Windows Analysis Report cross2007.exe

AV Detection:

Multi AV Scanner detection for submitted file

Source: cross2007.exe

ReversingLabs: Detection: 44%

Antivirus / Scanner detection for submitted sample

Source: cross2007.exe

Avira: detected

Cryptography:

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00933AE0 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,		1_2_00933AE0
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00933BD0 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,		1_2_00933BD0
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0091CC80 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,		1_2_0091CC80
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0091ACB0 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext,		1_2_0091ACB0
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0091CC20 CryptAcquireContextA,CryptCreateHash,		1_2_0091CC20
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0091CC60 CryptHashData,		1_2_0091CC60

Exploits:

Contains functionality to create an SMB header

Source: C:\Users\user\Desktop\cross2007.exe

Code function: mov dword ptr [ebx+04h], 424D53FFh

1_2_0091E620

Compliance:

Uses 32bit PE files

Source: cross2007.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: cross2007.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Binary contains paths to debug symbols

Source:

Binary string: E:\123\All in Desktop\crown-demo-01-07-2019\cross3\Release\cross3.pdb source: cross2007.exe

Spreading:

Contains functionality to enumerate / list files inside a directory

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_00956BD3 FindFirstFileExA,

1_2_00956BD3

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 2029143 ET TROJAN CrownAdPro CnC Activity M1 192.168.2.3:49750 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029285 ET TROJAN CrownAdPro CnC Activity M2 192.168.2.3:49751 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029286 ET TROJAN CrownAdPro CnC Activity M3 192.168.2.3:49752 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029287 ET TROJAN CrownAdPro CnC Activity M4 192.168.2.3:49753 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49754 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49755 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49756 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49757 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49758 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49759 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49760 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49761 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49762 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49763 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49764 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49765 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49766 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49767 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49768 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49769 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49770 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49771 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49772 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49773 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49774 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49775 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49776 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49777 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49778 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49779 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49780 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49781 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49782 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49783 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49784 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49785 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49786 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49788 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49790 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49791 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49792 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49793 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49794 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49795 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49796 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49797 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49798 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49799 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49800 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49801 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49802 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49803 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49804 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49805 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49806 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49807 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49808 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49809 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49810 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49811 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49812 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49813 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49814 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49815 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49816 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49817 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49818 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49819 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49820 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49821 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49822 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49823 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49824 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49825 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49826 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49827 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49828 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49829 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49830 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49831 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49832 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49833 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49834 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49835 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49836 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49837 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49838 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49840 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49841 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49843 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49846 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49850 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49857 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49860 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49862 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49866 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49868 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49871 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49874 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49877 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49878 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49879 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49880 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49881 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49882 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49883 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49884 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49885 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49886 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49887 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49888 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49889 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49891 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49893 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49894 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49895 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49896 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49897 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49898 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49899 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49900 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49901 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49902 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49903 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49904 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49905 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49906 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49907 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49908 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49909 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49910 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49911 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49912 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49913 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49914 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49920 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49921 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49922 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49923 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49924 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49925 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49926 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49927 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49928 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49929 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49930 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49931 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49932 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49933 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49934 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49935 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49936 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49937 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49938 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49939 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49940 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49941 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49943 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49944 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49945 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49946 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49947 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49948 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49949 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49950 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49951 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49952 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49953 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49954 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49955 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49956 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49957 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49958 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49959 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49960 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49961 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49962 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49963 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49964 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49965 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49966 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49967 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49968 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49969 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49970 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49971 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49972 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49973 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49975 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49976 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49977 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49978 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49979 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49980 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49981 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49982 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49983 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49984 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49985 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49986 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49987 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49988 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49989 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49990 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49991 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49992 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49993 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49994 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49995 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49996 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49997 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49998 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49999 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50000 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50001 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50002 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50003 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50004 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50005 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50006 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50007 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50008 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50009 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50010 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50011 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50012 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50013 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50014 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50015 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50016 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50017 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50018 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50019 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50020 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50021 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50022 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50023 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50024 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50025 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50026 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50027 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50028 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50029 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50030 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50031 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50032 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50033 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50034 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50035 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50036 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50037 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50038 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50039 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50040 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50041 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50042 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50043 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50044 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50045 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50046 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50047 -> 74.208.236.24:80
Source: Traffic	Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50048 -> 74.208.236.24:80

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /iam//index.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixset.php?ip=84.17.52.45&mcid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixpkey.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixptexts.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /setad.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*

