeW, GetCPInfo, RtlUnwindEx, RtlPcToFileHeader, InterlockedFlushSList, GetFileInformationByHandle, GetFileType, PeekNamedPipe, CreateDirectoryW, GetTimeZoneInformation, ExitThread, FreeLibraryAndExitThread, ExitProcess, GetCommandLineA, GetCommandLineW, HeapQueryInformation, VirtualAlloc, VirtualQuery, QueryPerformanceFrequency, SetStdHandle, GetStdHandle, GetDateFormatW, GetTimeFormatW, IsValidLocale, EnumSystemLocalesW, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleCP, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, WriteConsoleW, LockResource, LoadResource, GetTickCount, Sleep, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetProcessHeap, HeapSize, HeapFree, HeapReAlloc, HeapAlloc, GetLastError, RaiseException, DecodePointer, GetSystemDefaultUILanguage |
USER32.dll | IsDialogMessageW, CreateDialogIndirectParamW, GetNextDlgTabItem, GetActiveWindow, GetDesktopWindow, LoadMenuW, GetMessageW, GetAsyncKeyState, MapDialogRect, PostQuitMessage, ShowOwnedPopups, GetWindowThreadProcessId, GetKeyNameTextW, MapVirtualKeyW, GetDC, ReleaseDC, GetSystemMetrics, GetSysColorBrush, DrawTextW, DrawTextExW, GrayStringW, TabbedTextOutW, GetWindowDC, ClientToScreen, FillRect, RealChildWindowFromPoint, TrackMouseEvent, InvalidateRect, InflateRect, DestroyIcon, LoadImageW, DestroyMenu, GetMenuItemInfoW, SystemParametersInfoW, CopyImage, DeleteMenu, CharUpperW, IntersectRect, GetNextDlgGroupItem, WindowFromPoint, DrawFocusRect, IsRectEmpty, DrawIconEx, GetIconInfo, MessageBeep, EnableScrollBar, HideCaret, InvertRect, NotifyWinEvent, CreatePopupMenu, GetMenuDefaultItem, SetLayeredWindowAttributes, EnumDisplayMonitors, SetClassLongPtrW, SetWindowRgn, SetParent, OpenClipboard, CloseClipboard, SetClipboardData, EmptyClipboard, DrawStateW, DrawEdge, DrawFrameControl, IsZoomed, GetSystemMenu, BringWindowToTop, SetCursorPos, CopyIcon, FrameRect, DrawIcon, UnionRect, UpdateLayeredWindow, MonitorFromPoint, LoadAcceleratorsW, TranslateAcceleratorW, InsertMenuItemW, UnpackDDElParam, ReuseDDElParam, GetComboBoxInfo, PostThreadMessageW, WaitMessage, GetKeyboardLayout, IsCharLowerW, MapVirtualKeyExW, ToUnicodeEx, GetKeyboardState, CreateAcceleratorTableW, DestroyAcceleratorTable, CopyAcceleratorTableW, SetRect, LockWindowUpdate, SetMenuDefaultItem, GetDoubleClickTime, ModifyMenuW, RegisterClipboardFormatW, CharUpperBuffW, IsClipboardFormatAvailable, GetUpdateRect, DrawMenuBar, DefFrameProcW, DefMDIChildProcW, TranslateMDISysAccel, SubtractRect, CreateMenu, GetWindowRgn, DestroyCursor, IsWindowEnabled, IsDlgButtonChecked, CheckDlgButton, SetDlgItemTextW, MoveWindow, ShowWindow, GetMonitorInfoW, MonitorFromWindow, WinHelpW, GetScrollInfo, SetScrollInfo, CallNextHookEx, SetWindowsHookExW, GetLastActivePopup, GetClassLongPtrW, SetWindowLongPtrW, GetWindowLongPtrW, EqualRect, CopyRect, GetSysColor, MapWindowPoints, ScreenToClient, AdjustWindowRectEx, RemovePropW, GetPropW, SetPropW, ShowScrollBar, GetScrollRange, SetScrollRange, ScrollWindow, RedrawWindow, ValidateRect, EndPaint, BeginPaint, SetForegroundWindow, GetForegroundWindow, SetActiveWindow, UpdateWindow, TrackPopupMenu, SetMenu, GetMenu, GetCapture, GetKeyState, GetDlgCtrlID, IsIconic, IsWindowVisible, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, GetWindowPlacement, SetWindowPos, DestroyWindow, IsChild, IsMenu, IsWindow, GetClassInfoExW, GetClassInfoW, RegisterClassW, CallWindowProcW, GetMessageTime, GetMessagePos, SetMenuItemInfoW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, EnableMenuItem, CheckMenuItem, GetFocus, GetParent, OffsetRect, SetRectEmpty, GetClientRect, SendDlgItemMessageA, GetWindowTextLengthW, GetWindowTextW, GetScrollPos, SetScrollPos, SetFocus, UnhookWindowsHookEx, RemoveMenu, AppendMenuW, InsertMenuW, GetMenuItemCount, GetMenuItemID, GetSubMenu, GetMenuState, GetMenuStringW, RegisterWindowMessageW, SendMessageW, PostMessageW, UnregisterClassW, EnableWindow, GetWindowRect, LoadIconW, SetCapture, ReleaseCapture, GetClassNameW, GetTopWindow, GetWindow, TranslateMessage, DispatchMessageW, PeekMessageW, DefWindowProcW, CreateWindowExW, DialogBoxIndirectParamW, EndDialog, GetDlgItem, SetTimer, KillTimer, SetWindowTextW, SetCursor, GetCursorPos, PtInRect, GetWindowLongW, SetWindowLongW, EnumThreadWindows, LoadBitmapW, LoadCursorW, MessageBoxW |
GDI32.dll | GetTextExtentPoint32W, CreateFontIndirectW, ScaleWindowExtEx, ScaleViewportExtEx, OffsetWindowOrgEx, SetPixel, StretchBlt, OffsetViewportOrgEx, SetWindowOrgEx, SetWindowExtEx, SetViewportOrgEx, CreateDIBSection, SetDIBColorTable, CreateEllipticRgn, Ellipse, GetTextColor, CreatePolygonRgn, Polygon, Polyline, CreateRoundRectRgn, LPtoDP, Rectangle, GetRgnBox, OffsetRgn, RoundRect, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, ExtFloodFill, SetPaletteEntries, SetPixelV, GetWindowOrgEx, GetViewportOrgEx, GetTextCharsetInfo, GetTextMetricsW, GetTextFaceW, SetViewportExtEx, ExtTextOutW, TextOutW, MoveToEx, GetObjectW, EnumFontFamiliesW, CreateDIBitmap, CreateCompatibleBitmap, GetBkColor, RealizePalette, GetSystemPaletteEntries, GetPaletteEntries, GetNearestPaletteIndex, CreatePalette, DPtoLP, CreateRectRgnIndirect, PatBlt, BitBlt, CreateCompatibleDC, CreateHatchBrush, CreatePen, CreatePatternBrush, CreateRectRgn, CreateSolidBrush, DeleteObject, Escape, ExcludeClipRect, GetClipBox, GetObjectType, GetPixel, GetViewportExtEx, GetWindowExtEx, IntersectClipRect, LineTo, GetStockObject, SetBkMode, SetTextColor, PtVisible, RectVisible, RestoreDC, SaveDC, SetRectRgn, CombineRgn, SetBkColor, CreateBitmap, DeleteDC, GetDeviceCaps, CreateDCW, CopyMetaFileW, SelectClipRgn, ExtSelectClipRgn, SelectObject, SelectPalette, SetMapMode, SetLayout, GetLayout, SetPolyFillMode, SetROP2, SetTextAlign, EnumFontFamiliesExW |
