Windows Analysis Report cross2007.exe

Overview

General Information

Sample Name: cross2007.exe
Analysis ID: 510396
MD5: 2626a621fab10eec02e1c3dc2ab29361
SHA1: 420b54d3d6cfc013c9a55dc6c1ee7148459776f9
SHA256: 33c72f7177a297ca3c396a50c7ad4bb85d20693d8cdc2fbc26b979d1cf0bddd4
Infos:

Most interesting Screenshot:

Detection

Score: 34
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Query firmware table information (likely to detect VMs)
Uses 32bit PE files
Found decision node followed by non-executed suspicious APIs
Queries the volume information (name, serial number etc) of a device
Contains functionality to create an SMB header
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Stores large binary data to the registry
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Enables debug privileges
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Contains functionality to read the PEB
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to launch a program with higher privileges
Contains capabilities to detect virtual machines
Potential key logger detected (key state polling based)
Uses taskkill to terminate processes
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: cross2007.exe ReversingLabs: Detection: 44%
Antivirus / Scanner detection for submitted sample
Source: cross2007.exe Avira: detected

Cryptography:

barindex
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00933AE0 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, 1_2_00933AE0
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00933BD0 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext, 1_2_00933BD0
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0091CC80 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, 1_2_0091CC80
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0091ACB0 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 1_2_0091ACB0
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0091CC20 CryptAcquireContextA,CryptCreateHash, 1_2_0091CC20
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0091CC60 CryptHashData, 1_2_0091CC60

Exploits:

barindex
Contains functionality to create an SMB header
Source: C:\Users\user\Desktop\cross2007.exe Code function: mov dword ptr [ebx+04h], 424D53FFh 1_2_0091E620

Compliance:

barindex
Uses 32bit PE files
Source: cross2007.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: cross2007.exe Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: E:\123\All in Desktop\crown-demo-01-07-2019\cross3\Release\cross3.pdb source: cross2007.exe
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00956BD3 FindFirstFileExA, 1_2_00956BD3