URLs found in memory or binary data

Source: cross2007.exe	String found in binary or memory: http://prodownload.live/clssem.php?
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/clssem.php?Tempexplorer.exe13764675Activation
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/cmosem.php?
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/cmosem.php?CMD4628913757915128Override
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/iam//index.php
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/ixlive.php?uid=
Source: cross2007.exe, 00000001.00000003.492157652.000000000171F000.00000004.00000001.sdmp, cross2007.exe, 00000001.00000003.375628930.000000000171F000.00000004.00000001.sdmp, cross2007.exe, 00000001.00000003.494252792.000000000171F000.00000004.00000001.sdmp	String found in binary or memory: http://prodownload.live/ixlive.php?uid=1
Source: cross2007.exe, 00000001.00000003.494252792.000000000171F000.00000004.00000001.sdmp	String found in binary or memory: http://prodownload.live/ixlive.php?uid=1.
Source: cross2007.exe, 00000001.00000003.390621622.000000000171F000.00000004.00000001.sdmp	String found in binary or memory: http://prodownload.live/ixlive.php?uid=1D
Source: cross2007.exe, 00000001.00000003.390621622.000000000171F000.00000004.00000001.sdmp	String found in binary or memory: http://prodownload.live/ixlive.php?uid=1h
Source: cross2007.exe, 00000001.00000003.491174205.000000000171F000.00000004.00000001.sdmp	String found in binary or memory: http://prodownload.live/ixlive.php?uid=1vh
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/ixlive.php?uid=http://prodownload.live/iam//index.php1versionSoftware
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/ixpkey.php
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/ixptexts.php
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/ixset.php?ip=
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/ixset.php?ip=http://prodownload.live/ixpkey.phphttp://prodownload.live/setad
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/mexdsem.php?
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/mexdsem.php?NDSPATHAlertOperating
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/msisem.php?
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/msisem.php?MasterDEFAULT_GUI_FONTEditOKButtonstring
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/setad.php
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/supsem.php?
Source: cross2007.exe	String found in binary or memory: http://prodownload.live/supsem.php?FastSuporthttp://www.fastsupport.com/59327086LogMeInhttp://secure
Source: Taskmgr.exe, 00000004.00000002.563615190.0000000000890000.00000002.00020000.sdmp	String found in binary or memory: http://schemas.microsoft
Source: cross2007.exe	String found in binary or memory: http://secure.logmeinrescue.com/Customer/Code.aspx
Source: cross2007.exe	String found in binary or memory: http://www.fastsupport.com/
Source: cross2007.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: cross2007.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#

Performs DNS lookups

Source: unknown

DNS traffic detected: queries for: prodownload.live

Contains functionality to download additional files from the internet

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_0090CF40 recv,WSAGetLastError,

1_2_0090CF40

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /iam//index.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixset.php?ip=84.17.52.45&mcid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixpkey.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixptexts.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /setad.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic	HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Potential key logger detected (key state polling based)

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_008F70E0 GetStockObject,GetClientRect,InitCommonControlsEx,BeginPaint,CreateWindowExW,SendMessageW,SendMessageW,CreateWindowExW,SendMessageW,ShowWindow,CreateWindowExW,CreateWindowExW,ShowWindow,GetSystemMenu,EnableMenuItem,SetTimer,SetTimer,SetTimer,BeginPaint,SetBkMode,SetTextColor,CreateFontW,SelectObject,SetBkColor,TextOutA,TextOutA,CreateFontW,SelectObject,TextOutA,CreateFontW,SelectObject,TextOutA,TextOutA,TextOutA,TextOutA,TextOutA,TextOutA,TextOutA,SetBkMode,SetTextColor,CreateFontW,SelectObject,SetBkColor,SetTextColor,TextOutA,EndPaint,GetClientRect,SetBkColor,ExtTextOutW,SetBkMode,GetKeyState,GetKeyState,GetKeyState,DefWindowProcW,ShellExecuteW,PostMessageW,PostQuitMessage,GetWindowTextLengthW,GetWindowTextW,MessageBoxW,ShellExecuteW,PostMessageW,PostQuitMessage,SetWindowTextW,MessageBoxW,ShellExecuteW,PostMessageW,PostQuitMessage,MessageBoxW,MessageBoxW,SetWindowPos,SetWindowTextW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,PlaySoundW,MessageBoxA,SetWindowTextW,SetWindowTextW,SetWindowTextW,GetWindowTextLengthW,GetWindowTextW,ShowWindow,ShowWindow,ShowWindow,ShowWindow,ShowWindow,RedrawWindow,PlaySoundW,MessageBoxW,ShowWindow,RedrawWindow,PlaySoundW,SetWindowTextW,ShowWindow,ShowWindow,ShowWindow,ShowWindow,RedrawWindow,PlaySoundW,MessageBoxA,PlaySoundW,MessageBoxA,