SHELL32.dll | SHAppBarMessage, SHBrowseForFolderW, ShellExecuteW, DragFinish, DragQueryFileW, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetFileInfoW, SHChangeNotify |
OLEAUT32.dll | VarBstrFromDate, VariantCopy, SysAllocStringLen, VariantInit, VariantClear, VariantChangeType, SysAllocString, LoadTypeLib, SysStringLen, SystemTimeToVariantTime, VariantTimeToSystemTime, SysFreeString |
COMDLG32.dll | GetSaveFileNameW |
ADVAPI32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegCreateKeyExW, RegDeleteKeyW, RegDeleteValueW, RegSetValueExW, RegEnumKeyW, RegQueryValueW, RegEnumValueW, RegEnumKeyExW |
MSIMG32.dll | TransparentBlt, AlphaBlend |
UxTheme.dll | GetCurrentThemeName, DrawThemeText, DrawThemeParentBackground, GetThemePartSize, GetThemeSysColor, IsThemeBackgroundPartiallyTransparent, IsAppThemed, OpenThemeData, GetWindowTheme, GetThemeColor, DrawThemeBackground, CloseThemeData |
WINMM.dll | waveOutOpen, waveOutPrepareHeader, waveOutUnprepareHeader, PlaySoundW, waveOutGetPosition, waveOutReset, waveOutWrite, waveOutClose |
WS2_32.dll | WSAStartup, WSACleanup, WSASetLastError, htons, htonl, connect, inet_addr, inet_ntoa, ntohs, recv, send, shutdown, socket, gethostbyaddr, gethostbyname, getservbyport, WSAGetLastError, getservbyname |
gdiplus.dll | GdipCreateFromHDC, GdipCreateBitmapFromHBITMAP, GdipDrawImageI, GdipDeleteGraphics, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCreateBitmapFromScan0, GdipCreateBitmapFromStream, GdipGetImagePaletteSize, GdipGetImagePalette, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipGetImageGraphicsContext, GdipDisposeImage, GdipCloneImage, GdiplusStartup, GdipFree, GdipAlloc, GdiplusShutdown, GdipDrawImageRectI, GdipSetInterpolationMode |
OLEACC.dll | AccessibleObjectFromWindow, CreateStdAccessibleObject, LresultFromObject |
IMM32.dll | ImmReleaseContext, ImmGetContext, ImmGetOpenStatus |
WINSPOOL.DRV | OpenPrinterW, ClosePrinter, DocumentPropertiesW |
ole32.dll | CoInitializeEx, CreateStreamOnHGlobal, CoDisconnectObject, CoInitialize, CoCreateInstance, CoCreateGuid, CoUninitialize, ReleaseStgMedium, OleDuplicateData, CoTaskMemFree, CoTaskMemAlloc, IsAccelerator, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, OleLockRunning, RevokeDragDrop, RegisterDragDrop, CoLockObjectExternal, OleGetClipboard, DoDragDrop |
Name | Ordinal | Address |
---|---|---|
Abort | 1 | 0x180038d50 |
AddBurnDevice | 2 | 0x180038d70 |
AddDir | 3 | 0x180038dd0 |
AddFile | 4 | 0x180038e00 |
AddFileEx | 5 | 0x180038e30 |
AnalyseDeviceCapability | 6 | 0x180038e60 |
AudioFileStop | 7 | 0x180038eb0 |
Burn | 8 | 0x180038ed0 |
BurnDialog | 9 | 0x180014f10 |
BurnISO | 10 | 0x180038ef0 |
CheckLicenseKey | 11 | 0x180038f60 |
CheckSignature | 12 | 0x180039030 |
ClearAll | 13 | 0x180039050 |
CloseCDTextHandle | 14 | 0x180039070 |
CloseDevice | 15 | 0x180039090 |
CloseDirectory | 16 | 0x1800390b0 |
CloseDiskSession | 17 | 0x1800390f0 |
CloseNetworkTagsHandle | 18 | 0x180039130 |
CloseSession | 19 | 0x180039150 |
ConvertSpeedFromKBPerSec | 20 | 0x180039170 |
CopyDisk | 21 | 0x1800391a0 |
CreateDir | 22 | 0x1800391d0 |
CreateImage | 23 | 0x180039200 |
CreateProject | 24 | 0x180039260 |
DABurn | 25 | 0x180039280 |
DABurnISOImage | 26 | 0x1800392e0 |
DACheckSignature | 27 | 0x180039380 |
DACloseDevice | 28 | 0x1800393e0 |
DACloseSession | 29 | 0x180039450 |
DAConvertSpeedFromKBPerSec | 30 | 0x1800394b0 |
DACopyDisk | 31 | 0x180039530 |
DACreateImage | 32 | 0x1800395a0 |
DAEjectDevice | 33 | 0x180039650 |
DAErase | 34 | 0x1800396c0 |
DAGetBurnSpeed | 35 | 0x180039750 |
DAGetDeviceCapabilities | 36 | 0x1800397c0 |
DAGetDeviceCapabilitiesHandle | 37 | 0x180039830 |
DAGetDeviceInformation | 38 | 0x1800398a0 |
DAGetDeviceInformationEx | 39 | 0x180039940 |
DAGetMaxBurnSpeed | 40 | 0x1800399b0 |
DAGetMaxReadSpeed | 41 | 0x1800399b0 |
DAGetMediumFreedbId | 42 | 0x180039a20 |
DAGetMediumInformation | 43 | 0x180039a90 |
DAGetPossibleBurnSpeeds | 44 | 0x180039b00 |
DAGetPossibleImageFormats | 45 | 0x180039b90 |
DAGetPossibleReadSpeeds | 46 | 0x180039c00 |
DAGetReadSpeed | 47 | 0x180039c90 |
DAGetSessionInformation | 48 | 0x180039d00 |
DAGetTrackFormatEx | 49 | 0x180039d80 |
DAGetTrackISRC | 50 | 0x180039e00 |
DAGetTrackIndexes | 51 | 0x180039e80 |
DAGetTrackInformation | 52 | 0x180039f20 |
DAGrabAudioTrack | 53 | 0x180039fa0 |
DAImportFile | 54 | 0x18003a0b0 |
DAImportFileEx | 55 | 0x18003a180 |
DAIsDeviceReady | 56 | 0x18003a290 |
DALockMedium | 57 | 0x18003a330 |
DAOpenDiskSession | 58 | 0x18003a3a0 |
DAPlayAudioTrack | 59 | 0x18003a440 |
DAPrepare | 60 | 0x18003a4b0 |
DAReadCDText | 61 | 0x18003a510 |
DAReadFileContents | 62 | 0x18003a5a0 |
DAReadSectors | 63 | 0x18003a6b0 |
DASaveTrackToFile | 64 | 0x18003a760 |
DASetBurnSpeed | 65 | 0x18003a830 |
DASetReadSpeed | 66 | 0x18003a890 |
DASetRegionalCode | 67 | 0x18003a8f0 |
DAVerifyFile | 68 | 0x18003a950 |
DeInitialize | 69 | 0x18003a9f0 |
DeleteProject | 70 | 0x18003aa60 |
DirExists | 71 | 0x18003aa80 |
EjectDevice | 72 | 0x18003aae0 |
EnableImageDevice | 73 | 0x18003ab00 |
EnableMCNDisabling | 74 | 0x18003ab20 |
Erase | 75 | 0x18003ab40 |
EraseDialog | 76 | 0x180014f70 |
EraseMpegByIndex | 77 | 0x18003ab70 |
ForceDeInitialize | 78 | 0x18003ab90 |
GetASPI | 79 | 0x18003abb0 |
GetActiveDevicesCount | 80 | 0x18003abe0 |
GetAudioFileSize | 81 | 0x18003ac00 |
GetBootInfoEx | 82 | 0x18003ac70 |
GetBootVolumeInformation | 83 | 0x18003aca0 |
GetBurnDevice | 84 | 0x18003acd0 |
GetBurnDevices | 85 | 0x18003adb0 |
GetBurnDoneEventCallback | 86 | 0x18003ade0 |
GetBurnFileEventCallback | 87 | 0x18003ae20 |
GetBurnSpeed | 88 | 0x18003ae60 |
GetCDTextDiskTagString | 89 | 0x18003ae90 |
GetCDTextTrackTagString | 90 | 0x18003af60 |