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Source: Traffic Snort IDS: 2029143 ET TROJAN CrownAdPro CnC Activity M1 192.168.2.3:49750 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029285 ET TROJAN CrownAdPro CnC Activity M2 192.168.2.3:49751 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029286 ET TROJAN CrownAdPro CnC Activity M3 192.168.2.3:49752 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029287 ET TROJAN CrownAdPro CnC Activity M4 192.168.2.3:49753 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49754 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49755 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49756 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49757 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49758 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49759 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49760 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49761 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49762 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49763 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49764 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49765 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49766 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49767 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49768 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49769 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49770 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49771 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49772 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49773 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49774 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49775 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49776 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49777 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49778 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49779 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49780 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49781 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49782 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49783 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49784 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49785 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49786 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49788 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49790 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49791 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49792 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49793 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49794 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49795 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49796 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49797 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49798 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49799 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49800 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49801 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49802 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49803 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49804 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49805 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49806 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49807 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49808 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49809 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49810 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49811 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49812 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49813 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49814 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49815 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49816 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49817 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49818 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49819 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49820 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49821 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49822 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49823 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49824 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49825 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49826 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49827 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49828 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49829 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49830 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49831 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49832 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49833 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49834 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49835 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49836 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49837 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49838 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49840 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49841 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49843 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49846 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49850 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49857 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49860 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49862 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49866 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49868 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49871 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49874 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49877 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49878 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49879 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49880 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49881 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49882 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49883 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49884 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49885 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49886 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49887 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49888 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49889 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49891 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49893 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49894 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49895 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49896 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49897 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49898 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49899 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49900 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49901 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49902 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49903 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49904 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49905 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49906 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49907 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49908 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49909 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49910 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49911 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49912 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49913 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49914 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49920 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49921 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49922 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49923 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49924 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49925 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49926 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49927 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49928 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49929 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49930 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49931 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49932 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49933 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49934 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49935 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49936 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49937 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49938 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49939 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49940 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49941 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49943 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49944 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49945 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49946 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49947 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49948 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49949 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49950 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49951 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49952 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49953 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49954 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49955 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49956 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49957 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49958 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49959 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49960 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49961 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49962 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49963 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49964 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49965 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49966 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49967 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49968 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49969 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49970 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49971 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49972 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49973 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49975 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49976 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49977 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49978 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49979 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49980 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49981 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49982 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49983 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49984 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49985 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49986 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49987 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49988 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49989 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49990 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49991 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49992 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49993 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49994 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49995 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49996 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49997 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49998 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:49999 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50000 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50001 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50002 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50003 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50004 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50005 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50006 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50007 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50008 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50009 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50010 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50011 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50012 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50013 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50014 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50015 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50016 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50017 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50018 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50019 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50020 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50021 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50022 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50023 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50024 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50025 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50026 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50027 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50028 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50029 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50030 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50031 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50032 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50033 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50034 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50035 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50036 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50037 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50038 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50039 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50040 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50041 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50042 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50043 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50044 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50045 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50046 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50047 -> 74.208.236.24:80
Source: Traffic Snort IDS: 2029288 ET TROJAN CrownAdPro CnC Activity M5 192.168.2.3:50048 -> 74.208.236.24:80
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /iam//index.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixset.php?ip=84.17.52.45&mcid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixpkey.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixptexts.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /setad.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: cross2007.exe String found in binary or memory: http://prodownload.live/clssem.php?
Source: cross2007.exe String found in binary or memory: http://prodownload.live/clssem.php?Tempexplorer.exe13764675Activation
Source: cross2007.exe String found in binary or memory: http://prodownload.live/cmosem.php?
Source: cross2007.exe String found in binary or memory: http://prodownload.live/cmosem.php?CMD4628913757915128Override
Source: cross2007.exe String found in binary or memory: http://prodownload.live/iam//index.php
Source: cross2007.exe String found in binary or memory: http://prodownload.live/ixlive.php?uid=
Source: cross2007.exe, 00000001.00000003.492157652.000000000171F000.00000004.00000001.sdmp, cross2007.exe, 00000001.00000003.375628930.000000000171F000.00000004.00000001.sdmp, cross2007.exe, 00000001.00000003.494252792.000000000171F000.00000004.00000001.sdmp String found in binary or memory: http://prodownload.live/ixlive.php?uid=1
Source: cross2007.exe, 00000001.00000003.494252792.000000000171F000.00000004.00000001.sdmp String found in binary or memory: http://prodownload.live/ixlive.php?uid=1.
Source: cross2007.exe, 00000001.00000003.390621622.000000000171F000.00000004.00000001.sdmp String found in binary or memory: http://prodownload.live/ixlive.php?uid=1D
Source: cross2007.exe, 00000001.00000003.390621622.000000000171F000.00000004.00000001.sdmp String found in binary or memory: http://prodownload.live/ixlive.php?uid=1h
Source: cross2007.exe, 00000001.00000003.491174205.000000000171F000.00000004.00000001.sdmp String found in binary or memory: http://prodownload.live/ixlive.php?uid=1vh
Source: cross2007.exe String found in binary or memory: http://prodownload.live/ixlive.php?uid=http://prodownload.live/iam//index.php1versionSoftware
Source: cross2007.exe String found in binary or memory: http://prodownload.live/ixpkey.php
Source: cross2007.exe String found in binary or memory: http://prodownload.live/ixptexts.php
Source: cross2007.exe String found in binary or memory: http://prodownload.live/ixset.php?ip=
Source: cross2007.exe String found in binary or memory: http://prodownload.live/ixset.php?ip=http://prodownload.live/ixpkey.phphttp://prodownload.live/setad
Source: cross2007.exe String found in binary or memory: http://prodownload.live/mexdsem.php?
Source: cross2007.exe String found in binary or memory: http://prodownload.live/mexdsem.php?NDSPATHAlertOperating
Source: cross2007.exe String found in binary or memory: http://prodownload.live/msisem.php?
Source: cross2007.exe String found in binary or memory: http://prodownload.live/msisem.php?MasterDEFAULT_GUI_FONTEditOKButtonstring
Source: cross2007.exe String found in binary or memory: http://prodownload.live/setad.php
Source: cross2007.exe String found in binary or memory: http://prodownload.live/supsem.php?
Source: cross2007.exe String found in binary or memory: http://prodownload.live/supsem.php?FastSuporthttp://www.fastsupport.com/59327086LogMeInhttp://secure
Source: Taskmgr.exe, 00000004.00000002.563615190.0000000000890000.00000002.00020000.sdmp String found in binary or memory: http://schemas.microsoft
Source: cross2007.exe String found in binary or memory: http://secure.logmeinrescue.com/Customer/Code.aspx
Source: cross2007.exe String found in binary or memory: http://www.fastsupport.com/
Source: cross2007.exe String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: cross2007.exe String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
Source: unknown DNS traffic detected: queries for: prodownload.live
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0090CF40 recv,WSAGetLastError, 1_2_0090CF40
Source: global traffic HTTP traffic detected: GET /iam//index.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixset.php?ip=84.17.52.45&mcid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixpkey.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixptexts.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /setad.php HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*
Source: global traffic HTTP traffic detected: GET /ixlive.php?uid=1 HTTP/1.1Host: prodownload.liveAccept: */*

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_008F70E0 GetStockObject,GetClientRect,InitCommonControlsEx,BeginPaint,CreateWindowExW,SendMessageW,SendMessageW,CreateWindowExW,SendMessageW,ShowWindow,CreateWindowExW,CreateWindowExW,ShowWindow,GetSystemMenu,EnableMenuItem,SetTimer,SetTimer,SetTimer,BeginPaint,SetBkMode,SetTextColor,CreateFontW,SelectObject,SetBkColor,TextOutA,TextOutA,CreateFontW,SelectObject,TextOutA,CreateFontW,SelectObject,TextOutA,TextOutA,TextOutA,TextOutA,TextOutA,TextOutA,TextOutA,SetBkMode,SetTextColor,CreateFontW,SelectObject,SetBkColor,SetTextColor,TextOutA,EndPaint,GetClientRect,SetBkColor,ExtTextOutW,SetBkMode,GetKeyState,GetKeyState,GetKeyState,DefWindowProcW,ShellExecuteW,PostMessageW,PostQuitMessage,GetWindowTextLengthW,GetWindowTextW,MessageBoxW,ShellExecuteW,PostMessageW,PostQuitMessage,SetWindowTextW,MessageBoxW,ShellExecuteW,PostMessageW,PostQuitMessage,MessageBoxW,MessageBoxW,SetWindowPos,SetWindowTextW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,PlaySoundW,MessageBoxA,SetWindowTextW,SetWindowTextW,SetWindowTextW,GetWindowTextLengthW,GetWindowTextW,ShowWindow,ShowWindow,ShowWindow,ShowWindow,ShowWindow,RedrawWindow,PlaySoundW,MessageBoxW,ShowWindow,RedrawWindow,PlaySoundW,SetWindowTextW,ShowWindow,ShowWindow,ShowWindow,ShowWindow,RedrawWindow,PlaySoundW,MessageBoxA,PlaySoundW,MessageBoxA, 1_2_008F70E0
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00933BD0 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext, 1_2_00933BD0

System Summary:

barindex
Uses 32bit PE files
Source: cross2007.exe Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Detected potential crypto function
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0090C140 1_2_0090C140
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_009400CB 1_2_009400CB
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0093C379 1_2_0093C379
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00917440 1_2_00917440
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00911550 1_2_00911550
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_008FD65C 1_2_008FD65C
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00928660 1_2_00928660
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0093C791 1_2_0093C791
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_009477A0 1_2_009477A0
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0091B7D0 1_2_0091B7D0
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_009598C5 1_2_009598C5
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0091A9C0 1_2_0091A9C0
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00931AA0 1_2_00931AA0
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0093CBC6 1_2_0093CBC6
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0094DB5C 1_2_0094DB5C
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0093BDD0 1_2_0093BDD0
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0093FE9C 1_2_0093FE9C
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00937EB0 1_2_00937EB0
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0093BE7D 1_2_0093BE7D
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00936F90 1_2_00936F90
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0093CFFB 1_2_0093CFFB
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0092CF20 1_2_0092CF20
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\cross2007.exe Code function: String function: 00917220 appears 41 times
Source: C:\Users\user\Desktop\cross2007.exe Code function: String function: 00917E80 appears 36 times
Source: C:\Users\user\Desktop\cross2007.exe Code function: String function: 0090CBB0 appears 295 times
Source: C:\Users\user\Desktop\cross2007.exe Code function: String function: 008FA8E0 appears 36 times
Source: C:\Users\user\Desktop\cross2007.exe Code function: String function: 0090CC90 appears 274 times
Source: C:\Users\user\Desktop\cross2007.exe Code function: String function: 00934150 appears 40 times
Source: C:\Users\user\Desktop\cross2007.exe Code function: String function: 00939B90 appears 55 times
Source: C:\Users\user\Desktop\cross2007.exe Code function: String function: 00917F30 appears 81 times
Source: C:\Users\user\Desktop\cross2007.exe Code function: String function: 0093B291 appears 45 times
Sample file is different than original file name gathered from version info
Source: cross2007.exe, 00000001.00000002.563728854.000000000097D000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameessentials.exe> vs cross2007.exe
Source: cross2007.exe Binary or memory string: OriginalFilenameessentials.exe> vs cross2007.exe
Source: cross2007.exe ReversingLabs: Detection: 44%
Source: cross2007.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\cross2007.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\cross2007.exe 'C:\Users\user\Desktop\cross2007.exe'
Source: C:\Users\user\Desktop\cross2007.exe Process created: C:\Windows\SysWOW64\Taskmgr.exe 'C:\Windows\System32\Taskmgr.exe'
Source: C:\Users\user\Desktop\cross2007.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /IM explorer.exe -f
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM explorer.exe -f
Source: C:\Users\user\Desktop\cross2007.exe Process created: C:\Windows\SysWOW64\Taskmgr.exe 'C:\Windows\System32\Taskmgr.exe' Jump to behavior
Source: C:\Users\user\Desktop\cross2007.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /IM explorer.exe -f Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM explorer.exe -f Jump to behavior
Source: C:\Users\user\Desktop\cross2007.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32 Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "explorer.exe")
Source: C:\Windows\SysWOW64\Taskmgr.exe File created: C:\Users\user\AppData\Local\D3DSCache\3e2651cb230b5698\ Jump to behavior
Source: classification engine Classification label: sus34.evad.winEXE@8/3@264/2
Source: C:\Users\user\Desktop\cross2007.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0091A090 GetLastError,_strncpy,FormatMessageA,_strrchr,_strrchr,GetLastError,SetLastError, 1_2_0091A090
Source: cross2007.exe Joe Sandbox Cloud Basic: Detection: clean Score: 0 Perma Link
Source: C:\Windows\SysWOW64\Taskmgr.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\TM.750ce7b0-e5fd-454f-9fad-2f66513dfa1b
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6676:120:WilError_01
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_008F2600 LoadResource,LockResource,SizeofResource, 1_2_008F2600
Source: C:\Users\user\Desktop\cross2007.exe Command line argument: ArmourStacks 1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe Command line argument: version 1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe Command line argument: uuid 1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe Command line argument: 1500 1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe Command line argument: 500 1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe Command line argument: 1500 1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe Command line argument: 500 1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe Command line argument: 500 1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe Command line argument: 1500 1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe Command line argument: ArmourStacks 1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe Command line argument: taskmgr.exe 1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe Command line argument: Open 1_2_008F6210
Source: C:\Users\user\Desktop\cross2007.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\cross2007.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Window found: window name: SysTabControl32 Jump to behavior
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: C:\Users\user\Desktop\cross2007.exe Automated click: OK
Source: Window Recorder Window detected: More than 3 window changes detected
Source: cross2007.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: cross2007.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: cross2007.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: cross2007.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: cross2007.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: cross2007.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: cross2007.exe Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: cross2007.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: E:\123\All in Desktop\crown-demo-01-07-2019\cross3\Release\cross3.pdb source: cross2007.exe
Source: cross2007.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: cross2007.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: cross2007.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: cross2007.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: cross2007.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation:

barindex
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00939066 push ecx; ret 1_2_00939079
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0093D595 push ecx; iretd 1_2_0093D596
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00939BD6 push ecx; ret 1_2_00939BE9
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00919230 GetModuleHandleA,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA, 1_2_00919230

Hooking and other Techniques for Hiding and Protection:

barindex
Stores large binary data to the registry
Source: C:\Windows\SysWOW64\Taskmgr.exe Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\TaskManager Preferences Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_008FD65C GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 1_2_008FD65C
Source: C:\Users\user\Desktop\cross2007.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Windows\SysWOW64\Taskmgr.exe System information queried: FirmwareTableInformation Jump to behavior
Found decision node followed by non-executed suspicious APIs
Source: C:\Users\user\Desktop\cross2007.exe Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Contains capabilities to detect virtual machines
Source: C:\Windows\SysWOW64\Taskmgr.exe File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00956BD3 FindFirstFileExA, 1_2_00956BD3
Source: Taskmgr.exe, 00000004.00000002.567441526.0000000007406000.00000004.00000001.sdmp Binary or memory string: List Size5340Nested TLB Trimmed Pages/sec5342I/O TLB Flushes Base5344Hyper-V Hypervisor Root Virtual Processor5346Total Run Time5348Hypervisor Run Time5350Remote Node Run Time5352Normalized Run Time5354Hypercalls/sec5356Hypercalls Cost5358Page Invalidations/sec5360Page Invalidations Cost5362Control Register Accesses/sec5364Control Register Accesses Cost5366IO Instructions/sec5368IO Instructions Cost5370HLT Instructions/sec5372HLT Instructions Cost5374MWAIT Instructions/sec5376MWAIT Instructions Cost5378CPUID Instructions/sec5380CPUID Instru\
Source: Taskmgr.exe, 00000004.00000002.567316572.00000000073D7000.00000004.00000001.sdmp Binary or memory string: THyper-V Hypervisor Root Virtual Processore9k
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp Binary or memory string: 2Hyper-V Heartbeat Service
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp Binary or memory string: Hyper-V Dynamic Memory Integration Service
Source: Taskmgr.exe, 00000004.00000002.567257908.00000000073C0000.00000004.00000001.sdmp Binary or memory string: Hyper-V Hypervisor Root Virtual Processor
Source: Taskmgr.exe, 00000004.00000003.313490984.000000000730F000.00000004.00000001.sdmp Binary or memory string: Hyper-V egkkviooopqneqx Bus Provider PipesG
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp Binary or memory string: >Hyper-V Guest Service Interface
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp Binary or memory string: JHyper-V Hypervisor Logical Processor
Source: Taskmgr.exe, 00000004.00000002.563856555.0000000000C3E000.00000004.00000020.sdmp Binary or memory string: sWDHyper-V Hypervisor Root Partition
Source: Taskmgr.exe, 00000004.00000002.563856555.0000000000C3E000.00000004.00000020.sdmp Binary or memory string: DHyper-V Hypervisor Root Partition
Source: Taskmgr.exe, 00000004.00000002.567257908.00000000073C0000.00000004.00000001.sdmp Binary or memory string: &Hyper-V Hypervisor
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp Binary or memory string: :Hyper-V Data Exchange Service
Source: Taskmgr.exe, 00000004.00000002.567257908.00000000073C0000.00000004.00000001.sdmp Binary or memory string: Hyper-V Dynamic Memory Integration Servicehk
Source: Taskmgr.exe, 00000004.00000002.563856555.0000000000C3E000.00000004.00000020.sdmp Binary or memory string: DHyper-V Virtual Machine Bus Pipes
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp Binary or memory string: BHyper-V PowerShell Direct Service
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp Binary or memory string: Hyper-V egkkviooopqneqx Bus Pipes
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp Binary or memory string: <Hyper-V Guest Shutdown Service
Source: Taskmgr.exe, 00000004.00000002.567257908.00000000073C0000.00000004.00000001.sdmp Binary or memory string: &Hyper-V Hypervisor
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp Binary or memory string: Hyper-V egkkviooopqneqx Bus"
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp Binary or memory string: vmicheartbeatF
Source: Taskmgr.exe, 00000004.00000002.564013517.0000000000CE6000.00000004.00000020.sdmp Binary or memory string: AlDHyper-V Virtual Machine Bus Pipesk
Source: Taskmgr.exe, 00000004.00000002.567316572.00000000073D7000.00000004.00000001.sdmp Binary or memory string: Hyper-V Hypervisor Root Partition
Source: Taskmgr.exe, 00000004.00000002.567316572.00000000073D7000.00000004.00000001.sdmp Binary or memory string: Hyper-V Dynamic Memory Integration Servicen
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp Binary or memory string: VHyper-V Dynamic Memory Integration Service
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp Binary or memory string: VHyper-V Dynamic Memory Integration Service
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp Binary or memory string: VHyper-V Virtual Machine Bus Provider Pipes*6
Source: Taskmgr.exe, 00000004.00000002.567316572.00000000073D7000.00000004.00000001.sdmp Binary or memory string: Hyper-V Virtual Machine Bus Pipesh'r
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp Binary or memory string: HHyper-V Time Synchronization Service
Source: Taskmgr.exe, 00000004.00000002.567441526.0000000007406000.00000004.00000001.sdmp Binary or memory string: on7240Avg. Destage Queue Length7242Destage Optimized Operations/sec7244Destage Evicts/sec7246Avg. Destage Evicts/Operation7248Destage Evict Bytes/sec7250Avg. Destage Bytes/Evict7252Avg. Destage Evict Bytes/Operation7254Destage Transfers/sec7256Avg. Destage Transfers/Operation7258Avg. Destage Transfers/Evict7260Destage Transfer Bytes/sec7262Avg. Destage Bytes/Transfer7264Avg. Destage Transfer Bytes/Operation7266Bytes Cached7268Bytes Reserved7270Bytes Reclaimable7272Bytes Used7274Cache Size7276Cache Writes7278Cache Overwrites7280Cache Evicts7282Destage Operations7284Destage Evicts7286Destage Transfers7174Storage Spaces Tier7176Tier Reads/sec7178Avg. Tier sec/Read7180Avg. Tier Read Queue Length7182Tier Read Bytes/sec7184Avg. Tier Bytes/Read7186Tier Writes/sec7188Avg. Tier sec/Write7190Avg. Tier Write Queue Length7192Tier Write Bytes/sec7194Avg. Tier Bytes/Write7196Current Tier Queue Length7198Tier Transfers/sec7200Avg. Tier sec/Transfer7202Avg. Tier Queue Length7204Tier Transfer Bytes/sec7206Avg. Tier Bytes/Transfer7208Tier Reads7210Tier Writes7212Tier Transfers4724ReFS4726Bytes Cached4728Cache Size4730Cache Allocated4732Cache In Error4734Cache Allocation Unit Size4736Transactions Outstanding4738Max Transactions Outstanding4740Cache Lines Free4742Cache Lines In Error4744Cache Hits/sec4746Cache Misses/sec4748Cache Allocations/sec4750Cache Invalidations/sec4752Cache Populations/sec4754Cache Write Through Updates/sec4756Bytes Read from Cache/sec4758Bytes Read Missing Cache/sec4760Cache Invalidations in Bytes/sec4762Cache Populations Bytes/sec4764Cache Write Through Updates Bytes/sec4766Memory Used4768Cache Metadata Written Bytes/sec4770Speculative Bytes Read to Cache/sec4772Total Allocations/sec4774Data In Place Writes/sec4776Metadata Allocations Fast Tier/sec4778Metadata Allocations Slow Tier/sec4780Data Allocations Fast Tier/sec4782Data Allocations Slow Tier/sec4784Container Destages From Slow Tier/sec4786Container Destages From Fast Tier/sec4788Slow tier data destage criteria percentage4790Fast tier data destage criteria percentage4792Slow tier destage read latency (100 ns)4796Slow tier destage write latency (100 ns)4800Fast tier destage read latency (100 ns)4804Fast tier destage write latency (100 ns)4808Slow Tier Destaged Container Fill Ratio (%)4812Fast Tier Destaged Container Fill Ratio (%)4816Tree update latency (100 ns)4820Checkpoint latency (100 ns)4824Tree updates/sec4826Checkpoints/sec4828Log writes/sec4830Slow tier metadata destage criteria percentage4832Fast tier metadata destage criteria percentage4834Log fill percentage4836Trim latency (100 ns)4840Data Compactions/sec4842Compaction read latency (100 ns)4846Compaction write latency (100 ns)4682Hyper-V Virtual Machine Bus Pipes4684Reads/sec4686Writes/sec4688Bytes Read/sec4690Bytes Written/sec8498SMB Direct Connection8500Stalls (Send Credit)/sec8502Stalls (Send Queue)/sec8504Stalls (RDMA Registrations)/sec8506Sends/sec8508Remote Invalidations/sec8510Memory Regions8512Bytes Received/sec8514
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp Binary or memory string: vmicshutdown
Source: Taskmgr.exe, 00000004.00000003.313422499.00000000072C0000.00000004.00000001.sdmp Binary or memory string: Hyper-V Hypervisor Logical ProcessorI[0
Source: Taskmgr.exe, 00000004.00000003.310266340.0000000007455000.00000004.00000001.sdmp Binary or memory string: 8258RemoteFX Synth3D VSC VM Transport Channel8260Number of space available signals received8262Number of space available signals received per second8264Number of data available signals received8266Number of data available signals received per second8268Number of space available signals sent8270Number of space available signals sent per second8272Number of data available signals sent8274Number of data available signals sent per second8276Number of data available event was reset8278Number of data available event was reset per second8280Number of space available event was reset8282Number of space available event was reset per second8244RemoteFX Synth3D VSC VM Device8246Number of created VMT channels8248Number of waiting VMT channels8250Number of connected VMT channels8252Number of disconnected VMT channels8254Total number of created VMT channels8256Number of RDVGM restarted notifications7320WorkflowServiceHost 4.0.0.07322Workflows Created7324Workflows Created Per Second7326Workflows Executing7328Workflows Completed7330Workflows Completed Per Second7332Workflows Aborted7334Workflows Aborted Per Second7336Workflows In Memory7338Workflows Persisted7340Workflows Persisted Per Second7342Workflows Terminated7344Workflows Terminated Per Second7346Workflows Loaded7348Workflows Loaded Per Second7350Workflows Unloaded7352Workflows Unloaded Per Second7354Workflows Suspended7356Workflows Suspended Per Second7358Workflows Idle Per Second7360Average Workflow Load Time7362Average Workflow Load Time Base7364Average Workflow Persist Time7366Average Workflow Persist Time Base8154Terminal Services8156Active Sessions8158Inactive Sessions8160Total Sessions5200Hyper-V Hypervisor Logical Processor5202Global Time5204Total Run Time5206Hypervisor Run Time5208Hardware Interrupts/sec5210Context Switches/sec5212Inter-Processor Interrupts/sec5214Scheduler Interrupts/sec5216Timer Interrupts/sec5218Inter-Processor Interrupts Sent/sec5220Processor Halts/sec5222Monitor Transition Cost5224Context Switch Time5226C1 Transitions/sec5228% C1 Time5230C2 Transitions/sec5232% C2 Time5234C3 Transitions/sec5236% C3 Time5238Frequency5240% of Max Frequency5242Parking Status5244Processor State Flags5246Root Vp Index5248Idle Sequence Number5250Global TSC Count5252Active TSC Count5254Idle Accumulation5256Reference Cycle Count 05258Actual Cycle Count 05260Reference Cycle Count 15262Actual Cycle Count 15264Proximity Domain Id5266Posted Interrupt Notifications/sec5268Guest Run Time5270Idle Time5272% Total Run Time5274% Hypervisor Run Time5276% Guest Run Time5278% Idle Time5280Total Interrupts/sec5182Hyper-V Hypervisor5184Logical Processors5186Partitions5188Total Pages5190Virtual Processors5192Monitored Notifications5194Modern Standby Entries5196Platform Idle Transitions5198HypervisorStartupCost5282Hyper-V Hypervisor Root Partition5284Virtual Processors5286Virtual TLB Pages5288Address Spaces5290Deposited Pages5292GPA Pages5294GPA Space Modifications/sec5296Virtual TLB Flush Entires/sec5298Recommended
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp Binary or memory string: JHyper-V Hypervisor Logical Processor
Source: Taskmgr.exe, 00000004.00000002.563856555.0000000000C3E000.00000004.00000020.sdmp Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}3+}
Source: Taskmgr.exe, 00000004.00000002.567316572.00000000073D7000.00000004.00000001.sdmp Binary or memory string: Hyper-V Virtual Machine Bus Provider Pipes
Source: Taskmgr.exe, 00000004.00000002.567316572.00000000073D7000.00000004.00000001.sdmp Binary or memory string: THyper-V Hypervisor Root Virtual Processor>
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp Binary or memory string: HHyper-V Volume Shadow Copy Requestor6
Source: Taskmgr.exe, 00000004.00000002.567257908.00000000073C0000.00000004.00000001.sdmp Binary or memory string: Hyper-V Virtual Machine Bus Pipes&
Source: Taskmgr.exe, 00000004.00000002.567257908.00000000073C0000.00000004.00000001.sdmp Binary or memory string: Hyper-V Hypervisor Logical Processor
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp Binary or memory string: vmicvss!
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp Binary or memory string: ZHyper-V Remote Desktop Virtualization ServiceI
Source: Taskmgr.exe, 00000004.00000003.313422499.00000000072C0000.00000004.00000001.sdmp Binary or memory string: Hyper-V Hypervisor
Source: Taskmgr.exe, 00000004.00000002.566992081.000000000735B000.00000004.00000001.sdmp Binary or memory string: VHyper-V Virtual Machine Bus Provider Pipes