1_2_008F70E0

Spam, unwanted Advertisements and Ransom Demands:

Contains functionality to import cryptographic keys (often used in ransomware)

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_00933BD0 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,

1_2_00933BD0

System Summary:

Uses 32bit PE files

Source: cross2007.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Detected potential crypto function

Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0090C140		1_2_0090C140
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_009400CB		1_2_009400CB
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0093C379		1_2_0093C379
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00917440		1_2_00917440
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00911550		1_2_00911550
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_008FD65C		1_2_008FD65C
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00928660		1_2_00928660
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0093C791		1_2_0093C791
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_009477A0		1_2_009477A0
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0091B7D0		1_2_0091B7D0
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_009598C5		1_2_009598C5
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0091A9C0		1_2_0091A9C0
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00931AA0		1_2_00931AA0
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0093CBC6		1_2_0093CBC6
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0094DB5C		1_2_0094DB5C
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0093BDD0		1_2_0093BDD0
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0093FE9C		1_2_0093FE9C
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00937EB0		1_2_00937EB0
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0093BE7D		1_2_0093BE7D
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00936F90		1_2_00936F90
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0093CFFB		1_2_0093CFFB
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0092CF20		1_2_0092CF20

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\cross2007.exe	Code function: String function: 00917220 appears 41 times
Source: C:\Users\user\Desktop\cross2007.exe	Code function: String function: 00917E80 appears 36 times
Source: C:\Users\user\Desktop\cross2007.exe	Code function: String function: 0090CBB0 appears 295 times
Source: C:\Users\user\Desktop\cross2007.exe	Code function: String function: 008FA8E0 appears 36 times
Source: C:\Users\user\Desktop\cross2007.exe	Code function: String function: 0090CC90 appears 274 times
Source: C:\Users\user\Desktop\cross2007.exe	Code function: String function: 00934150 appears 40 times
Source: C:\Users\user\Desktop\cross2007.exe	Code function: String function: 00939B90 appears 55 times
Source: C:\Users\user\Desktop\cross2007.exe	Code function: String function: 00917F30 appears 81 times
Source: C:\Users\user\Desktop\cross2007.exe	Code function: String function: 0093B291 appears 45 times

Sample file is different than original file name gathered from version info

Source: cross2007.exe, 00000001.00000002.563728854.000000000097D000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameessentials.exe> vs cross2007.exe
Source: cross2007.exe	Binary or memory string: OriginalFilenameessentials.exe> vs cross2007.exe

Sample is known by Antivirus

Source: cross2007.exe

ReversingLabs: Detection: 44%

PE file has an executable .text section and no other executable section

Source: cross2007.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Reads software policies

Source: C:\Users\user\Desktop\cross2007.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Users\user\Desktop\cross2007.exe 'C:\Users\user\Desktop\cross2007.exe'
Source: C:\Users\user\Desktop\cross2007.exe	Process created: C:\Windows\SysWOW64\Taskmgr.exe 'C:\Windows\System32\Taskmgr.exe'
Source: C:\Users\user\Desktop\cross2007.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /IM explorer.exe -f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM explorer.exe -f
Source: C:\Users\user\Desktop\cross2007.exe	Process created: C:\Windows\SysWOW64\Taskmgr.exe 'C:\Windows\System32\Taskmgr.exe'			Jump to behavior
Source: C:\Users\user\Desktop\cross2007.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /IM explorer.exe -f			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM explorer.exe -f			Jump to behavior

Uses an in-process (OLE) Automation server

Source: C:\Users\user\Desktop\cross2007.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Queries process information (via WMI, Win32_Process)

Source: C:\Windows\SysWOW64\taskkill.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "explorer.exe")

Creates files inside the user directory

Source: C:\Windows\SysWOW64\Taskmgr.exe

File created: C:\Users\user\AppData\Local\D3DSCache\3e2651cb230b5698\

Jump to behavior

Classification label

Source: classification engine

Classification label: sus34.evad.winEXE@8/3@264/2

Reads ini files

Source: C:\Users\user\Desktop\cross2007.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Contains functionality for error logging