GetCompareFilesForArrangementEventCallback | 91 | 0x18003b050 |
GetCompressEncrypt | 92 | 0x18003b090 |
GetDVDVideoOptions | 93 | 0x18003b0c0 |
GetDeviceCapabilities | 94 | 0x18003b0f0 |
GetDeviceCapabilitiesHandle | 95 | 0x18003b120 |
GetDeviceInformation | 96 | 0x18003b150 |
GetDeviceInformationEx | 97 | 0x18003b190 |
GetDevices | 98 | 0x18003b1c0 |
GetEraseDoneEventCallback | 99 | 0x18003b1f0 |
GetErrorDeviceName | 100 | 0x18003b230 |
GetFileAllocationTable | 101 | 0x18003b250 |
GetFileEntry | 102 | 0x18003b2f0 |
GetFileTimeEx | 103 | 0x18003b320 |
GetFinalizeEventCallback | 104 | 0x18003b350 |
GetISOInfoEx | 105 | 0x18003b390 |
GetISOVolumeInformation | 106 | 0x18003b3c0 |
GetImageFilePath | 107 | 0x18003b3f0 |
GetImageSize | 108 | 0x18003b4a0 |
GetInfoTextEventCallback | 109 | 0x18003b4d0 |
GetJobDoneEventCallback | 110 | 0x18003b510 |
GetLanguage | 111 | 0x18003b550 |
GetMaxBurnSpeed | 112 | 0x18003b630 |
GetMaxReadSpeed | 113 | 0x18003b630 |
GetMediumFreedbId | 114 | 0x18003b660 |
GetMediumInformation | 115 | 0x18003b690 |
GetMpegCount | 116 | 0x18003b6c0 |
GetNetworkDiskTagInt | 117 | 0x18003b6e0 |
GetNetworkDiskTagString | 118 | 0x18003b710 |
GetNetworkTrackTagInt | 119 | 0x18003b7d0 |
GetNetworkTrackTagString | 120 | 0x18003b810 |
GetNumberOfFiles | 121 | 0x18003b900 |
GetOptions | 122 | 0x18003b930 |
GetPlayTime | 123 | 0x18003b960 |
GetPossibleBurnSpeeds | 124 | 0x18003b9d0 |
GetPossibleImageFormats | 125 | 0x18003ba00 |
GetPossibleReadSpeeds | 126 | 0x18003ba20 |
GetPrecisePlayTime | 127 | 0x18003ba50 |
GetProcessEventCallback | 128 | 0x18003bac0 |
GetProjectType | 129 | 0x18003bb00 |
GetRAWDataEventCallback | 130 | 0x18003bb30 |
GetReadDevice | 131 | 0x18003bb60 |
GetReadSpeed | 132 | 0x18003bc40 |
GetSessionInformation | 133 | 0x18003bc70 |
GetStartVerifyEventCallback | 134 | 0x18003bca0 |
GetText | 135 | 0x18003bce0 |
GetTmpPath | 136 | 0x18003bd50 |
GetTrackFormatEx | 137 | 0x18003bda0 |
GetTrackISRC | 138 | 0x18003bdd0 |
GetTrackIndexes | 139 | 0x18003be00 |
GetTrackInformation | 140 | 0x18003be40 |
GetUDFOptions | 141 | 0x18003be70 |
GetUDFOptionsEx | 142 | 0x18003bf30 |
GetUDFVolumeInformation | 143 | 0x18003bf60 |
GetVerify | 144 | 0x18003bf90 |
GetVerifyDoneEventCallback | 145 | 0x18003bff0 |
GetVerifyErrorEventCallback | 146 | 0x18003c030 |
GetVerifyFileEventCallback | 147 | 0x18003c070 |
GetVerifySectorEventCallback | 148 | 0x18003c0b0 |
GetWriteCDTextInUnicode | 149 | 0x18003c0f0 |
GrabAudioTrack | 150 | 0x18003c130 |
ImportFile | 151 | 0x18003c200 |
ImportFileEx | 152 | 0x18003c2a0 |
Initialize | 153 | 0x18003c360 |
IsDeviceReady | 154 | 0x18003c430 |
IsValidVideoTsFolder | 155 | 0x18003c490 |
LoadBassPlugin | 156 | 0x18003c750 |
LockMedium | 157 | 0x18003c7b0 |
MultiDeviceDialog | 158 | 0x180014f90 |
OpenDirectory | 159 | 0x18003c7d0 |
OpenDiskSession | 160 | 0x18003c850 |
PlayAudioFile | 161 | 0x18003c890 |
PlayAudioTrack | 162 | 0x18003c8f0 |
Prepare | 163 | 0x18003c910 |
ReadCDText | 164 | 0x18003c930 |
ReadDirectory | 165 | 0x18003c980 |
ReadFileContents | 166 | 0x18003c9b0 |
ReadSectors | 167 | 0x18003ca70 |
ReleaseDeviceCapabilities | 168 | 0x18003cac0 |
RemoveBurnDevice | 169 | 0x18003cae0 |
RemoveDir | 170 | 0x18003cb40 |
RemoveFile | 171 | 0x18003cb70 |
RenameDir | 172 | 0x18003cba0 |
RenameFile | 173 | 0x18003cbd0 |
RescanDevices | 174 | 0x18003cc00 |
ResetCallbacks | 175 | 0x18003cc20 |
SaveLogToFile | 176 | 0x18003cc50 |
SaveOptionsToFile | 177 | 0x18003ccb0 |
SaveTrackToFile | 178 | 0x18003cd10 |
SetASPI | 179 | 0x18003cd90 |
SetAddFileEventCallback | 180 | 0x18003cdb0 |
SetAudioDecodeDoneEventCallback | 181 | 0x18003ce00 |
SetAudioDecoderEventCallback | 182 | 0x18003ce50 |
SetAudioFileProperty | 183 | 0x18003cea0 |
SetBootInfoEx | 184 | 0x18003ced0 |
SetBurnDevice | 185 | 0x18003cf20 |
SetBurnDoneEventCallback | 186 | 0x18003cf80 |
SetBurnFileEventCallback | 187 | 0x18003cfd0 |
SetBurnSpeed | 188 | 0x18003d020 |
SetCompareFilesForArrangementEventCallback | 189 | 0x18003d040 |
SetCompressEncrypt | 190 | 0x18003d090 |
SetCreateDirEventCallback | 191 | 0x18003d0c0 |
SetDVDVideoOptions | 192 | 0x18003d110 |
SetEraseDoneEventCallback | 193 | 0x18003d140 |
SetFXApp | 194 | 0x180015030 |
SetFileAttr | 195 | 0x18003d190 |
SetFileTimeEx | 196 | 0x18003d1b0 |
SetFileTimes | 197 | 0x18003d1e0 |
SetFileUserParam | 198 | 0x18003d230 |
SetFinalizeEventCallback | 199 | 0x18003d260 |
SetGetTextEventCallback | 200 | 0x18003d2b0 |
SetISOInfoEx | 201 | 0x18003d300 |
SetIgnoreFileExist | 202 | 0x18003d330 |
SetImageFilePath | 203 | 0x18003d350 |
SetInfoTextEventCallback | 204 | 0x18003d3b0 |
SetJobDoneEventCallback | 205 | 0x18003d430 |
SetLanguage | 206 | 0x18003d480 |
SetOptions | 207 | 0x18003d510 |
SetOptionsFromFile | 208 | 0x18003d540 |
SetProcessEventCallback | 209 | 0x18003d5a0 |
SetRAWDataEventCallback | 210 | 0x18003d5f0 |
SetRAWStructure | 211 | 0x18003d640 |
SetReadDevice | 212 | 0x18003d670 |
SetReadSpeed | 213 | 0x18003d6d0 |
SetRegionalCode | 214 | 0x18003d6f0 |
SetRemoveFileEventCallback | 215 | 0x18003d710 |
SetStartVerifyEventCallback | 216 | 0x18003d760 |
SetTmpPath | 217 | 0x18003d7b0 |
SetUDFOptions | 218 | 0x18003d830 |
SetUDFOptionsEx | 219 | 0x18003d8d0 |
SetVCDKeyHandler | 220 | 0x18003d900 |
SetVCDTimeOutHandler | 221 | 0x18003d920 |
SetVerify | 222 | 0x18003d940 |
SetVerifyDoneEventCallback | 223 | 0x18003d960 |
SetVerifyErrorEventCallback | 224 | 0x18003d9b0 |
SetVerifyFileEventCallback | 225 | 0x18003da00 |
SetVerifySectorEventCallback | 226 | 0x18003da50 |
SetVideoScanDoneEventCallback | 227 | 0x18003daa0 |
SetVideoScannerEventCallback | 228 | 0x18003daf0 |
SetWriteCDTextInUnicode | 229 | 0x18003db40 |
StopMpegAction | 230 | 0x18003db60 |