Anti Debugging:

barindex
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00941335 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_00941335
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00919230 GetModuleHandleA,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA, 1_2_00919230
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_008F2840 GetProcessHeap,__Init_thread_footer,__Init_thread_footer, 1_2_008F2840
Enables debug privileges
Source: C:\Windows\SysWOW64\Taskmgr.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0094B7A3 mov eax, dword ptr fs:[00000030h] 1_2_0094B7A3
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00939ADB SetUnhandledExceptionFilter, 1_2_00939ADB
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0093927A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_0093927A
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00941335 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_00941335
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0093998D IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_0093998D

HIPS / PFW / Operating System Protection Evasion:

barindex
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_008F70E0 GetStockObject,GetClientRect,InitCommonControlsEx,BeginPaint,CreateWindowExW,SendMessageW,SendMessageW,CreateWindowExW,SendMessageW,ShowWindow,CreateWindowExW,CreateWindowExW,ShowWindow,GetSystemMenu,EnableMenuItem,SetTimer,SetTimer,SetTimer,BeginPaint,SetBkMode,SetTextColor,CreateFontW,SelectObject,SetBkColor,TextOutA,TextOutA,CreateFontW,SelectObject,TextOutA,CreateFontW,SelectObject,TextOutA,TextOutA,TextOutA,TextOutA,TextOutA,TextOutA,TextOutA,SetBkMode,SetTextColor,CreateFontW,SelectObject,SetBkColor,SetTextColor,TextOutA,EndPaint,GetClientRect,SetBkColor,ExtTextOutW,SetBkMode,GetKeyState,GetKeyState,GetKeyState,DefWindowProcW,ShellExecuteW,PostMessageW,PostQuitMessage,GetWindowTextLengthW,GetWindowTextW,MessageBoxW,ShellExecuteW,PostMessageW,PostQuitMessage,SetWindowTextW,MessageBoxW,ShellExecuteW,PostMessageW,PostQuitMessage,MessageBoxW,MessageBoxW,SetWindowPos,SetWindowTextW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,MessageBoxW,SetWindowPos,SetWindowTextW,ShellExecuteW,PlaySoundW,MessageBoxA,SetWindowTextW,SetWindowTextW,SetWindowTextW,GetWindowTextLengthW,GetWindowTextW,ShowWindow,ShowWindow,ShowWindow,ShowWindow,ShowWindow,RedrawWindow,PlaySoundW,MessageBoxW,ShowWindow,RedrawWindow,PlaySoundW,SetWindowTextW,ShowWindow,ShowWindow,ShowWindow,ShowWindow,RedrawWindow,PlaySoundW,MessageBoxA,PlaySoundW,MessageBoxA, 1_2_008F70E0
Uses taskkill to terminate processes
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM explorer.exe -f Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\cross2007.exe Process created: C:\Windows\SysWOW64\Taskmgr.exe 'C:\Windows\System32\Taskmgr.exe' Jump to behavior
Source: C:\Users\user\Desktop\cross2007.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /IM explorer.exe -f Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /IM explorer.exe -f Jump to behavior
Source: cross2007.exe, 00000001.00000002.564479983.0000000001D30000.00000002.00020000.sdmp, Taskmgr.exe, 00000004.00000002.565533331.00000000034D0000.00000002.00020000.sdmp Binary or memory string: Progman
Source: cross2007.exe, 00000001.00000002.564479983.0000000001D30000.00000002.00020000.sdmp, Taskmgr.exe, 00000004.00000002.565533331.00000000034D0000.00000002.00020000.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\Taskmgr.exe Queries volume information: C:\ProgramData\Microsoft\User Account Pictures\user.png VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Queries volume information: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Assets\Icons\custom-Cortana\AppListIcon.scale-100.png VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.22055.0_x64__8wekyb3d8bbwe\HxTsr.exe VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Queries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-200.png VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Images\SmallLogo.scale-100.png VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Images\SmallLogo.scale-100.png VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\Taskmgr.exe Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Images\SmallLogo.scale-100.png VolumeInformation Jump to behavior
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\cross2007.exe Code function: GetLocaleInfoW, 1_2_0095236F
Source: C:\Users\user\Desktop\cross2007.exe Code function: IsValidCodePage,GetLocaleInfoW, 1_2_0095854D
Source: C:\Users\user\Desktop\cross2007.exe Code function: EnumSystemLocalesW, 1_2_009587C5
Source: C:\Users\user\Desktop\cross2007.exe Code function: EnumSystemLocalesW, 1_2_009588AB
Source: C:\Users\user\Desktop\cross2007.exe Code function: EnumSystemLocalesW, 1_2_00958810
Source: C:\Users\user\Desktop\cross2007.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 1_2_00958938
Source: C:\Users\user\Desktop\cross2007.exe Code function: GetLocaleInfoW, 1_2_00958B88
Source: C:\Users\user\Desktop\cross2007.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 1_2_00958CB1
Source: C:\Users\user\Desktop\cross2007.exe Code function: GetLocaleInfoW, 1_2_00958DB8
Source: C:\Users\user\Desktop\cross2007.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 1_2_00958E88
Source: C:\Users\user\Desktop\cross2007.exe Code function: EnumSystemLocalesW, 1_2_00951EA5
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00939BEB cpuid 1_2_00939BEB
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_009523D9 GetSystemTimeAsFileTime, 1_2_009523D9
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_008F6BC0 GetVersionExW,NetWkstaGetInfo,NetApiBufferFree,VerSetConditionMask,VerifyVersionInfoW,GetModuleHandleW,GetProcAddress, 1_2_008F6BC0

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
AV process strings found (often used to terminate AV products)
Source: Taskmgr.exe, 00000004.00000002.567441526.0000000007406000.00000004.00000001.sdmp Binary or memory string: \\192.168.2.1\all\procexp.exe
Source: Taskmgr.exe, 00000004.00000002.567989106.0000000007502000.00000004.00000001.sdmp Binary or memory string: "c:\users\user\desktop\procexp.exe

Remote Access Functionality:

barindex
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0092A1D0 bind,WSAGetLastError, 1_2_0092A1D0
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_0090E2F0 htons,htons,htons,bind,htons,htons,bind,getsockname,WSAGetLastError,WSAGetLastError, 1_2_0090E2F0
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_008F1A10 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ, 1_2_008F1A10
Source: C:\Users\user\Desktop\cross2007.exe Code function: 1_2_00926B30 _strncpy,getsockname,WSAGetLastError,WSAGetLastError,htons,bind,WSAGetLastError,getsockname,WSAGetLastError,getsockname,WSAGetLastError,listen,WSAGetLastError,htons,htons, 1_2_00926B30