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_0091A090 GetLastError,_strncpy,FormatMessageA,_strrchr,_strrchr,GetLastError,SetLastError,

1_2_0091A090

Found detection on Joe Sandbox Cloud Basic with higher score

Source: cross2007.exe

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Creates mutexes

Source: C:\Windows\SysWOW64\Taskmgr.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\TM.750ce7b0-e5fd-454f-9fad-2f66513dfa1b
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6676:120:WilError_01

Contains functionality to load and extract PE file embedded resources

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_008F2600 LoadResource,LockResource,SizeofResource,

1_2_008F2600

Might use command line arguments

Source: C:\Users\user\Desktop\cross2007.exe	Command line argument: ArmourStacks		1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe	Command line argument: version		1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe	Command line argument: uuid		1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe	Command line argument: 1500		1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe	Command line argument: 500		1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe	Command line argument: 1500		1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe	Command line argument: 500		1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe	Command line argument: 500		1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe	Command line argument: 1500		1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe	Command line argument: ArmourStacks		1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe	Command line argument: taskmgr.exe		1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe	Command line argument: Open		1_2_008F6210

Reads the hosts file

Source: C:\Users\user\Desktop\cross2007.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\cross2007.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Executable creates window controls seldom found in malware

Source: C:\Windows\SysWOW64\Taskmgr.exe

Window found: window name: SysTabControl32

Jump to behavior

Found GUI installer (many successful clicks)

Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe	Automated click: OK

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

PE file contains a mix of data directories often seen in goodware

Source: cross2007.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: cross2007.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: cross2007.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: cross2007.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: cross2007.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: cross2007.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: cross2007.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

PE file contains a debug data directory

Source: cross2007.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Binary contains paths to debug symbols

Source:

Binary string: E:\123\All in Desktop\crown-demo-01-07-2019\cross3\Release\cross3.pdb source: cross2007.exe

PE file contains a valid data directory to section mapping

Source: cross2007.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: cross2007.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: cross2007.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: cross2007.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: cross2007.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation:

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00939066 push ecx; ret		1_2_00939079
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0093D595 push ecx; iretd		1_2_0093D596
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00939BD6 push ecx; ret		1_2_00939BE9

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_00919230 GetModuleHandleA,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,

1_2_00919230

Hooking and other Techniques for Hiding and Protection:

Stores large binary data to the registry

Source: C:\Windows\SysWOW64\Taskmgr.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\TaskManager Preferences

Jump to behavior

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_008FD65C GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_008FD65C

Disables application error messsages (SetErrorMode)

Source: C:\Users\user\Desktop\cross2007.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion:

Query firmware table information (likely to detect VMs)

Source: C:\Windows\SysWOW64\Taskmgr.exe

System information queried: FirmwareTableInformation

Jump to behavior

Found decision node followed by non-executed suspicious APIs

Source: C:\Users\user\Desktop\cross2007.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

Contains capabilities to detect virtual machines

Source: C:\Windows\SysWOW64\Taskmgr.exe

File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Queries a list of all running processes

Source: C:\Windows\SysWOW64\Taskmgr.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to enumerate / list files inside a directory