TagsFromNetworkDialog | 231 | 0x180015040 |
VerifyFile | 232 | 0x18003db80 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2024 13:52:59.920548916 CEST | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
May 4, 2024 13:53:01.311158895 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 4, 2024 13:53:11.045530081 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 4, 2024 13:53:15.932365894 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:53:15.932393074 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:53:15.932442904 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:53:15.932797909 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:53:15.932809114 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:53:16.245651960 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:53:16.356993914 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:53:17.430306911 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:53:17.430335999 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:53:17.431509972 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:53:17.431523085 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:53:17.431665897 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:53:17.434149981 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:53:17.434221029 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:53:17.544491053 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:53:17.544506073 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:53:17.653863907 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:53:18.283510923 CEST | 49738 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:18.283559084 CEST | 443 | 49738 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:18.283623934 CEST | 49738 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:18.283904076 CEST | 49738 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:18.283916950 CEST | 443 | 49738 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:18.314030886 CEST | 49739 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:18.314069986 CEST | 443 | 49739 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:18.314126015 CEST | 49739 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:18.315759897 CEST | 49739 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:18.315773010 CEST | 443 | 49739 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:18.623912096 CEST | 443 | 49739 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:18.623974085 CEST | 49739 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:18.639890909 CEST | 49739 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:18.639908075 CEST | 443 | 49739 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:18.640180111 CEST | 443 | 49739 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:18.699830055 CEST | 49739 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:18.740155935 CEST | 443 | 49739 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:18.918675900 CEST | 443 | 49739 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:18.918756008 CEST | 443 | 49739 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:18.918874025 CEST | 49739 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:18.918874025 CEST | 49739 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:18.918896914 CEST | 49739 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:18.918908119 CEST | 443 | 49739 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:18.935354948 CEST | 443 | 49738 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:18.935421944 CEST | 49738 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:18.962692976 CEST | 49740 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:18.962739944 CEST | 443 | 49740 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:18.967008114 CEST | 49740 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:18.967184067 CEST | 49740 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:18.967195988 CEST | 443 | 49740 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:19.275337934 CEST | 443 | 49740 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:19.278719902 CEST | 49740 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:19.302717924 CEST | 49740 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:19.302735090 CEST | 443 | 49740 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:19.303021908 CEST | 443 | 49740 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:19.306713104 CEST | 49740 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:19.352117062 CEST | 443 | 49740 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:19.454719067 CEST | 49738 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:19.454745054 CEST | 443 | 49738 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:19.455178976 CEST | 443 | 49738 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:19.480654001 CEST | 49738 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:19.480654001 CEST | 49738 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:19.480695009 CEST | 443 | 49738 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:19.579332113 CEST | 443 | 49740 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:19.579413891 CEST | 443 | 49740 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:19.579545975 CEST | 49740 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:19.580250025 CEST | 49740 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:19.580265045 CEST | 443 | 49740 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:19.580292940 CEST | 49740 | 443 | 192.168.2.4 | 23.32.230.129 |
May 4, 2024 13:53:19.580297947 CEST | 443 | 49740 | 23.32.230.129 | 192.168.2.4 |
May 4, 2024 13:53:19.924954891 CEST | 443 | 49738 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:19.925055027 CEST | 443 | 49738 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:19.930726051 CEST | 49738 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:19.942601919 CEST | 49738 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:19.942601919 CEST | 49738 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:19.942624092 CEST | 443 | 49738 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:19.942650080 CEST | 443 | 49738 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:20.012020111 CEST | 49743 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:20.012053967 CEST | 443 | 49743 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:20.012119055 CEST | 49743 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:20.012258053 CEST | 49743 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:20.012273073 CEST | 443 | 49743 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:20.670175076 CEST | 443 | 49743 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:20.721018076 CEST | 49743 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:22.995357990 CEST | 49743 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:22.995398045 CEST | 443 | 49743 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:22.998984098 CEST | 49743 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:22.998991966 CEST | 443 | 49743 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:22.999217033 CEST | 49743 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:22.999232054 CEST | 443 | 49743 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:23.815258026 CEST | 49672 | 443 | 192.168.2.4 | 173.222.162.32 |
May 4, 2024 13:53:23.815294981 CEST | 443 | 49672 | 173.222.162.32 | 192.168.2.4 |
May 4, 2024 13:53:23.976105928 CEST | 49745 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:53:23.976134062 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:23.976365089 CEST | 49745 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:53:23.977364063 CEST | 49745 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:53:23.977374077 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:24.830527067 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:24.830636978 CEST | 49745 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:53:24.834125042 CEST | 49745 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:53:24.834132910 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:24.834378004 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:24.916409016 CEST | 49745 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:53:24.960115910 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:25.667166948 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:25.667190075 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:25.667196989 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:25.667224884 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:25.667238951 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:25.667251110 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:25.667350054 CEST | 49745 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:53:25.667350054 CEST | 49745 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:53:25.667368889 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:25.667378902 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:25.667397976 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:25.667404890 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:25.667418957 CEST | 49745 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:53:25.667459965 CEST | 49745 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:53:26.256763935 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:53:26.256827116 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:53:26.256889105 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:53:26.366442919 CEST | 49745 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:53:26.366460085 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:26.366472960 CEST | 49745 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:53:26.366478920 CEST | 443 | 49745 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:53:26.667907953 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:53:26.667937994 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:53:33.551183939 CEST | 443 | 49743 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:33.551275015 CEST | 443 | 49743 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:33.551376104 CEST | 49743 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:34.391283035 CEST | 49743 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:34.391304970 CEST | 443 | 49743 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:34.391318083 CEST | 49743 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:34.391323090 CEST | 443 | 49743 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:34.424822092 CEST | 49747 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:34.424870014 CEST | 443 | 49747 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:34.424920082 CEST | 49747 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:34.425185919 CEST | 49747 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:34.425199032 CEST | 443 | 49747 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:35.079641104 CEST | 443 | 49747 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:35.088536024 CEST | 49747 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:35.088563919 CEST | 443 | 49747 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:35.090723038 