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_00956BD3 FindFirstFileExA,

1_2_00956BD3

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Source: Taskmgr.exe, 00000004.00000002.567441526.0000000007406000.00000004.00000001.sdmp	Binary or memory string: List Size5340Nested TLB Trimmed Pages/sec5342I/O TLB Flushes Base5344Hyper-V Hypervisor Root Virtual Processor5346Total Run Time5348Hypervisor Run Time5350Remote Node Run Time5352Normalized Run Time5354Hypercalls/sec5356Hypercalls Cost5358Page Invalidations/sec5360Page Invalidations Cost5362Control Register Accesses/sec5364Control Register Accesses Cost5366IO Instructions/sec5368IO Instructions Cost5370HLT Instructions/sec5372HLT Instructions Cost5374MWAIT Instructions/sec5376MWAIT Instructions Cost5378CPUID Instructions/sec5380CPUID Instru\
Source: Taskmgr.exe, 00000004.00000002.567316572.00000000073D7000.00000004.00000001.sdmp	Binary or memory string: THyper-V Hypervisor Root Virtual Processore9k
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp	Binary or memory string: 2Hyper-V Heartbeat Service
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Dynamic Memory Integration Service
Source: Taskmgr.exe, 00000004.00000002.567257908.00000000073C0000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Hypervisor Root Virtual Processor
Source: Taskmgr.exe, 00000004.00000003.313490984.000000000730F000.00000004.00000001.sdmp	Binary or memory string: Hyper-V egkkviooopqneqx Bus Provider PipesG
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp	Binary or memory string: >Hyper-V Guest Service Interface
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp	Binary or memory string: JHyper-V Hypervisor Logical Processor
Source: Taskmgr.exe, 00000004.00000002.563856555.0000000000C3E000.00000004.00000020.sdmp	Binary or memory string: sWDHyper-V Hypervisor Root Partition
Source: Taskmgr.exe, 00000004.00000002.563856555.0000000000C3E000.00000004.00000020.sdmp	Binary or memory string: DHyper-V Hypervisor Root Partition
Source: Taskmgr.exe, 00000004.00000002.567257908.00000000073C0000.00000004.00000001.sdmp	Binary or memory string: &Hyper-V Hypervisor
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp	Binary or memory string: :Hyper-V Data Exchange Service
Source: Taskmgr.exe, 00000004.00000002.567257908.00000000073C0000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Dynamic Memory Integration Servicehk
Source: Taskmgr.exe, 00000004.00000002.563856555.0000000000C3E000.00000004.00000020.sdmp	Binary or memory string: DHyper-V Virtual Machine Bus Pipes
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp	Binary or memory string: BHyper-V PowerShell Direct Service
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp	Binary or memory string: Hyper-V egkkviooopqneqx Bus Pipes
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp	Binary or memory string: <Hyper-V Guest Shutdown Service
Source: Taskmgr.exe, 00000004.00000002.567257908.00000000073C0000.00000004.00000001.sdmp	Binary or memory string: &Hyper-V Hypervisor
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp	Binary or memory string: Hyper-V egkkviooopqneqx Bus"
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp	Binary or memory string: vmicheartbeatF
Source: Taskmgr.exe, 00000004.00000002.564013517.0000000000CE6000.00000004.00000020.sdmp	Binary or memory string: AlDHyper-V Virtual Machine Bus Pipesk
Source: Taskmgr.exe, 00000004.00000002.567316572.00000000073D7000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Hypervisor Root Partition
Source: Taskmgr.exe, 00000004.00000002.567316572.00000000073D7000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Dynamic Memory Integration Servicen
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp	Binary or memory string: VHyper-V Dynamic Memory Integration Service
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp	Binary or memory string: VHyper-V Dynamic Memory Integration Service
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp	Binary or memory string: VHyper-V Virtual Machine Bus Provider Pipes*6
Source: Taskmgr.exe, 00000004.00000002.567316572.00000000073D7000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Virtual Machine Bus Pipesh'r
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp	Binary or memory string: HHyper-V Time Synchronization Service
Source: Taskmgr.exe, 00000004.00000002.567441526.0000000007406000.00000004.00000001.sdmp	Binary or memory string: on7240Avg. Destage Queue Length7242Destage Optimized Operations/sec7244Destage Evicts/sec7246Avg. Destage Evicts/Operation7248Destage Evict Bytes/sec7250Avg. Destage Bytes/Evict7252Avg. Destage Evict Bytes/Operation7254Destage Transfers/sec7256Avg. Destage Transfers/Operation7258Avg. Destage Transfers/Evict7260Destage Transfer Bytes/sec7262Avg. Destage Bytes/Transfer7264Avg. Destage Transfer Bytes/Operation7266Bytes Cached7268Bytes Reserved7270Bytes Reclaimable7272Bytes Used7274Cache Size7276Cache Writes7278Cache Overwrites7280Cache Evicts7282Destage Operations7284Destage Evicts7286Destage Transfers7174Storage Spaces Tier7176Tier Reads/sec7178Avg. Tier sec/Read7180Avg. Tier Read Queue Length7182Tier Read Bytes/sec7184Avg. Tier Bytes/Read7186Tier Writes/sec7188Avg. Tier sec/Write7190Avg. Tier Write Queue Length7192Tier Write Bytes/sec7194Avg. Tier Bytes/Write7196Current Tier Queue Length7198Tier Transfers/sec7200Avg. Tier sec/Transfer7202Avg. Tier Queue Length7204Tier Transfer Bytes/sec7206Avg. Tier Bytes/Transfer7208Tier Reads7210Tier Writes7212Tier Transfers4724ReFS4726Bytes Cached4728Cache Size4730Cache Allocated4732Cache In Error4734Cache Allocation Unit Size4736Transactions Outstanding4738Max Transactions Outstanding4740Cache Lines Free4742Cache Lines In Error4744Cache Hits/sec4746Cache Misses/sec4748Cache Allocations/sec4750Cache Invalidations/sec4752Cache Populations/sec4754Cache Write Through Updates/sec4756Bytes Read from Cache/sec4758Bytes Read Missing Cache/sec4760Cache Invalidations in Bytes/sec4762Cache Populations Bytes/sec4764Cache Write Through Updates Bytes/sec4766Memory Used4768Cache Metadata Written Bytes/sec4770Speculative Bytes Read to Cache/sec4772Total Allocations/sec4774Data In Place Writes/sec4776Metadata Allocations Fast Tier/sec4778Metadata Allocations Slow Tier/sec4780Data Allocations Fast Tier/sec4782Data Allocations Slow Tier/sec4784Container Destages From Slow Tier/sec4786Container Destages From Fast Tier/sec4788Slow tier data destage criteria percentage4790Fast tier data destage criteria percentage4792Slow tier destage read latency (100 ns)4796Slow tier destage write latency (100 ns)4800Fast tier destage read latency (100 ns)4804Fast tier destage write latency (100 ns)4808Slow Tier Destaged Container Fill Ratio (%)4812Fast Tier Destaged Container Fill Ratio (%)4816Tree update latency (100 ns)4820Checkpoint latency (100 ns)4824Tree updates/sec4826Checkpoints/sec4828Log writes/sec4830Slow tier metadata destage criteria percentage4832Fast tier metadata destage criteria percentage4834Log fill percentage4836Trim latency (100 ns)4840Data Compactions/sec4842Compaction read latency (100 ns)4846Compaction write latency (100 ns)4682Hyper-V Virtual Machine Bus Pipes4684Reads/sec4686Writes/sec4688Bytes Read/sec4690Bytes Written/sec8498SMB Direct Connection8500Stalls (Send Credit)/sec8502Stalls (Send Queue)/sec8504Stalls (RDMA Registrations)/sec8506Sends/sec8508Remote Invalidations/sec8510Memory Regions8512Bytes Received/sec8514
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp	Binary or memory string: vmicshutdown
Source: Taskmgr.exe, 00000004.00000003.313422499.00000000072C0000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Hypervisor Logical ProcessorI[0
Source: Taskmgr.exe, 00000004.00000003.310266340.0000000007455000.00000004.00000001.sdmp	Binary or memory string: 8258RemoteFX Synth3D VSC VM Transport Channel8260Number of space available signals received8262Number of space available signals received per second8264Number of data available signals received8266Number of data available signals received per second8268Number of space available signals sent8270Number of space available signals sent per second8272Number of data available signals sent8274Number of data available signals sent per second8276Number of data available event was reset8278Number of data available event was reset per second8280Number of space available event was reset8282Number of space available event was reset per second8244RemoteFX Synth3D VSC VM Device8246Number of created VMT channels8248Number of waiting VMT channels8250Number of connected VMT channels8252Number of disconnected VMT channels8254Total number of created VMT channels8256Number of RDVGM restarted notifications7320WorkflowServiceHost 4.0.0.07322Workflows Created7324Workflows Created Per Second7326Workflows Executing7328Workflows Completed7330Workflows Completed Per Second7332Workflows Aborted7334Workflows Aborted Per Second7336Workflows In Memory7338Workflows Persisted7340Workflows Persisted Per Second7342Workflows Terminated7344Workflows Terminated Per Second7346Workflows Loaded7348Workflows Loaded Per Second7350Workflows Unloaded7352Workflows Unloaded Per Second7354Workflows Suspended7356Workflows Suspended Per Second7358Workflows Idle Per Second7360Average Workflow Load Time7362Average Workflow Load Time Base7364Average Workflow Persist Time7366Average Workflow Persist Time Base8154Terminal Services8156Active Sessions8158Inactive Sessions8160Total Sessions5200Hyper-V Hypervisor Logical Processor5202Global Time5204Total Run Time5206Hypervisor Run Time5208Hardware Interrupts/sec5210Context Switches/sec5212Inter-Processor Interrupts/sec5214Scheduler Interrupts/sec5216Timer Interrupts/sec5218Inter-Processor Interrupts Sent/sec5220Processor Halts/sec5222Monitor Transition Cost5224Context Switch Time5226C1 Transitions/sec5228% C1 Time5230C2 Transitions/sec5232% C2 Time5234C3 Transitions/sec5236% C3 Time5238Frequency5240% of Max Frequency5242Parking Status5244Processor State Flags5246Root Vp Index5248Idle Sequence Number5250Global TSC Count5252Active TSC Count5254Idle Accumulation5256Reference Cycle Count 05258Actual Cycle Count 05260Reference Cycle Count 15262Actual Cycle Count 15264Proximity Domain Id5266Posted Interrupt Notifications/sec5268Guest Run Time5270Idle Time5272% Total Run Time5274% Hypervisor Run Time5276% Guest Run Time5278% Idle Time5280Total Interrupts/sec5182Hyper-V Hypervisor5184Logical Processors5186Partitions5188Total Pages5190Virtual Processors5192Monitored Notifications5194Modern Standby Entries5196Platform Idle Transitions5198HypervisorStartupCost5282Hyper-V Hypervisor Root Partition5284Virtual Processors5286Virtual TLB Pages5288Address Spaces5290Deposited Pages5292GPA Pages5294GPA Space Modifications/sec5296Virtual TLB Flush Entires/sec5298Recommended
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp	Binary or memory string: JHyper-V Hypervisor Logical Processor
Source: Taskmgr.exe, 00000004.00000002.563856555.0000000000C3E000.00000004.00000020.sdmp	Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}3+}
Source: Taskmgr.exe, 00000004.00000002.567316572.00000000073D7000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Virtual Machine Bus Provider Pipes
Source: Taskmgr.exe, 00000004.00000002.567316572.00000000073D7000.00000004.00000001.sdmp	Binary or memory string: THyper-V Hypervisor Root Virtual Processor>
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp	Binary or memory string: HHyper-V Volume Shadow Copy Requestor6
Source: Taskmgr.exe, 00000004.00000002.567257908.00000000073C0000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Virtual Machine Bus Pipes&
Source: Taskmgr.exe, 00000004.00000002.567257908.00000000073C0000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Hypervisor Logical Processor
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp	Binary or memory string: vmicvss!
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp	Binary or memory string: ZHyper-V Remote Desktop Virtualization ServiceI
Source: Taskmgr.exe, 00000004.00000003.313422499.00000000072C0000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Hypervisor
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp	Binary or memory string: VHyper-V Virtual Machine Bus Provider Pipes

Anti Debugging:

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_00941335 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

1_2_00941335

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_00919230 GetModuleHandleA,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,

1_2_00919230

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_008F2840 GetProcessHeap,__Init_thread_footer,__Init_thread_footer,

1_2_008F2840

Enables debug privileges

Source: C:\Windows\SysWOW64\Taskmgr.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug			Jump to behavior

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_0094B7A3 mov eax, dword ptr fs:[00000030h]

1_2_0094B7A3

Contains functionality to register its own exception handler

Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00939ADB SetUnhandledExceptionFilter,		1_2_00939ADB
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0093927A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		1_2_0093927A
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00941335 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		1_2_00941335
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0093998D IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		1_2_0093998D

HIPS / PFW / Operating System Protection Evasion:

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_008F70E0 GetStockObject,GetClientRect,InitCommonControlsEx,BeginPaint,CreateWindowExW,SendMessageW,SendMessageW,CreateWindowExW,SendMessageW,ShowWindow,CreateWindowExW,CreateWindowExW,ShowWindow,GetSystemMenu,EnableMenuItem,SetTimer,SetTimer,SetTimer,BeginPaint,SetBkMode,SetTextColor,CreateFontW,SelectObject,SetBkColor,TextOutA,TextOutA,CreateFontW,SelectObject,TextOutA,CreateFontW,SelectObject,TextOutA,TextOutA,TextOutA,TextOutA,TextOutA,TextOutA,TextOutA,SetBkMode,SetTextColor,CreateFontW,SelectObject,SetBkColor,SetTextColor,TextOutA,EndPaint,GetClientRect,SetBkColor,ExtTextOutW,SetBkMode,GetKeyState,GetKeyState,GetKeyState,DefWindowProcW,ShellExecuteW,PostMessageW,PostQuitMessage,GetWindowTextLengthW,GetWindowTextW,MessageBoxW,ShellExecuteW,PostMessageW,PostQuitMessage,SetWindowTextW,MessageBoxW,ShellExecuteW,PostMessageW,PostQuitMessage,MessageBoxW,MessageBoxW,SetWindowPos,SetWindowTextW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,PlaySoundW,MessageBoxA,SetWindowTextW,SetWindowTextW,SetWindowTextW,GetWindowTextLengthW,GetWindowTextW,ShowWindow,ShowWindow,ShowWindow,ShowWindow,ShowWindow,RedrawWindow,PlaySoundW,MessageBoxW,ShowWindow,RedrawWindow,PlaySoundW,SetWindowTextW,ShowWindow,ShowWindow,ShowWindow,ShowWindow,RedrawWindow,PlaySoundW,MessageBoxA,PlaySoundW,MessageBoxA,

1_2_008F70E0

Uses taskkill to terminate processes

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM explorer.exe -f

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\cross2007.exe	Process created: C:\Windows\SysWOW64\Taskmgr.exe 'C:\Windows\System32\Taskmgr.exe'			Jump to behavior
Source: C:\Users\user\Desktop\cross2007.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /IM explorer.exe -f			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM explorer.exe -f			Jump to behavior

May try to detect the Windows Explorer process (often used for injection)

Source: cross2007.exe, 00000001.00000002.564479983.0000000001D30000.00000002.00020000.sdmp, Taskmgr.exe, 00000004.00000002.565533331.00000000034D0000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: cross2007.exe, 00000001.00000002.564479983.0000000001D30000.00000002.00020000.sdmp, Taskmgr.exe, 00000004.00000002.565533331.00000000034D0000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\Taskmgr.exe	Queries volume information: C:\ProgramData\Microsoft\User Account Pictures\user.png VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Assets\Icons\custom-Cortana\AppListIcon.scale-100.png VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.22055.0_x64__8wekyb3d8bbwe\HxTsr.exe VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-200.png VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Images\SmallLogo.scale-100.png VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Images\SmallLogo.scale-100.png VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Images\SmallLogo.scale-100.png VolumeInformation			Jump to behavior

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\cross2007.exe	Code function: GetLocaleInfoW,		1_2_0095236F
Source: C:\Users\user\Desktop\cross2007.exe	Code function: IsValidCodePage,GetLocaleInfoW,		1_2_0095854D
Source: C:\Users\user\Desktop\cross2007.exe	Code function: EnumSystemLocalesW,		1_2_009587C5
Source: C:\Users\user\Desktop\cross2007.exe	Code function: EnumSystemLocalesW,		1_2_009588AB
Source: C:\Users\user\Desktop\cross2007.exe	Code function: EnumSystemLocalesW,		1_2_00958810
Source: C:\Users\user\Desktop\cross2007.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,		1_2_00958938
Source: C:\Users\user\Desktop\cross2007.exe	Code function: GetLocaleInfoW,		1_2_00958B88
Source: C:\Users\user\Desktop\cross2007.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,		1_2_00958CB1
Source: C:\Users\user\Desktop\cross2007.exe	Code function: GetLocaleInfoW,		1_2_00958DB8
Source: C:\Users\user\Desktop\cross2007.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,		1_2_00958E88
Source: C:\Users\user\Desktop\cross2007.exe	Code function: EnumSystemLocalesW,		1_2_00951EA5

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_00939BEB cpuid

1_2_00939BEB

Contains functionality to query local / system time

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_009523D9 GetSystemTimeAsFileTime,

1_2_009523D9

Contains functionality to query windows version

Source: C:\Users\user\Desktop\cross2007.exe

Code function: 1_2_008F6BC0 GetVersionExW,NetWkstaGetInfo,NetApiBufferFree,VerSetConditionMask,VerifyVersionInfoW,GetModuleHandleW,GetProcAddress,

1_2_008F6BC0

Lowering of HIPS / PFW / Operating System Security Settings:

AV process strings found (often used to terminate AV products)

Source: Taskmgr.exe, 00000004.00000002.567441526.0000000007406000.00000004.00000001.sdmp	Binary or memory string: \\192.168.2.1\all\procexp.exe
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp	Binary or memory string: "c:\users\user\desktop\procexp.exe

Remote Access Functionality:

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0092A1D0 bind,WSAGetLastError,		1_2_0092A1D0
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_0090E2F0 htons,htons,htons,bind,htons,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,		1_2_0090E2F0
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_008F1A10 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,		1_2_008F1A10
Source: C:\Users\user\Desktop\cross2007.exe	Code function: 1_2_00926B30 _strncpy,getsockname,WSAGetLastError,WSAGetLastError,htons,bind,WSAGetLastError,getsockname,WSAGetLastError,getsockname,WSAGetLastError,listen,WSAGetLastError,htons,htons,		1_2_00926B30