CEST | 49747 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:35.090728045 CEST | 443 | 49747 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:35.090899944 CEST | 49747 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:35.090903044 CEST | 443 | 49747 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:37.622200012 CEST | 443 | 49747 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:37.622292042 CEST | 443 | 49747 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:37.622359037 CEST | 49747 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:38.585244894 CEST | 49747 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:38.585277081 CEST | 443 | 49747 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:38.585292101 CEST | 49747 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:38.585298061 CEST | 443 | 49747 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:38.619463921 CEST | 49748 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:38.619503021 CEST | 443 | 49748 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:38.619555950 CEST | 49748 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:38.619894028 CEST | 49748 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:38.619906902 CEST | 443 | 49748 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:39.275243044 CEST | 443 | 49748 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:39.277230978 CEST | 49748 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:39.277256012 CEST | 443 | 49748 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:39.278275013 CEST | 49748 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:39.278280973 CEST | 443 | 49748 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:39.278367043 CEST | 49748 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:39.278372049 CEST | 443 | 49748 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:39.772701025 CEST | 443 | 49748 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:39.772720098 CEST | 443 | 49748 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:39.772772074 CEST | 49748 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:39.772789955 CEST | 443 | 49748 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:39.772818089 CEST | 443 | 49748 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:39.772861958 CEST | 49748 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:39.773025036 CEST | 49748 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:39.773040056 CEST | 443 | 49748 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:39.795248032 CEST | 49749 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:39.795286894 CEST | 443 | 49749 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:39.795341015 CEST | 49749 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:39.795586109 CEST | 49749 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:39.795604944 CEST | 443 | 49749 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:40.452019930 CEST | 443 | 49749 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:40.452455044 CEST | 49749 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:40.452481031 CEST | 443 | 49749 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:40.453017950 CEST | 49749 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:40.453025103 CEST | 443 | 49749 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:40.453056097 CEST | 49749 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:40.453059912 CEST | 443 | 49749 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:42.422665119 CEST | 443 | 49749 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:42.422756910 CEST | 443 | 49749 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:42.422807932 CEST | 49749 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:42.886332035 CEST | 49749 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:42.886372089 CEST | 443 | 49749 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:42.886385918 CEST | 49749 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:42.886392117 CEST | 443 | 49749 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:43.172820091 CEST | 49750 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:43.172856092 CEST | 443 | 49750 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:43.172909975 CEST | 49750 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:43.174968004 CEST | 49750 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:43.174977064 CEST | 443 | 49750 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:43.832845926 CEST | 443 | 49750 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:43.833328962 CEST | 49750 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:43.833339930 CEST | 443 | 49750 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:43.834073067 CEST | 49750 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:43.834078074 CEST | 443 | 49750 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:43.834116936 CEST | 49750 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:43.834124088 CEST | 443 | 49750 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:44.295738935 CEST | 443 | 49750 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:44.295758963 CEST | 443 | 49750 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:44.295810938 CEST | 49750 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:44.295830965 CEST | 443 | 49750 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:44.295841932 CEST | 443 | 49750 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:44.295914888 CEST | 49750 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:44.296155930 CEST | 49750 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:44.296155930 CEST | 49750 | 443 | 192.168.2.4 | 20.190.151.132 |
May 4, 2024 13:53:44.296175003 CEST | 443 | 49750 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:53:44.296180964 CEST | 443 | 49750 | 20.190.151.132 | 192.168.2.4 |
May 4, 2024 13:54:03.449832916 CEST | 49755 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:54:03.449862957 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:03.449938059 CEST | 49755 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:54:03.450303078 CEST | 49755 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:54:03.450316906 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:04.302138090 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:04.302211046 CEST | 49755 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:54:05.094479084 CEST | 49755 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:54:05.094496012 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:05.094810963 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:05.099050045 CEST | 49755 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:54:05.140122890 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:05.659974098 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:05.659996986 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:05.660012007 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:05.660074949 CEST | 49755 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:54:05.660088062 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:05.660150051 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:05.660151005 CEST | 49755 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:54:05.660190105 CEST | 49755 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:54:05.689830065 CEST | 49755 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:54:05.689863920 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:05.689897060 CEST | 49755 | 443 | 192.168.2.4 | 40.127.169.103 |
May 4, 2024 13:54:05.689903021 CEST | 443 | 49755 | 40.127.169.103 | 192.168.2.4 |
May 4, 2024 13:54:15.842957973 CEST | 49757 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:54:15.842995882 CEST | 443 | 49757 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:54:15.843061924 CEST | 49757 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:54:15.843338966 CEST | 49757 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:54:15.843354940 CEST | 443 | 49757 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:54:16.153637886 CEST | 443 | 49757 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:54:16.201148033 CEST | 49757 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:54:17.318048000 CEST | 49757 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:54:17.318072081 CEST | 443 | 49757 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:54:17.318574905 CEST | 443 | 49757 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:54:17.349355936 CEST | 49757 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:54:17.349426985 CEST | 443 | 49757 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:54:17.404289007 CEST | 49757 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:54:18.873224020 CEST | 49723 | 80 | 192.168.2.4 | 23.206.229.76 |
May 4, 2024 13:54:19.024597883 CEST | 80 | 49723 | 23.206.229.76 | 192.168.2.4 |
May 4, 2024 13:54:19.024650097 CEST | 49723 | 80 | 192.168.2.4 | 23.206.229.76 |
May 4, 2024 13:54:26.196012974 CEST | 443 | 49757 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:54:26.196080923 CEST | 443 | 49757 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 13:54:26.196192026 CEST | 49757 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:54:26.281270027 CEST | 49757 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 13:54:26.281296968 CEST | 443 | 49757 | 142.250.217.132 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2024 13:53:11.589695930 CEST | 51542 | 53 | 192.168.2.4 | 8.8.8.8 |
May 4, 2024 13:53:11.590344906 CEST | 58322 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 13:53:11.627665043 CEST | 53 | 60786 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 13:53:11.651282072 CEST | 53 | 60637 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 13:53:11.740444899 CEST | 53 | 58322 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 13:53:11.747253895 CEST | 53 | 51542 | 8.8.8.8 | 192.168.2.4 |
May 4, 2024 13:53:13.972687960 CEST | 53 | 52545 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 13:53:15.780375004 CEST | 60779 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 13:53:15.780508041 CEST | 56166 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 13:53:15.930543900 CEST | 53 | 60779 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 13:53:15.931523085 CEST | 53 | 56166 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 13:53:30.464740038 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
May 4, 2024 13:53:33.164223909 CEST | 53 | 56322 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 13:53:52.712666035 CEST | 53 | 55823 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 13:54:11.214421988 CEST | 53 | 50823 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 13:54:15.572798967 CEST | 53 | 51344 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 13:54:40.352781057 CEST | 53 | 51173 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 4, 2024 13:53:11.589695930 CEST | 192.168.2.4 | 8.8.8.8 | 0xeed2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 13:53:11.590344906 CEST | 192.168.2.4 | 1.1.1.1 | 0xcd63 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 13:53:15.780375004 CEST | 192.168.2.4 | 1.1.1.1 | 0xdfd4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 13:53:15.780508041 CEST | 192.168.2.4 | 1.1.1.1 | 0xdf6 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 4, 2024 13:53:11.740444899 CEST | 1.1.1.1 | 192.168.2.4 | 0xcd63 | No error (0) | 142.250.189.14 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 13:53:11.747253895 CEST | 8.8.8.8 | 192.168.2.4 | 0xeed2 | No error (0) | 142.250.68.46 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 13:53:15.930543900 CEST | 1.1.1.1 | 192.168.2.4 | 0xdfd4 | No error (0) | 142.250.217.132 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 13:53:15.931523085 CEST | 1.1.1.1 | 192.168.2.4 | 0xdf6 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49739 | 23.32.230.129 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 11:53:18 UTC | 161 | OUT | |
2024-05-04 11:53:18 UTC | 509 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49740 | 23.32.230.129 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 11:53:19 UTC | 212 | OUT | |
2024-05-04 11:53:19 UTC | 510 | IN | |
2024-05-04 11:53:19 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
2 | 192.168.2.4 | 49738 | 20.190.151.132 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 11:53:19 UTC | 422 | OUT | |
2024-05-04 11:53:19 UTC | 3592 | OUT | |
2024-05-04 11:53:19 UTC | 568 | IN | |
2024-05-04 11:53:19 UTC | 1276 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
3 | 192.168.2.4 | 49743 | 20.190.151.132 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 11:53:22 UTC | 446 | OUT | |
2024-05-04 11:53:22 UTC | 7642 | OUT | |
2024-05-04 11:53:33 UTC | 549 | IN | |
2024-05-04 11:53:33 UTC | 210 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49745 | 40.127.169.103 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 11:53:24 UTC | 306 | OUT | |
2024-05-04 11:53:25 UTC | 560 | IN | |
2024-05-04 11:53:25 UTC | 15824 | IN | |
2024-05-04 11:53:25 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
5 | 192.168.2.4 | 49747 | 20.190.151.132 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 11:53:35 UTC | 445 | OUT | |
2024-05-04 11:53:35 UTC | 334 | OUT | |
2024-05-04 11:53:37 UTC | 540 | IN | |
2024-05-04 11:53:37 UTC | 261 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
6 | 192.168.2.4 | 49748 | 20.190.151.132 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 11:53:39 UTC | 422 | OUT | |
2024-05-04 11:53:39 UTC | 2041 | OUT | |
2024-05-04 11:53:39 UTC | 568 | IN | |
2024-05-04 11:53:39 UTC | 5265 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
7 | 192.168.2.4 | 49749 | 20.190.151.132 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 11:53:40 UTC | 445 | OUT | |
2024-05-04 11:53:40 UTC | 334 | OUT | |
2024-05-04 11:53:42 UTC | 540 | IN | |
2024-05-04 11:53:42 UTC | 261 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
8 | 192.168.2.4 | 49750 | 20.190.151.132 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 11:53:43 UTC | 422 | OUT | |
2024-05-04 11:53:43 UTC | 3358 | OUT | |
2024-05-04 11:53:44 UTC | 568 | IN | |
2024-05-04 11:53:44 UTC | 5285 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49755 | 40.127.169.103 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 11:54:05 UTC | 306 | OUT | |
2024-05-04 11:54:05 UTC | 560 | IN | |
2024-05-04 11:54:05 UTC | 15824 | IN | |
2024-05-04 11:54:05 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:53:04 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724360000 |
File size: | 165'888 bytes |
MD5 hash: | 763455F9DCB24DFEECC2B9D9F8D46D52 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 1 |
Start time: | 13:53:04 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 13:53:04 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff625c00000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 13:53:04 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff688e10000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 13:53:04 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff688e10000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 13:53:04 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7103b0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 13:53:04 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7103b0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 13:53:07 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff688e10000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 13:53:07 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7103b0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 13:53:09 |
Start date: | 04/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 15 |
Start time: | 13:53:10 |
Start date: | 04/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 16 |
Start time: | 13:53:10 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff688e10000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 18 |
Start time: | 13:53:11 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7103b0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 20 |
Start time: | 13:53:13 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7103b0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 22 |
Start time: | 13:53:15 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7103b0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 25 |
Start time: | 13:53:23 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7103b0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 27 |
Start time: | 13:53:26 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7103b0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 29 |
Start time: | 13:53:30 |
Start date: | 04/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7103b0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |