Windows Analysis Report 61b85f75e6a7c.dll
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"RSA Public Key": "B+xl4hUTn5rXiL0afazu2ddSc/ECZk5wqODKe0fS2KdIXHYzLOi+LPPP1HVzyCQFE2ZPog7imXfWyeJPGgVZO8mmh7g0OCbF0hBgHX6wj0qY1fBDcQxYjLnhuuJTPFt0voqEKHGGIgbiz86prZpdJls6h0dECkyqCOUP77xD4bHwJFYwmMp7govarzlBsbdorQ4qNFnd4O2rK1GEuQisAwdMkb4j9MqHf7vkHewrh1BGBeNcr85NjoxXAnfZDuX+M7b1dWoszYHJF1rgWzk4yz7fc+7Q4leAIr2PkWbTRuRpOe4P6Ok01hKGTLORQhRgWw6Mv2aRFMimHgiQWhhaHetICEhMcBl5C0yxhZCOhu4=", "c2_domain": ["microsoft.com/windowsdisabler", "windows.update3.com", "berukoneru.website", "gerukoneru.website", "fortunarah.com"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
GoziRule | Win32.Gozi | CCN-CERT |
| |
Click to see the 71 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: MSHTA Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag: |
Sigma detected: Suspicious Call by Ordinal | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Mshta Spawning Windows Shell | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Suspicious Csc.exe Source File Folder | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Non Interactive PowerShell | Show sources |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Sigma detected: T1086 PowerShell Execution | Show sources |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Networking: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Network Connect: | ||
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Network Connect: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
PE file has a writeable .text section | Show sources |
Source: | Static PE information: |
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | File created: |
Source: | File created: |
Source: | Classification label: |
Source: | File read: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Code function: |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Window detected: |
Source: | File opened: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Hooks registry keys query functions (used to hide registry keys) | Show sources |
Source: | IAT, EAT, inline or SSDT hook detected: |
Modifies the prolog of user mode functions (user mode inline hooks) | Show sources |
Source: | User mode code has changed: |
Modifies the export address table of user mode modules (user mode EAT hooks) | Show sources |
Source: | IAT of a user mode module has changed: |
Modifies the import address table of user mode modules (user mode IAT hooks) | Show sources |
Source: | EAT of a user mode module has changed: |
Source: | Registry key monitored for changes: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Thread sleep count: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: |
Source: | Process information queried: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Code function: |
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Process queried: | ||
Source: | Process queried: | ||
Source: | Process queried: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Network Connect: | ||
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Network Connect: |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: |
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | ||
Source: | Memory allocated: | ||
Source: | Memory allocated: |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: | ||
Source: | Thread register set: | ||
Source: | Thread register set: | ||
Source: | Thread register set: | ||
Source: | Thread register set: | ||
Source: | Thread register set: | ||
Source: | Thread register set: | ||
Source: | Thread register set: |
Creates a thread in another existing process (thread injection) | Show sources |
Source: | Thread created: | ||
Source: | Thread created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Code function: |
Source: | Key value queried: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts1 | Windows Management Instrumentation2 | DLL Side-Loading1 | DLL Side-Loading1 | Obfuscated Files or Information1 | Credential API Hooking3 | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Valid Accounts1 | Valid Accounts1 | DLL Side-Loading1 | LSASS Memory | Account Discovery1 | Remote Desktop Protocol | Email Collection1 | Exfiltration Over Bluetooth | Encrypted Channel11 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Command and Scripting Interpreter1 | Logon Script (Windows) | Access Token Manipulation1 | Rootkit4 | Security Account Manager | File and Directory Discovery3 | SMB/Windows Admin Shares | Credential API Hooking3 | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Process Injection613 | Masquerading1 | NTDS | System Information Discovery25 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol13 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Valid Accounts1 | LSA Secrets | Query Registry1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Access Token Manipulation1 | Cached Domain Credentials | Security Software Discovery11 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Virtualization/Sandbox Evasion31 | DCSync | Virtualization/Sandbox Evasion31 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Process Injection613 | Proc Filesystem | Process Discovery3 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Regsvr321 | /etc/passwd and /etc/shadow | Application Window Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Rundll321 | Network Sniffing | System Owner/User Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | Remote System Discovery1 | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | 3.12.124.139 | true | false | high | |
berukoneru.website | 79.110.52.144 | true | true | unknown | |
1.0.0.127.in-addr.arpa | unknown | unknown | true |
| unknown |
windows.update3.com | unknown | unknown | true |
| unknown |
8.8.8.8.in-addr.arpa | unknown | unknown | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
3.20.161.64 | unknown | United States | 16509 | AMAZON-02US | true | |
79.110.52.144 | berukoneru.website | Romania | 60233 | V4ESCROW-ASRO | true | |
18.219.227.107 | unknown | United States | 16509 | AMAZON-02US | true | |
3.12.124.139 | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | United States | 16509 | AMAZON-02US | false |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 539453 |
Start date: | 14.12.2021 |
Start time: | 10:19:18 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 15m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | 61b85f75e6a7c.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 50 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winDLL@59/52@18/5 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
10:21:03 | API Interceptor | |
10:21:17 | API Interceptor | |
10:21:18 | API Interceptor | |
10:21:53 | API Interceptor | |
10:22:40 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:Axoe5FpOMxoe5Pib4GVsm5emdKVFn3eGOVpN6K3bkkjo5HgkjDt4iWN3yBGHh9sO:6fib4GGVoGIpN6KQkj2Akjh4iUxs14fr |
MD5: | 1F1446CE05A385817C3EF20CBD8B6E6A |
SHA1: | 1E4B1EE5EFCA361C9FB5DC286DD7A99DEA31F33D |
SHA-256: | 2BCEC12B7B67668569124FED0E0CEF2C1505B742F7AE2CF86C8544D07D59F2CE |
SHA-512: | 252AD962C0E8023419D756A11F0DDF2622F71CBC9DAE31DC14D9C400607DF43030E90BCFBF2EE9B89782CC952E8FB2DADD7BDBBA3D31E33DA5A589A76B87C514 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 64 |
Entropy (8bit): | 0.9260988789684415 |
Encrypted: | false |
SSDEEP: | 3:Nlllulb/lj:NllUb/l |
MD5: | 13AF6BE1CB30E2FB779EA728EE0A6D67 |
SHA1: | F33581AC2C60B1F02C978D14DC220DCE57CC9562 |
SHA-256: | 168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F |
SHA-512: | 1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1336 |
Entropy (8bit): | 3.991876287469523 |
Encrypted: | false |
SSDEEP: | 24:H2Fm9maDAqOaHqhKdNwI+ycuZhNlwakS61PNnq9Sd:BrgKdm1ullwa36vq9C |
MD5: | A924A25BC2BFFD71BC939EE54BBDC7B7 |
SHA1: | 19DB2BED2D6CE6E28D719DD588403D58201EEBF6 |
SHA-256: | FB087178177FE988DD91FCCA1ED2F9F93313FACF5E43039076D2EA101B76E2C8 |
SHA-512: | 5CBC29FCA7E9B287A6FD143376DA20A140132D0D7BFF644EDBFE7FB0360E8315F7753704005B4BA5F9C0EC5836DD0E608A796E74E40DCDDE5CF77554AF2AE937 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1332 |
Entropy (8bit): | 3.9787663301438485 |
Encrypted: | false |
SSDEEP: | 24:HvMzW9n+arP1p11aHxUhhKdNwI+ycuZhN5akSnPNnq92d:Z7rP9oyvKdm1ul5a31q9G |
MD5: | 7D8E752877E3D05D6EF7FA19F61D1B1B |
SHA1: | 9A737232CA061BFB20872477083A44934CEC3309 |
SHA-256: | 329690906DBAA3C008A62AB1257C741217071A6C8298E7AC3E1FEC040849102C |
SHA-512: | 16620E26157A2FBA00A6494B3F8ECAF5B74F8E2B7D5738B6123FC739E9769F3009C922827B64AB718FD14FDA82B65E69CC8654E2482F48C178A2332F312954C1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1336 |
Entropy (8bit): | 3.9997994300245385 |
Encrypted: | false |
SSDEEP: | 24:HkFm9mayzVaHUMhKdNwI+ycuZhNcakSoPNnq9Sd:PyzI0eKdm1ulca3Qq9C |
MD5: | A7D19B016DD2E87C7F1705B8AF710E8E |
SHA1: | E7051DE14C9A314A4080D70224AD09816268BF02 |
SHA-256: | 016221C08CBD224990582FEE0A8BA0DCA0DF09DDF7FDA02F4599FFA82A2B3952 |
SHA-512: | F5EE0E4E2556DC500CEA21597DC7E4C4E4C937543E019FB6F9BE31CC7DB6F6A8149C6C99C4F4C4930F045360D6C4AA185278F26B9EBD796B2F6E55A919F997FB |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1336 |
Entropy (8bit): | 3.979389767875343 |
Encrypted: | false |
SSDEEP: | 24:HfFm9na7QVQaHVuPYhKdNwI+ycuZhN05akSPOPNnq9Sd:P7QXFKdm1ulua3Kq9C |
MD5: | BBFDDF46C53F13E3CD50C7FB032A9C11 |
SHA1: | 7FD005ACB8E69898681243C45BAEE3E9B07E1A60 |
SHA-256: | 63ED0B7F7A4719A72DA2A424362DBCDDA27BB627AC844AFD13F71080AEE3AE31 |
SHA-512: | 8BFB18E6C91F2341877E8E28745730E4A191E8AFE83DA8ED175932AD2D92E11664E5F96727CEA54BC8AFAA3B36ED40CE338B2686C60C1FFA778CE804C4CD4964 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 395 |
Entropy (8bit): | 5.011724479977666 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZFMRSRa+eNMjSSRrh+SRNdDQaAntHQy:V/DTLDfuHV9eg5rh14aAntwy |
MD5: | B1DA1EF961AA0CE50C236459261D955A |
SHA1: | 99CF19F188248557193608FE42C1CB88FCF234E1 |
SHA-256: | 139659D9C1D794242DE8DEFB1E33C785B3B63A691230874656B2B1AFC9E0B26B |
SHA-512: | 27C4E9D4D1926A87EB5A2CAFD768D80A9D566C5FE9C7EB17F87453698415B30E251816738388C3171519A74B20AB0919C47C04A1E6CF9E1D82547540DF5E1682 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.216630389653668 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fMpo/l0zxs7+AEszIN723fMpo//n:p37Lvkmb6K2aWoCWZETaWoH |
MD5: | F2CAB91D6AE2F982B347805414E2DA2F |
SHA1: | 9134FFA580A5782320E2BECD2E6D13CA5016FE4A |
SHA-256: | E7A0D624F6DA13B73E6397DAAF131CE3B8A843CBF47975D26A1C7C39B1A79DAA |
SHA-512: | B1A982AD547563FD21A51E442BC4CB6A0A5AF5E8F5EA47B23734BC9657366F5E57A198B7EFBA97AACB2F99A751931E1C5446748D178D8DB564F3AEB416ED51B0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 872 |
Entropy (8bit): | 5.3041980760639875 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2aWozETaWoOKaM5DqBVKVrdFAMBJTH:Akka6CfE+yKxDcVKdBJj |
MD5: | 28601DA1A34FA522B7E501CAB2D52D0D |
SHA1: | CE63B8E4F3DACA2C049859BCCFEFE922312E953B |
SHA-256: | 71785F6CACBEA8608EE82CBEF53670305A597D826F6AA6A2BACB13A722378992 |
SHA-512: | 605216610FF268226BED924AE1F648B5733C2D119757CF6FBEB9BD67371D98F5C19C5D34E3CA09E4B4781B97FBE7E6BADF56AB44601B7AC0BC1A472B50881A52 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.074713113011581 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryRrak7Ynqq4EPN5Dlq5J:+RI+ycuZhNvakSBPNnqX |
MD5: | DB7C686DED61FAF08452A0F834AFA8DA |
SHA1: | 58D7DDDA0A4A2DA91E31C497B111902DAC894F1B |
SHA-256: | BEB640592987F9EABFCF681FBA55C2A2A39D87D033E90359DE62F37DEBED2A09 |
SHA-512: | 85B17CC2EB71A6DD7065610726B61666C2A5C075851DE4B39CF2DD85EBBBCE6266BC65452C02AE27FD48C6DAEE72C9F45AA09557EB8B98587E04A821DFD0CE8E |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 395 |
Entropy (8bit): | 5.011724479977666 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZFMRSRa+eNMjSSRrh+SRNdDQaAntHQy:V/DTLDfuHV9eg5rh14aAntwy |
MD5: | B1DA1EF961AA0CE50C236459261D955A |
SHA1: | 99CF19F188248557193608FE42C1CB88FCF234E1 |
SHA-256: | 139659D9C1D794242DE8DEFB1E33C785B3B63A691230874656B2B1AFC9E0B26B |
SHA-512: | 27C4E9D4D1926A87EB5A2CAFD768D80A9D566C5FE9C7EB17F87453698415B30E251816738388C3171519A74B20AB0919C47C04A1E6CF9E1D82547540DF5E1682 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.158352377882466 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fMnzxs7+AEszIN723fM2GAn:p37Lvkmb6K2a0nWZETa02GAn |
MD5: | 572BA0D098BD81AE02A0A8D1820CC54E |
SHA1: | 8CD2D32442EE473F6ABFA6ED6879958BE9F0B644 |
SHA-256: | F93B490D9A53DBF4B286DB3F90D7F1831712992DA4F55AB58A25100DFF70B2BA |
SHA-512: | 2CAC5D0802040E9224834909AEDAF66ABA49A3A0BAF622775FE7478829D86D394724E69C8F529B4BBBD864DA85C3ABAD7424A2304149458487EBAF753BEDC23B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.596786045578255 |
Encrypted: | false |
SSDEEP: | 24:etGSh/W2dg85xyFODuhxpdWXoWtkZf/KK1UKJ+WI+ycuZhNvakSBPNnq:6Mkb5xykIHWEJCMUKl1ulva3zq |
MD5: | 741ADACFC6720E0AF6140AF8DCC349FC |
SHA1: | 6EF662F94911E4B24D4B451C27B92536B8F70A95 |
SHA-256: | 6C26CE931BB1E5E14A72E8EEE8EF3C311B1E4591AB5431716B538AADE4DB8775 |
SHA-512: | 498BFAAF7842A7FD86C0C4B53F8EF17EBC3FDE3E2E5652958FFF540405145F2B29206A66422873D3F17528960F953D931366FBE3D63C7A5BEAA217298F0E6ABF |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.287567169766519 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2a/ETao1KaM5DqBVKVrdFAMBJTH:Akka6C/E+o1KxDcVKdBJj |
MD5: | 8BCCA5B89F2FA310526D310DF8DBCC42 |
SHA1: | FE8909B3FCC426455447E45861D10CC5D5B108FD |
SHA-256: | 1FD4EB9B6D19F65B0ACAAF11A7D722C50CD3D12840694A0673FA3CEA0B03B32D |
SHA-512: | C4368FBF67BB826E5B0DC8C1E5E5AC4171157410A405DCB2C12A989F6DCC20084BB2F827EE9D64F92694A4C907F1A7E1F3EC4E40075883B2C6D00270BBB8CA89 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 395 |
Entropy (8bit): | 5.011724479977666 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZFMRSRa+eNMjSSRrh+SRNdDQaAntHQy:V/DTLDfuHV9eg5rh14aAntwy |
MD5: | B1DA1EF961AA0CE50C236459261D955A |
SHA1: | 99CF19F188248557193608FE42C1CB88FCF234E1 |
SHA-256: | 139659D9C1D794242DE8DEFB1E33C785B3B63A691230874656B2B1AFC9E0B26B |
SHA-512: | 27C4E9D4D1926A87EB5A2CAFD768D80A9D566C5FE9C7EB17F87453698415B30E251816738388C3171519A74B20AB0919C47C04A1E6CF9E1D82547540DF5E1682 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.266859690195427 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fVCTjC7JUzxs7+AEszIN723fVCTjC3:p37Lvkmb6K2aL+WZETan |
MD5: | 4C7D143E2EC6E0CA2EE0893AF138CD54 |
SHA1: | A68CAEF8C25979706DE7913E48AD6587288C035A |
SHA-256: | 94B89A0A848DFF70B8DF7A7D095D81C2DFF9CF65E156246958F1124DB66A4353 |
SHA-512: | 1F303FE5AF50CD7ECBB9741F1FB8185F44DA0719CD6714BA0E8DDD429205128A69E1E72E8C2B5A6CE235B0C950222F7FA7B38855CC464DF887129AB633C94905 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 872 |
Entropy (8bit): | 5.326473552198273 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2aL/ETauKaM5DqBVKVrdFAMBJTH:Akka6CL/E+uKxDcVKdBJj |
MD5: | F82E94D258F3D67B8A490649E0C3D4CD |
SHA1: | FC0ED64AA500019001A82BD2C49D2358386C03C4 |
SHA-256: | 5821291F4341F52EFDB9CFF95808C4651DB8B2B95F511402B7985667167FE7D2 |
SHA-512: | 2B0E9907EA5C1E380D337A14014F53AA49D2BDF6E35A7DA0943DAEDD6DC49FF24AF5618EA713524E55049F62BCA3E7EAE3026BED5AC27A1D9F5FF726C07D83D2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0924949403415782 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryGzak7YnqqLcPN5Dlq5J:+RI+ycuZhNcakSoPNnqX |
MD5: | C2FED3B62C70792CE5FBC51B8104FF58 |
SHA1: | A697EC532E1C75AC63A2D688109BE3A08DEAF138 |
SHA-256: | 8796FC4DF02E92514DFFF15DF891E70F332C9CE5009E2F4F4D9E10CAEA43F321 |
SHA-512: | 7C5D29E3C402DBD40505CE8BD3EA833EF0E67FC029B524466198964097979AC52CC452790F1C503A8674BDE4968FC93A0A652B95A4574A0A0C72A3903262D77B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 414 |
Entropy (8bit): | 5.049516587690195 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJwMRSR7a1f892RV9SRa+rVSSRnA/fsTfaskNDVzy:V/DTLDfuEB92Ru9rV5nA/ETf5EDVzy |
MD5: | 66D77EA7A947B910D56CFB0FC4B85BE6 |
SHA1: | 9D503A2C0DDAEE23A81802CA8444D8B7039ECE6B |
SHA-256: | 66E86036222F5D3B474370BBBA04C4A7DECC42D05D25675846CBA63F16877D8B |
SHA-512: | A53181798E577ABD31EE4063903E62171903B369B4FF26C337CC0108BE8883BEE39000A858FB24E92D13CDB89EF5782AADF06B7BD6807DD2D46458F813EE772B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.225964153941322 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fpvQYOzxs7+AEszIN723fpvQYt9:p37Lvkmb6K2ae9WZETae+9 |
MD5: | E417A790F5ECFFC57E19553220860204 |
SHA1: | BB0C8AD3294335CCC3EBCA484E82CBC3B82212BC |
SHA-256: | 531B60C5D5234C2C2E5D19FC1786C018D6EFCA1EE3A85072C7B57D5DE6B1CA53 |
SHA-512: | 2EDCEC5482641ADF4BF396846A92AED21D928CF60D61B7013190ECAC5C8962123B674EA20B568B227FA2D32AA95494FA887BAF666E45A589E32C41DACE567087 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6323976125718667 |
Encrypted: | false |
SSDEEP: | 24:etGSv8+mUE7R85z7woel/gO4/eiDPtkZfH8eWDZ0WI+ycuZhNcakSoPNnq:69XE7S5gGUiyJH8eAZX1ulca3Qq |
MD5: | 7C00DECE0E6267D12BE7E759F865EBA6 |
SHA1: | 056B3240A7F7F9470CCD40E6C3540B0EAE77D0CC |
SHA-256: | 952644239DF6BE31335F7E1AC3324A4D0E6424ED83296800B78644FC6DF6D5B0 |
SHA-512: | C92B7CA867B544EFEEE1BC7BD1CBB1328873152907DFAFEDA79F9E5B44298974999B1CD61B99D2FD371C8E6D7A50EB0A6B618C536C5ACD656F956208F12366EC |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.310389610172864 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2atETaL4KaM5DqBVKVrdFAMBJTH:Akka6CtE+L4KxDcVKdBJj |
MD5: | 710CC09857DFFC53DC33F785B737101D |
SHA1: | 9CB5D3A127ACB37BAD9420BAB670D51F3AE02B26 |
SHA-256: | 065EC096833AAAD0FF61129A37E9C85A65A1E228F1D520683BEEBE57D5DEFE1F |
SHA-512: | 1BED7D3D136AED086A1D61ABE2036C4850A886DA245BA8C3206E8AF988F85E4A8C2496928178863EF765F87AF472DC0E98BFAC83360C3094C0EB4AAEA3CB5D3B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0921663918005518 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grynwak7Ynqq61PN5Dlq5J:+RI+ycuZhNlwakS61PNnqX |
MD5: | 8D38707C9DA074E8298A09CCEFE267D4 |
SHA1: | 4698BF2772175E64EA531AAF69A1830AB7A62240 |
SHA-256: | E404495A4BA5D32217D87538BD4DB72E0CE80B741CC5318D16F621E1245A1310 |
SHA-512: | EAD5798174C105EBD2FDC5EB87060C65209E35841BF5EE8627CDECF11F2F7A93FE10535B8CCED239987DBB9CCCF757A47378F726947A0E7FE1CD575CA19CBDE3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 414 |
Entropy (8bit): | 5.049516587690195 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJwMRSR7a1f892RV9SRa+rVSSRnA/fsTfaskNDVzy:V/DTLDfuEB92Ru9rV5nA/ETf5EDVzy |
MD5: | 66D77EA7A947B910D56CFB0FC4B85BE6 |
SHA1: | 9D503A2C0DDAEE23A81802CA8444D8B7039ECE6B |
SHA-256: | 66E86036222F5D3B474370BBBA04C4A7DECC42D05D25675846CBA63F16877D8B |
SHA-512: | A53181798E577ABD31EE4063903E62171903B369B4FF26C337CC0108BE8883BEE39000A858FB24E92D13CDB89EF5782AADF06B7BD6807DD2D46458F813EE772B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.173224995113562 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fXWsor0JUzxs7+AEszIN723fXWsorO:p37Lvkmb6K2aP4Q+WZETaP4q |
MD5: | 6BE56DACEFC57A712EA48F043E87C783 |
SHA1: | D0681E001D2DABEF7D2E3993992EFAE42F65B518 |
SHA-256: | 9D8DC9E1EF8194163AD1488C6F630D49868ACCA608929CF85C3D080FB3FDE844 |
SHA-512: | B0685B3E0CBD55C2DBDD7FB40F532CB62207A82FCB5A76D6451936A752200CC2C3CFB250D549A9A10CBE148FB6085D06E689FA4B37BEDFC32FBADE7D3ADD2CDC |
Malicious: | true |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6332356785832784 |
Encrypted: | false |
SSDEEP: | 24:etGSl8+mUE7R85z7woel/gTE4/eiDPtkZfmPENDZ0WI+ycuZhNlwakS61PNnq:67XE7S5gGT6iyJmPiZX1ullwa36vq |
MD5: | F5AA19BA9E19FFD0C554993566FCB9A1 |
SHA1: | 0A6CD2AF2C18AD6717A9F54CE6F1EC9D05DAAAA3 |
SHA-256: | AA37819283565FA6E4FED32DFBD5BC46AFEE33457A0A05229EA1D74C112D7DF3 |
SHA-512: | 5BA356DE7E941FFB7F8A62E93612C01362DEC9A548CABFEE616A004EBC48D055909000D1C1BF0254206B25895D4A111A3204A4EC447B27DC8CFA19B5AC700D88 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.301489549454478 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2apETawKaM5DqBVKVrdFAMBJTH:Akka6CpE+wKxDcVKdBJj |
MD5: | B17FFB955F30A845D8BCF1C881AFD851 |
SHA1: | 13338CBE5E707CF0B7033C997E84A6AD19C18FF9 |
SHA-256: | 9AE5AB954FB134CE28AEC0E5F5F78551A6C27DDD0E2DA686F310B7C8C316F09D |
SHA-512: | E5A107C314E7E311314E36D0E7274F2C95DF94A65B0EFC1150ED7CF5537028918668CDBC9D740C0629AE128E31083C93A7ECCC663E9F13C21BE81D8F4382E681 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0890365915861624 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryH7ak7YnqqC0PN5Dlq5J:+RI+ycuZhN5akSnPNnqX |
MD5: | 30A3097118EDB11AB1993E197C9073FA |
SHA1: | 615B7D6D7126E88ABA3F17B6973630F89852F0AA |
SHA-256: | 3B1178DF0B42B9FE32931ECD764E022C5C3993757D9E08888154E8CFE7DC3ACB |
SHA-512: | 169145C229E843797950547FA2B91AD5F73A7874E3D498859748A7C29F41A7F61CB7EF60CFBBDA05818A38394BCBEA483363C1D46DAAE992CC938BA05FD190C5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 414 |
Entropy (8bit): | 5.049516587690195 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJwMRSR7a1f892RV9SRa+rVSSRnA/fsTfaskNDVzy:V/DTLDfuEB92Ru9rV5nA/ETf5EDVzy |
MD5: | 66D77EA7A947B910D56CFB0FC4B85BE6 |
SHA1: | 9D503A2C0DDAEE23A81802CA8444D8B7039ECE6B |
SHA-256: | 66E86036222F5D3B474370BBBA04C4A7DECC42D05D25675846CBA63F16877D8B |
SHA-512: | A53181798E577ABD31EE4063903E62171903B369B4FF26C337CC0108BE8883BEE39000A858FB24E92D13CDB89EF5782AADF06B7BD6807DD2D46458F813EE772B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.19959834421907 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fpyAHUzxs7+AEszIN723fpy2:p37Lvkmb6K2axybWZETaxy2 |
MD5: | 5E6CD1F7B44B6E3B4C22EAF18C17B4E4 |
SHA1: | 7D5CB5F73BB6D2E8EC75A4ED779F3B8CF57CF23B |
SHA-256: | 1FCA6CEC3FAF3F369A605C055F0EE65690ED9838A18EE01BA3D8B81315A211E2 |
SHA-512: | 5FABA37FFE22F142287B53D9A18F828EA5101576D953C0A10945F892523E5C39D6B7503BDC0BA004ACE656A498846AD74B2C284FD3B18AD6A7AD51ED5A15E0E1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6318992955586533 |
Encrypted: | false |
SSDEEP: | 24:etGSQ8+mUE7R85z7woel/gf4/eiDPtkZfYmgfDZ0WI+ycuZhN5akSnPNnq:6aXE7S5gGZiyJYmoZX1ul5a31q |
MD5: | C9304AA657C4D4A6CB3A3F3E0BB4D7EF |
SHA1: | C8D07D9C483B5EE7CBB5B92B2BB07EB7A1EB48FD |
SHA-256: | 9B80595D0F55E78C8CB1DF004FB37D5A94AF1B19C2C8806F426B2A6BA51A29E2 |
SHA-512: | 3E66DC953433A11FE0083B2D40935B147D9BF7CE93E11F2EBC47F4EB1B5362384E3889C73518910B010457D9961FE17860D58CFA38B3E8C4207F96462B848E74 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.292537978034834 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2aLETa2KaM5DqBVKVrdFAMBJTH:Akka6CLE+2KxDcVKdBJj |
MD5: | 71B3F041076E3F95CFFD60D5175E75DF |
SHA1: | 3E8BB427FD0CF04864317DB344053003824DFAA0 |
SHA-256: | 94857FB771A06BB6B94A77618220A25D5BED278081EDD5A4CC93ECF424D175A9 |
SHA-512: | 1DE93694D194DCF73BD6190B41C5E0DA69CDEB075E7E7338E51913775DBF3879571F159BC24A991F6E499E3D72CD1F8233B196C057C2FDDBDB9F9F0226EB523F |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 395 |
Entropy (8bit): | 5.011724479977666 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZFMRSRa+eNMjSSRrh+SRNdDQaAntHQy:V/DTLDfuHV9eg5rh14aAntwy |
MD5: | B1DA1EF961AA0CE50C236459261D955A |
SHA1: | 99CF19F188248557193608FE42C1CB88FCF234E1 |
SHA-256: | 139659D9C1D794242DE8DEFB1E33C785B3B63A691230874656B2B1AFC9E0B26B |
SHA-512: | 27C4E9D4D1926A87EB5A2CAFD768D80A9D566C5FE9C7EB17F87453698415B30E251816738388C3171519A74B20AB0919C47C04A1E6CF9E1D82547540DF5E1682 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.222834284403675 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723f51n0zxs7+AEszIN723f5/H:p37Lvkmb6K2ah10WZETah/H |
MD5: | 88C71B6719907B92C99029F9DF4C3781 |
SHA1: | 667EDB93A80D214FCD8C7DB39F368586A5FFFD2D |
SHA-256: | D8001B915AA15E64B32C56331B6749F7D4ADAB361228DDB3B81C1DAFEB82BDE3 |
SHA-512: | 6FF6E9812F843FA1AB77B3F176C58F5CABD9A93DCF344EE9AFF4943DB59BBD7A260545445B561A23D537C04F4DAFA79A9ADC45E52CDFA7695D20AA434F34B805 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 872 |
Entropy (8bit): | 5.314771609463602 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2avVETapOKaM5DqBVKVrdFAMBJTH:Akka6C9E+pOKxDcVKdBJj |
MD5: | FBF42D3DC0BCD15D5634FB6E9DCE0B89 |
SHA1: | A1E67FC78A33DC2FF510187D9A143B1980A198D8 |
SHA-256: | 7794B8E2C92DCFAA2E6E0F070A71F1B82EB43D0E1B962A1413E3D7B3DDFA1D97 |
SHA-512: | 8EB85167B7225987874B8EBDEE3EAAA5F7B7B476FBC4855C1E2A202A292B27BA7C398D49027F7647CA70CB217507EDFEE5287FBBF4F4432146C119FCEC142648 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0882008464403055 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryC5ak7YnqqPOPN5Dlq5J:+RI+ycuZhN05akSPOPNnqX |
MD5: | B6905AF467395A55B06B7D723D6F9071 |
SHA1: | DE3FE20DBDC687C7434A1C7598C3EE0CFBBA6ECA |
SHA-256: | 6024F928917A5852278333793A6AC3BB6742E86C4F0095B7467BA1E148AB32B6 |
SHA-512: | 066A42CA9AABF4DF85EAF3B698E80D21F512CDA444C59FA46AA3FE478CDCA0E7998806C08B98CFA2069BA98137984EE352C3C715166DBD04123AB094E42C97E6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 414 |
Entropy (8bit): | 5.049516587690195 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJwMRSR7a1f892RV9SRa+rVSSRnA/fsTfaskNDVzy:V/DTLDfuEB92Ru9rV5nA/ETf5EDVzy |
MD5: | 66D77EA7A947B910D56CFB0FC4B85BE6 |
SHA1: | 9D503A2C0DDAEE23A81802CA8444D8B7039ECE6B |
SHA-256: | 66E86036222F5D3B474370BBBA04C4A7DECC42D05D25675846CBA63F16877D8B |
SHA-512: | A53181798E577ABD31EE4063903E62171903B369B4FF26C337CC0108BE8883BEE39000A858FB24E92D13CDB89EF5782AADF06B7BD6807DD2D46458F813EE772B |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.17577930886851 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723f97Gzxs7+AEszIN723f97V9:p37Lvkmb6K2a9GWZETa9V9 |
MD5: | 5A76B660E832AA581281D58BC7BAA5A2 |
SHA1: | 024250002F01662F9AB2370CF4033EA8487665B6 |
SHA-256: | B60360D322E1A93A5509DB4EEA774C5FB09F2D2A8B1B92B51D8385E54B872276 |
SHA-512: | 4461492B81B48FB437055C992CCC555371D16DF08788E6D3AB7512019A7B483D8772D9A3D1192A956736A96A8B0A02B2D3FDD68D84F2EAC82A4B38E95F7BA63E |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.635212339978853 |
Encrypted: | false |
SSDEEP: | 24:etGSN8+mUE7R85z7woel/gE4/eiDPtkZfKGpsDZ0WI+ycuZhN05akSPOPNnq:6DXE7S5gG6iyJKGpCZX1ulua3Kq |
MD5: | EF9522EB6C3500384C36EE79C184EC6B |
SHA1: | FE4AF6485B4A01629F901F753C3DC2D064683718 |
SHA-256: | 527F9A7FF12525547D21900A699B9BCDADD1C109A11EFDF624411C2E3FEA6C1A |
SHA-512: | 7EBD29BDE63276534B24AB60DC274D5D473ED13B20F2AD30B74740D993D9F5C6AAD81F72DC8FA3C42CBA714C3E27B414D5985D2DB617CC68D611DE5A3D7D62EE |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.293151646200869 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2axETa34KaM5DqBVKVrdFAMBJTH:Akka6CxE+oKxDcVKdBJj |
MD5: | 5F3A49EA202366DDFA9816641C833803 |
SHA1: | A7BA847BF2CA2BB118F71E6F12BB879B0DA52F29 |
SHA-256: | 227DF3C5AF341B067B565D4E0BC9C6555F1CCDD660020007014D5DD7C124419B |
SHA-512: | C3E4270BBA10C2213BF049A0A5D6447496D9406848A2C9D2A8BF882F691F4831689E0E10B3A3959464298CC4F7F77FAE6893EB6C4E5035B382C82CDD5D49B9FB |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1379 |
Entropy (8bit): | 5.379442550983847 |
Encrypted: | false |
SSDEEP: | 24:BxSAPRN7vBVLVvx2DOXUW+nELCHu4XWDUHjeTKKjX4CIym1ZJXXRenELCHu4S3eP:BZP/vTLVvoOmbu4GYqDYB1Z9gbu4SAZx |
MD5: | D55F220D9892547788887A8A32831118 |
SHA1: | 1B02881E135C7C81C2D3838A7961A121E7187DD5 |
SHA-256: | 7F26B4B3D12B445417AEF015E2BE4048848B6D814FE8466848C0B69AFA2272AB |
SHA-512: | 858D5CBE3793B79BE8BACCA705F9EA92D39507171ADA3B09FAA71382374AC0A1C719674DB4D7A7BCE8B69BFCACC1CAECDBD7FC97BC6E6CF2FBE655EF08FCDEA3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1379 |
Entropy (8bit): | 5.383650096362091 |
Encrypted: | false |
SSDEEP: | 24:BxSAPRN7vBVLVvx2DOXUW+nELCHu4XW6HjeTKKjX4CIym1ZJXXRenELCHu4SDmnu:BZP/vTLVvoOmbu4G6qDYB1Z9gbu4SDou |
MD5: | 68350C66B532BFF0B584D247AD24F0D5 |
SHA1: | CE1EB6152EE292AFDCBAE05C7057BAEB61FB2996 |
SHA-256: | 88CB4539138955AB926F559B2692348F63792A4ED0EE8B30ACE747FB404ECC94 |
SHA-512: | 80CE793621A577D179F6F633C97D8B39A8EBB79C1E50EFF57EA02BEEBDDD0F320DE6B314913CE7A40077CAE8023957747004AF9C1D9F98E280664CD2822D0828 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1379 |
Entropy (8bit): | 5.383634787556345 |
Encrypted: | false |
SSDEEP: | 24:BxSAPRN7vBVLVvx2DOXUW+nELCHu4XWGHjeTKKjX4CIym1ZJXXRenELCHu4SQDnR:BZP/vTLVvoOmbu4GGqDYB1Z9gbu4SQDR |
MD5: | 19F594408E907A61AD2F2145D3840483 |
SHA1: | FBFD6B66842B9D146C8B200852764C5FF0FDF33E |
SHA-256: | E7AC349B39C99824312EF83330E3D1EE270DDCF84B0C20C4FDC24C35F4EA3523 |
SHA-512: | 4FBDF2CBBC63FCED8296EB738DADA7BBD616759859847D127A8680A9209FD91AB060FD95A441079853857E15E156D3863BE944E74390436885E3F19E7ED5B6E1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1379 |
Entropy (8bit): | 5.38423662326416 |
Encrypted: | false |
SSDEEP: | 24:BxSAPRN7vBVLVvx2DOXUW+nELCHu4XWF3HjeTKKjX4CIym1ZJXXRenELCHu4S/nI:BZP/vTLVvoOmbu4GF3qDYB1Z9gbu4SPI |
MD5: | DB43AE7808126FE5E4B988C75C7F8F7E |
SHA1: | D4A787EA3FDCD788BC0620482E9B5851802B46C7 |
SHA-256: | 8E28E9B5EE4C6FF29D3D1F2763EE64BC8E4E6C04264DE5895EE56861225E6760 |
SHA-512: | 2CE1A34F9A696E42D61D69E37C958E2412229E07B62CABEFBEE1743D1FD59F13F248A94DEEDEC5711E5F5E3DD4067C8E861B5F7569D4F25F4567B115D74F06D4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.271216262919323 |
TrID: |
|
File name: | 61b85f75e6a7c.dll |
File size: | 1781920 |
MD5: | 26788bdf519813ff2600570a5c8e23d9 |
SHA1: | 44f22a053e84cd7afcf34a4fa19dbf512c8a624d |
SHA256: | 25f74513f1f0a72453bf096337daba7268bf77371f7fc210f56672f52b7b3af1 |
SHA512: | 54cad6bdd1ef350a02e6e3645db3fc3f1fadb385c7dcf5eeacf20a8b1d7fbc42aa3cb88d320fda63a7224b2507e7b84e3942cb54fb61cc398800ec95f6f2d505 |
SSDEEP: | 49152:dOMY8UQw8MT8UQw8MT8UQw8MT8UQw8MT8UQw8MT8UQw8Mc:9Y8UQw8MT8UQw8MT8UQw8MT8UQw8MT8Z |
File Content Preview: | MZ......................................................................!..L.!This .ro.ra. cannot be run in DOS m.de....$.......PE..L...[..a...........!....................................................................................................V.. |
File Icon |
---|
Icon Hash: | 82b0f4c6d2c66cb1 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1001f3fe |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | |
Time Stamp: | 0x61B6D25B [Mon Dec 13 04:55:55 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 90a569c76737ac6eae14ae164dabea89 |
Authenticode Signature |
---|
Signature Valid: | false |
Signature Issuer: | CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 8E8056A2284F0304445ED325353454BF |
Thumbprint SHA-1: | E16BB6EE4ED3935C46C356D147E811286BA4BBFE |
Thumbprint SHA-256: | 968F9536C18A4475095B37792855AA62306275DEC05BD72F21653C98026CFC4E |
Serial: | 038EDB2FC6E405731A760F1516144C85 |
Entrypoint Preview |
---|
Instruction |
---|
mov ebx, edi |
or ebx, edi |
jmp 00007FA47086A232h |
ret |
ret |
pop ecx |
push esi |
pop ebx |
ret |
mov edi, dword ptr [1000335Ch] |
call 00007FA470869118h |
mov esp, dword ptr [ebp-18h] |
mov word ptr [100030FCh], es |
mov ecx, dword ptr [ebp-04h] |
lea ebp, dword ptr [esp+10h] |
int3 |
int3 |
push ebp |
push edi |
mov dword ptr [10003120h], eax |
push eax |
je 00007FA470868E06h |
int3 |
mov dword ptr fs:[00000000h], ecx |
mov eax, dword ptr [ebp+0Ch] |
mov ecx, edi |
push eax |
jmp dword ptr [100040BCh] |
add ecx, eax |
mov eax, dword ptr [ecx] |
cmp edi, ecx |
mov eax, dword ptr [ecx] |
push 10000000h |
mov eax, dword ptr [ebp-14h] |
push 00000000h |
push 1001E268h |
ret |
xor esi, esi |
xor esi, esi |
xor esi, esi |
pop eax |
int3 |
int3 |
int3 |
mov esp, dword ptr [ebp-18h] |
int3 |
jmp dword ptr [10004078h] |
pop ebx |
sete cl |
call 00007FA470868CC3h |
int3 |
mov ecx, edi |
ret |
jmp dword ptr [1000406Ch] |
ret |
call 00007FA4708689CCh |
int3 |
int3 |
mov word ptr [100030F8h], fs |
cmp dword ptr [10003010h], 00000000h |
int3 |
int3 |
int3 |
call 00007FA470868E8Fh |
int3 |
int3 |
mov ebp, esp |
push dword ptr [ebp+08h] |
int3 |
sub al, cl |
jmp 00007FA47086BA28h |
int3 |
int3 |
int3 |
push eax |
mov dword ptr [ebp-04h], eax |
int3 |
cmp dword ptr [00000000h], 00000000h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x1cff0 | 0x56 | .text |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x43d04 | 0xb4 | .data |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x47000 | 0x16f8e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1b1800 | 0x18a0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1b7000 | 0x6ec | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x28d06 | 0x27c | .data |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x26ec0 | 0x24800 | False | 0.51682229238 | data | 5.5020241716 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x28000 | 0x1e4fe | 0x1be00 | False | 0.0578843189462 | data | 6.07273076569 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x47000 | 0x16f8e8 | 0x16fa00 | False | 0.218529518021 | data | 4.81717219526 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1b7000 | 0x6ec | 0x800 | False | 0.75 | data | 6.07315256741 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x4af70 | 0x668 | data | English | United States |
RT_ICON | 0x4b5d8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x4b8c0 | 0x1e8 | data | English | United States |
RT_ICON | 0x4baa8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x4bbd0 | 0xea8 | data | English | United States |
RT_ICON | 0x4ca78 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x4d320 | 0x6c8 | data | English | United States |
RT_ICON | 0x4d9e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x4df50 | 0x25a8 | data | English | United States |
RT_ICON | 0x504f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x515a0 | 0x988 | data | English | United States |
RT_ICON | 0x51f28 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x52390 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x647b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x693e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x6d608 | 0x25a8 | data | English | United States |
RT_ICON | 0x6fbb0 | 0x10a8 | data | English | United States |
RT_ICON | 0x70c58 | 0xeb0 | data | English | United States |
RT_ICON | 0x71b08 | 0x988 | data | English | United States |
RT_ICON | 0x72490 | 0x6b8 | data | English | United States |
RT_ICON | 0x72b48 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x72fb0 | 0x668 | data | English | United States |
RT_ICON | 0x73618 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x73900 | 0x1e8 | data | English | United States |
RT_ICON | 0x73ae8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x73c10 | 0xea8 | data | English | United States |
RT_ICON | 0x74ab8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x75360 | 0x6c8 | data | English | United States |
RT_ICON | 0x75a28 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x75f90 | 0x25a8 | data | English | United States |
RT_ICON | 0x78538 | 0x10a8 | data | English | United States |
RT_ICON | 0x795e0 | 0x988 | data | English | United States |
RT_ICON | 0x79f68 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x7a3d0 | 0x668 | data | English | United States |
RT_ICON | 0x7aa38 | 0x2e8 | data | English | United States |
RT_ICON | 0x7ad20 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x7ae48 | 0xea8 | data | English | United States |
RT_ICON | 0x7bcf0 | 0x8a8 | data | English | United States |
RT_ICON | 0x7c598 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x7cb00 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x81030 | 0x25a8 | data | English | United States |
RT_ICON | 0x835d8 | 0x10a8 | data | English | United States |
RT_ICON | 0x84680 | 0x988 | data | English | United States |
RT_ICON | 0x85008 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x85470 | 0x668 | data | English | United States |
RT_ICON | 0x85ad8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x85dc0 | 0x1e8 | data | English | United States |
RT_ICON | 0x85fa8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x860d0 | 0xea8 | data | English | United States |
RT_ICON | 0x86f78 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x87820 | 0x6c8 | data | English | United States |
RT_ICON | 0x87ee8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x88450 | 0x25a8 | data | English | United States |
RT_ICON | 0x8a9f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x8baa0 | 0x988 | data | English | United States |
RT_ICON | 0x8c428 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x8c890 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x9ecb8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0xa38e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0xa7b08 | 0x25a8 | data | English | United States |
RT_ICON | 0xaa0b0 | 0x10a8 | data | English | United States |
RT_ICON | 0xab158 | 0xeb0 | data | English | United States |
RT_ICON | 0xac008 | 0x988 | data | English | United States |
RT_ICON | 0xac990 | 0x6b8 | data | English | United States |
RT_ICON | 0xad048 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xad4b0 | 0x668 | data | English | United States |
RT_ICON | 0xadb18 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xade00 | 0x1e8 | data | English | United States |
RT_ICON | 0xadfe8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xae110 | 0xea8 | data | English | United States |
RT_ICON | 0xaefb8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xaf860 | 0x6c8 | data | English | United States |
RT_ICON | 0xaff28 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb0490 | 0x25a8 | data | English | United States |
RT_ICON | 0xb2a38 | 0x10a8 | data | English | United States |
RT_ICON | 0xb3ae0 | 0x988 | data | English | United States |
RT_ICON | 0xb4468 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb48d0 | 0x668 | data | English | United States |
RT_ICON | 0xb4f38 | 0x2e8 | data | English | United States |
RT_ICON | 0xb5220 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb5348 | 0xea8 | data | English | United States |
RT_ICON | 0xb61f0 | 0x8a8 | data | English | United States |
RT_ICON | 0xb6a98 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb7000 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0xbb530 | 0x25a8 | data | English | United States |
RT_ICON | 0xbdad8 | 0x10a8 | data | English | United States |
RT_ICON | 0xbeb80 | 0x988 | data | English | United States |
RT_ICON | 0xbf508 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xbf970 | 0x668 | data | English | United States |
RT_ICON | 0xbffd8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xc02c0 | 0x1e8 | data | English | United States |
RT_ICON | 0xc04a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc05d0 | 0xea8 | data | English | United States |
RT_ICON | 0xc1478 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xc1d20 | 0x6c8 | data | English | United States |
RT_ICON | 0xc23e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc2950 | 0x25a8 | data | English | United States |
RT_ICON | 0xc4ef8 | 0x10a8 | data | English | United States |
RT_ICON | 0xc5fa0 | 0x988 | data | English | United States |
RT_ICON | 0xc6928 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc6d90 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0xd91b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0xddde0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0xe2008 | 0x25a8 | data | English | United States |
RT_ICON | 0xe45b0 | 0x10a8 | data | English | United States |
RT_ICON | 0xe5658 | 0xeb0 | data | English | United States |
RT_ICON | 0xe6508 | 0x988 | data | English | United States |
RT_ICON | 0xe6e90 | 0x6b8 | data | English | United States |
RT_ICON | 0xe7548 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xe79b0 | 0x668 | data | English | United States |
RT_ICON | 0xe8018 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xe8300 | 0x1e8 | data | English | United States |
RT_ICON | 0xe84e8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xe8610 | 0xea8 | data | English | United States |
RT_ICON | 0xe94b8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xe9d60 | 0x6c8 | data | English | United States |
RT_ICON | 0xea428 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xea990 | 0x25a8 | data | English | United States |
RT_ICON | 0xecf38 | 0x10a8 | data | English | United States |
RT_ICON | 0xedfe0 | 0x988 | data | English | United States |
RT_ICON | 0xee968 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xeedd0 | 0x668 | data | English | United States |
RT_ICON | 0xef438 | 0x2e8 | data | English | United States |
RT_ICON | 0xef720 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xef848 | 0xea8 | data | English | United States |
RT_ICON | 0xf06f0 | 0x8a8 | data | English | United States |
RT_ICON | 0xf0f98 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf1500 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0xf5a30 | 0x25a8 | data | English | United States |
RT_ICON | 0xf7fd8 | 0x10a8 | data | English | United States |
RT_ICON | 0xf9080 | 0x988 | data | English | United States |
RT_ICON | 0xf9a08 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf9e70 | 0x668 | data | English | United States |
RT_ICON | 0xfa4d8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xfa7c0 | 0x1e8 | data | English | United States |
RT_ICON | 0xfa9a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xfaad0 | 0xea8 | data | English | United States |
RT_ICON | 0xfb978 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xfc220 | 0x6c8 | data | English | United States |
RT_ICON | 0xfc8e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xfce50 | 0x25a8 | data | English | United States |
RT_ICON | 0xff3f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x1004a0 | 0x988 | data | English | United States |
RT_ICON | 0x100e28 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x101290 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x1136b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x1182e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x11c508 | 0x25a8 | data | English | United States |
RT_ICON | 0x11eab0 | 0x10a8 | data | English | United States |
RT_ICON | 0x11fb58 | 0xeb0 | data | English | United States |
RT_ICON | 0x120a08 | 0x988 | data | English | United States |
RT_ICON | 0x121390 | 0x6b8 | data | English | United States |
RT_ICON | 0x121a48 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x121eb0 | 0x668 | data | English | United States |
RT_ICON | 0x122518 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x122800 | 0x1e8 | data | English | United States |
RT_ICON | 0x1229e8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x122b10 | 0xea8 | data | English | United States |
RT_ICON | 0x1239b8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x124260 | 0x6c8 | data | English | United States |
RT_ICON | 0x124928 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x124e90 | 0x25a8 | data | English | United States |
RT_ICON | 0x127438 | 0x10a8 | data | English | United States |
RT_ICON | 0x1284e0 | 0x988 | data | English | United States |
RT_ICON | 0x128e68 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1292d0 | 0x668 | data | English | United States |
RT_ICON | 0x129938 | 0x2e8 | data | English | United States |
RT_ICON | 0x129c20 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x129d48 | 0xea8 | data | English | United States |
RT_ICON | 0x12abf0 | 0x8a8 | data | English | United States |
RT_ICON | 0x12b498 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x12ba00 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x12ff30 | 0x25a8 | data | English | United States |
RT_ICON | 0x1324d8 | 0x10a8 | data | English | United States |
RT_ICON | 0x133580 | 0x988 | data | English | United States |
RT_ICON | 0x133f08 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x134370 | 0x668 | data | English | United States |
RT_ICON | 0x1349d8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x134cc0 | 0x1e8 | data | English | United States |
RT_ICON | 0x134ea8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x134fd0 | 0xea8 | data | English | United States |
RT_ICON | 0x135e78 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x136720 | 0x6c8 | data | English | United States |
RT_ICON | 0x136de8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x137350 | 0x25a8 | data | English | United States |
RT_ICON | 0x1398f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x13a9a0 | 0x988 | data | English | United States |
RT_ICON | 0x13b328 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x13b790 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x14dbb8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x1527e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x156a08 | 0x25a8 | data | English | United States |
RT_ICON | 0x158fb0 | 0x10a8 | data | English | United States |
RT_ICON | 0x15a058 | 0xeb0 | data | English | United States |
RT_ICON | 0x15af08 | 0x988 | data | English | United States |
RT_ICON | 0x15b890 | 0x6b8 | data | English | United States |
RT_ICON | 0x15bf48 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x15c3b0 | 0x668 | data | English | United States |
RT_ICON | 0x15ca18 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x15cd00 | 0x1e8 | data | English | United States |
RT_ICON | 0x15cee8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x15d010 | 0xea8 | data | English | United States |
RT_ICON | 0x15deb8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x15e760 | 0x6c8 | data | English | United States |
RT_ICON | 0x15ee28 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x15f390 | 0x25a8 | data | English | United States |
RT_ICON | 0x161938 | 0x10a8 | data | English | United States |
RT_ICON | 0x1629e0 | 0x988 | data | English | United States |
RT_ICON | 0x163368 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1637d0 | 0x668 | data | English | United States |
RT_ICON | 0x163e38 | 0x2e8 | data | English | United States |
RT_ICON | 0x164120 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x164248 | 0xea8 | data | English | United States |
RT_ICON | 0x1650f0 | 0x8a8 | data | English | United States |
RT_ICON | 0x165998 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x165f00 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x16a430 | 0x25a8 | data | English | United States |
RT_ICON | 0x16c9d8 | 0x10a8 | data | English | United States |
RT_ICON | 0x16da80 | 0x988 | data | English | United States |
RT_ICON | 0x16e408 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x16e870 | 0x668 | data | English | United States |
RT_ICON | 0x16eed8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x16f1c0 | 0x1e8 | data | English | United States |
RT_ICON | 0x16f3a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x16f4d0 | 0xea8 | data | English | United States |
RT_ICON | 0x170378 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x170c20 | 0x6c8 | data | English | United States |
RT_ICON | 0x1712e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x171850 | 0x25a8 | data | English | United States |
RT_ICON | 0x173df8 | 0x10a8 | data | English | United States |
RT_ICON | 0x174ea0 | 0x988 | data | English | United States |
RT_ICON | 0x175828 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x175c90 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x1880b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x18cce0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x190f08 | 0x25a8 | data | English | United States |
RT_ICON | 0x1934b0 | 0x10a8 | data | English | United States |
RT_ICON | 0x194558 | 0xeb0 | data | English | United States |
RT_ICON | 0x195408 | 0x988 | data | English | United States |
RT_ICON | 0x195d90 | 0x6b8 | data | English | United States |
RT_ICON | 0x196448 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1968b0 | 0x668 | data | English | United States |
RT_ICON | 0x196f18 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x197200 | 0x1e8 | data | English | United States |
RT_ICON | 0x1973e8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x197510 | 0xea8 | data | English | United States |
RT_ICON | 0x1983b8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x198c60 | 0x6c8 | data | English | United States |
RT_ICON | 0x199328 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x199890 | 0x25a8 | data | English | United States |
RT_ICON | 0x19be38 | 0x10a8 | data | English | United States |
RT_ICON | 0x19cee0 | 0x988 | data | English | United States |
RT_ICON | 0x19d868 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x19dcd0 | 0x668 | data | English | United States |
RT_ICON | 0x19e338 | 0x2e8 | data | English | United States |
RT_ICON | 0x19e620 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x19e748 | 0xea8 | data | English | United States |
RT_ICON | 0x19f5f0 | 0x8a8 | data | English | United States |
RT_ICON | 0x19fe98 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1a0400 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x1a4930 | 0x25a8 | data | English | United States |
RT_ICON | 0x1a6ed8 | 0x10a8 | data | English | United States |
RT_ICON | 0x1a7f80 | 0x988 | data | English | United States |
RT_ICON | 0x1a8908 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_GROUP_ICON | 0x1a8d70 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a8e20 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a8ea4 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a8f54 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a8ff4 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a90a4 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a9128 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a91d8 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a9278 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9328 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a93ac | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a945c | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a94fc | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a95ac | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a9630 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a96e0 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a9780 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9830 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a98b4 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9964 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a9a04 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9ab4 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a9b38 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9be8 | 0xa0 | data | English | United States |
RT_VERSION | 0x1a9c88 | 0x340 | data | English | United States |
RT_VERSION | 0x1a9fc8 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1aa2c0 | 0x344 | data | English | United States |
RT_VERSION | 0x1aa604 | 0x318 | data | English | United States |
RT_VERSION | 0x1aa91c | 0x340 | data | English | United States |
RT_VERSION | 0x1aac5c | 0x2f8 | data | English | United States |
RT_VERSION | 0x1aaf54 | 0x344 | data | English | United States |
RT_VERSION | 0x1ab298 | 0x318 | data | English | United States |
RT_VERSION | 0x1ab5b0 | 0x340 | data | English | United States |
RT_VERSION | 0x1ab8f0 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1abbe8 | 0x344 | data | English | United States |
RT_VERSION | 0x1abf2c | 0x318 | data | English | United States |
RT_VERSION | 0x1ac244 | 0x340 | data | English | United States |
RT_VERSION | 0x1ac584 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1ac87c | 0x344 | data | English | United States |
RT_VERSION | 0x1acbc0 | 0x318 | data | English | United States |
RT_VERSION | 0x1aced8 | 0x340 | data | English | United States |
RT_VERSION | 0x1ad218 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1ad510 | 0x344 | data | English | United States |
RT_VERSION | 0x1ad854 | 0x318 | data | English | United States |
RT_VERSION | 0x1adb6c | 0x340 | data | English | United States |
RT_VERSION | 0x1adeac | 0x2f8 | data | English | United States |
RT_VERSION | 0x1ae1a4 | 0x344 | data | English | United States |
RT_VERSION | 0x1ae4e8 | 0x318 | data | English | United States |
RT_MANIFEST | 0x1ae800 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1aef80 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1af1c8 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1af594 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1afd7c | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b04fc | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b0744 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b0b10 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b12f8 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b1a78 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b1cc0 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b208c | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b2874 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b2ff4 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b323c | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b3608 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b3df0 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b4570 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b47b8 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b4b84 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b536c | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b5aec | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b5d34 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b6100 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
advapi32.dll | RegDeleteKeyA, RegCreateKeyExA, RegQueryValueExA, RegCloseKey, RegEnumValueA, RegSetValueExA, RegDeleteValueA, RegEnumKeyA, RegOpenKeyExA |
comctl32.dll | ImageList_Destroy, ImageList_AddMasked, ImageList_Create |
gdi32.dll | GetDeviceCaps, SetBkColor, CreateBrushIndirect, CreateFontIndirectA, SetTextColor, SetBkMode, SelectObject, DeleteObject |
kernel32.dll | GetCommandLineA, CreateThread, LoadLibraryExA, GetFullPathNameA, SetFileAttributesA, GlobalUnlock, WaitForSingleObject, GetTempPathA, GlobalAlloc, GetTempFileNameA, VirtualProtect, GetFileAttributesA, GetProcAddress, GetSystemDirectoryA, Sleep, SearchPathA, GlobalLock, GetPrivateProfileStringA, GetDiskFreeSpaceA, GetCurrentDirectoryA, MultiByteToWideChar, MulDiv, FindClose, lstrcpynA, GetVersion, MoveFileA, SetErrorMode, GetCurrentProcess, FindFirstFileA, GetShortPathNameA, ExpandEnvironmentStringsA, SetFilePointer, GetFileSize, lstrcmpiA, FreeLibrary, GetTickCount, RemoveDirectoryA, ReadFile, CreateDirectoryA, ExitProcess, FindNextFileA, SetCurrentDirectoryA, LoadLibraryA, SetFileTime, CreateFileA, lstrlenA, lstrcmpA, GetModuleHandleA, GetModuleFileNameA, DeleteFileA, WriteFile, CloseHandle, CompareFileTime, lstrcatA, GlobalFree, GetWindowsDirectoryA, WritePrivateProfileStringA, CopyFileA, CreateProcessA, GetExitCodeProcess, GetLastError |
ole32.dll | CoTaskMemFree, OleInitialize, CoCreateInstance, OleUninitialize |
shell32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHGetSpecialFolderLocation, ShellExecuteA, SHFileOperationA |
user32.dll | IsWindowVisible, DispatchMessageA, SendMessageTimeoutA, CreateWindowExA, GetClientRect, SetWindowPos, SystemParametersInfoA, LoadBitmapA, CharPrevA, EndPaint, DestroyWindow, EnableMenuItem, AppendMenuA, ShowWindow, SetWindowLongA, InvalidateRect, EnableWindow, OpenClipboard, EmptyClipboard, GetMessagePos, SendMessageA, ExitWindowsEx, IsWindowEnabled, BeginPaint, GetSysColor, PostQuitMessage, GetSystemMetrics, MessageBoxIndirectA, SetDlgItemTextA, EndDialog, SetClassLongA, GetDC, DefWindowProcA, CloseClipboard, GetDlgItemTextA, SetForegroundWindow, FillRect, LoadCursorA, CharNextA, IsWindow, GetSystemMenu, CreateDialogParamA, GetWindowRect, RegisterClassA, GetWindowLongA, DrawTextA, FindWindowExA, CheckDlgButton, TrackPopupMenu, wsprintfA, DialogBoxParamA, CreatePopupMenu, SetCursor, SetWindowTextA, ScreenToClient, LoadImageA, SetClipboardData |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
DllRegisterServer | 1 | 0x1002513f |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright 2016 Symantec Corporation. All rights reserved. |
InternalName | SymErr |
FileVersion | 7.6.2.5 |
CompanyName | Symantec Corporation |
ProductName | Symantec Shared Component |
ProductVersion | 7.6 |
FileDescription | Symantec Error Reporting |
OriginalFilename | SymErr.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 14, 2021 10:21:27.900134087 CET | 49789 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:27.900198936 CET | 443 | 49789 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:27.900322914 CET | 49789 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:27.901295900 CET | 49789 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:27.901324987 CET | 443 | 49789 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.024019957 CET | 49790 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.024051905 CET | 443 | 49790 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.024136066 CET | 49790 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.024764061 CET | 49790 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.024785042 CET | 443 | 49790 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.052880049 CET | 443 | 49789 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.056920052 CET | 49791 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.057018042 CET | 443 | 49791 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.057200909 CET | 49791 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.058237076 CET | 49791 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.058257103 CET | 443 | 49791 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.123307943 CET | 49792 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.123363972 CET | 443 | 49792 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.123461962 CET | 49792 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.124365091 CET | 49792 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.124394894 CET | 443 | 49792 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.175709963 CET | 443 | 49790 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.180037022 CET | 49793 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.180089951 CET | 443 | 49793 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.180481911 CET | 49793 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.182934046 CET | 49793 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.182969093 CET | 443 | 49793 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.208842039 CET | 443 | 49791 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.211349010 CET | 49794 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.211389065 CET | 443 | 49794 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.211477995 CET | 49794 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.212294102 CET | 49794 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.212321043 CET | 443 | 49794 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.275163889 CET | 443 | 49792 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.276987076 CET | 49795 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.277040005 CET | 443 | 49795 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.277153015 CET | 49795 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.278369904 CET | 49795 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.278393030 CET | 443 | 49795 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.333843946 CET | 443 | 49793 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.335545063 CET | 49796 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.335588932 CET | 443 | 49796 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.335671902 CET | 49796 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.336436033 CET | 49796 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.336460114 CET | 443 | 49796 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.362796068 CET | 443 | 49794 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.364227057 CET | 49797 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.364257097 CET | 443 | 49797 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.364918947 CET | 49797 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.368439913 CET | 49797 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.368453979 CET | 443 | 49797 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.429214001 CET | 443 | 49795 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.430900097 CET | 49798 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.430928946 CET | 443 | 49798 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.431081057 CET | 49798 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.438911915 CET | 49798 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.438926935 CET | 443 | 49798 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.486751080 CET | 443 | 49796 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.488133907 CET | 49799 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.488176107 CET | 443 | 49799 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.488295078 CET | 49799 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.489048958 CET | 49799 | 443 | 192.168.2.6 | 18.219.227.107 |
Dec 14, 2021 10:21:28.489072084 CET | 443 | 49799 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.518722057 CET | 443 | 49797 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.589646101 CET | 443 | 49798 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.591161013 CET | 49800 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.591188908 CET | 443 | 49800 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.591268063 CET | 49800 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.592097044 CET | 49800 | 443 | 192.168.2.6 | 3.20.161.64 |
Dec 14, 2021 10:21:28.592108965 CET | 443 | 49800 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.637002945 CET | 49801 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.637041092 CET | 443 | 49801 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.637135983 CET | 49801 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.637778997 CET | 49801 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.637794018 CET | 443 | 49801 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.639578104 CET | 443 | 49799 | 18.219.227.107 | 192.168.2.6 |
Dec 14, 2021 10:21:28.743098974 CET | 443 | 49800 | 3.20.161.64 | 192.168.2.6 |
Dec 14, 2021 10:21:28.787904024 CET | 443 | 49801 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.789566994 CET | 49802 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.789603949 CET | 443 | 49802 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.789686918 CET | 49802 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.790296078 CET | 49802 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.790307999 CET | 443 | 49802 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.940563917 CET | 443 | 49802 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.942121983 CET | 49804 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.942163944 CET | 443 | 49804 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:28.942245007 CET | 49804 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.942936897 CET | 49804 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:28.942955971 CET | 443 | 49804 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:29.093247890 CET | 443 | 49804 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:29.094662905 CET | 49805 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:29.094701052 CET | 443 | 49805 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:29.097589970 CET | 49805 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:29.098216057 CET | 49805 | 443 | 192.168.2.6 | 3.12.124.139 |
Dec 14, 2021 10:21:29.098229885 CET | 443 | 49805 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:29.248668909 CET | 443 | 49805 | 3.12.124.139 | 192.168.2.6 |
Dec 14, 2021 10:21:38.708416939 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.708446980 CET | 443 | 49812 | 79.110.52.144 | 192.168.2.6 |
Dec 14, 2021 10:21:38.708522081 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
Dec 14, 2021 10:21:38.709014893 CET | 49812 | 443 | 192.168.2.6 | 79.110.52.144 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 14, 2021 10:21:27.879158020 CET | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:27.897459030 CET | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:28.005357981 CET | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:28.022103071 CET | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:28.100939989 CET | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:28.121263027 CET | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:28.618268013 CET | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:28.635057926 CET | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:38.683651924 CET | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:38.706058979 CET | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:38.937886000 CET | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:38.955063105 CET | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.074219942 CET | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.093746901 CET | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.206109047 CET | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.223566055 CET | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.301306009 CET | 54683 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.320144892 CET | 53 | 54683 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.382054090 CET | 59329 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.399878979 CET | 53 | 59329 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.611248016 CET | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.629395008 CET | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.729481936 CET | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.748024940 CET | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:39.907537937 CET | 58177 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:39.923528910 CET | 53 | 58177 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:40.019191027 CET | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:40.035238981 CET | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:40.492409945 CET | 54069 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:40.508769035 CET | 53 | 54069 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:21:40.775444984 CET | 61178 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:21:40.791791916 CET | 53 | 61178 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:22:41.757524967 CET | 55181 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:22:41.773610115 CET | 53 | 55181 | 8.8.8.8 | 192.168.2.6 |
Dec 14, 2021 10:22:41.779015064 CET | 55182 | 53 | 192.168.2.6 | 8.8.8.8 |
Dec 14, 2021 10:22:41.797523975 CET | 53 | 55182 | 8.8.8.8 | 192.168.2.6 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Dec 14, 2021 10:21:27.879158020 CET | 192.168.2.6 | 8.8.8.8 | 0xe710 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:28.005357981 CET | 192.168.2.6 | 8.8.8.8 | 0x8816 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:28.100939989 CET | 192.168.2.6 | 8.8.8.8 | 0x9c94 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:28.618268013 CET | 192.168.2.6 | 8.8.8.8 | 0x9cd0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:38.683651924 CET | 192.168.2.6 | 8.8.8.8 | 0x766e | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:38.937886000 CET | 192.168.2.6 | 8.8.8.8 | 0x1f47 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.074219942 CET | 192.168.2.6 | 8.8.8.8 | 0x1098 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.206109047 CET | 192.168.2.6 | 8.8.8.8 | 0x3ff7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.301306009 CET | 192.168.2.6 | 8.8.8.8 | 0x48be | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.382054090 CET | 192.168.2.6 | 8.8.8.8 | 0xc3c5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.611248016 CET | 192.168.2.6 | 8.8.8.8 | 0xdf42 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.729481936 CET | 192.168.2.6 | 8.8.8.8 | 0xbf7b | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:39.907537937 CET | 192.168.2.6 | 8.8.8.8 | 0xd2f2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:40.019191027 CET | 192.168.2.6 | 8.8.8.8 | 0xbbba | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:40.492409945 CET | 192.168.2.6 | 8.8.8.8 | 0x1433 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:21:40.775444984 CET | 192.168.2.6 | 8.8.8.8 | 0xe94f | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:22:41.757524967 CET | 192.168.2.6 | 8.8.8.8 | 0x1 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Dec 14, 2021 10:22:41.779015064 CET | 192.168.2.6 | 8.8.8.8 | 0x2 | Standard query (0) | PTR (Pointer record) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Dec 14, 2021 10:21:27.897459030 CET | 8.8.8.8 | 192.168.2.6 | 0xe710 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 10:21:27.897459030 CET | 8.8.8.8 | 192.168.2.6 | 0xe710 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:27.897459030 CET | 8.8.8.8 | 192.168.2.6 | 0xe710 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:27.897459030 CET | 8.8.8.8 | 192.168.2.6 | 0xe710 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.022103071 CET | 8.8.8.8 | 192.168.2.6 | 0x8816 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.022103071 CET | 8.8.8.8 | 192.168.2.6 | 0x8816 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.022103071 CET | 8.8.8.8 | 192.168.2.6 | 0x8816 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.022103071 CET | 8.8.8.8 | 192.168.2.6 | 0x8816 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.121263027 CET | 8.8.8.8 | 192.168.2.6 | 0x9c94 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.121263027 CET | 8.8.8.8 | 192.168.2.6 | 0x9c94 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.121263027 CET | 8.8.8.8 | 192.168.2.6 | 0x9c94 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.121263027 CET | 8.8.8.8 | 192.168.2.6 | 0x9c94 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.635057926 CET | 8.8.8.8 | 192.168.2.6 | 0x9cd0 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.635057926 CET | 8.8.8.8 | 192.168.2.6 | 0x9cd0 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.635057926 CET | 8.8.8.8 | 192.168.2.6 | 0x9cd0 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:28.635057926 CET | 8.8.8.8 | 192.168.2.6 | 0x9cd0 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:38.706058979 CET | 8.8.8.8 | 192.168.2.6 | 0x766e | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:38.955063105 CET | 8.8.8.8 | 192.168.2.6 | 0x1f47 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.093746901 CET | 8.8.8.8 | 192.168.2.6 | 0x1098 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.223566055 CET | 8.8.8.8 | 192.168.2.6 | 0x3ff7 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.320144892 CET | 8.8.8.8 | 192.168.2.6 | 0x48be | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.399878979 CET | 8.8.8.8 | 192.168.2.6 | 0xc3c5 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.629395008 CET | 8.8.8.8 | 192.168.2.6 | 0xdf42 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.748024940 CET | 8.8.8.8 | 192.168.2.6 | 0xbf7b | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:39.923528910 CET | 8.8.8.8 | 192.168.2.6 | 0xd2f2 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:40.035238981 CET | 8.8.8.8 | 192.168.2.6 | 0xbbba | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:40.508769035 CET | 8.8.8.8 | 192.168.2.6 | 0x1433 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:21:40.791791916 CET | 8.8.8.8 | 192.168.2.6 | 0xe94f | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:22:41.773610115 CET | 8.8.8.8 | 192.168.2.6 | 0x1 | No error (0) | PTR (Pointer record) | IN (0x0001) | |||
Dec 14, 2021 10:22:41.797523975 CET | 8.8.8.8 | 192.168.2.6 | 0x2 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49812 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:38 UTC | 0 | OUT | |
2021-12-14 09:21:38 UTC | 0 | IN | |
2021-12-14 09:21:38 UTC | 0 | IN | |
2021-12-14 09:21:38 UTC | 16 | IN | |
2021-12-14 09:21:38 UTC | 32 | IN | |
2021-12-14 09:21:38 UTC | 48 | IN | |
2021-12-14 09:21:38 UTC | 64 | IN | |
2021-12-14 09:21:38 UTC | 80 | IN | |
2021-12-14 09:21:38 UTC | 96 | IN | |
2021-12-14 09:21:38 UTC | 112 | IN | |
2021-12-14 09:21:38 UTC | 128 | IN | |
2021-12-14 09:21:38 UTC | 144 | IN | |
2021-12-14 09:21:38 UTC | 160 | IN | |
2021-12-14 09:21:38 UTC | 176 | IN | |
2021-12-14 09:21:38 UTC | 192 | IN | |
2021-12-14 09:21:38 UTC | 208 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.6 | 49813 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 209 | OUT | |
2021-12-14 09:21:39 UTC | 209 | IN | |
2021-12-14 09:21:39 UTC | 210 | IN | |
2021-12-14 09:21:39 UTC | 225 | IN | |
2021-12-14 09:21:39 UTC | 241 | IN | |
2021-12-14 09:21:39 UTC | 257 | IN | |
2021-12-14 09:21:39 UTC | 273 | IN | |
2021-12-14 09:21:39 UTC | 290 | IN | |
2021-12-14 09:21:39 UTC | 306 | IN | |
2021-12-14 09:21:39 UTC | 322 | IN | |
2021-12-14 09:21:39 UTC | 338 | IN | |
2021-12-14 09:21:39 UTC | 354 | IN | |
2021-12-14 09:21:39 UTC | 370 | IN | |
2021-12-14 09:21:39 UTC | 386 | IN | |
2021-12-14 09:21:39 UTC | 402 | IN | |
2021-12-14 09:21:39 UTC | 418 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.6 | 49823 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:40 UTC | 1895 | OUT | |
2021-12-14 09:21:40 UTC | 1896 | IN | |
2021-12-14 09:21:40 UTC | 1896 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.6 | 49825 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:40 UTC | 1898 | OUT | |
2021-12-14 09:21:40 UTC | 1898 | IN | |
2021-12-14 09:21:40 UTC | 1899 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.6 | 49814 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 289 | OUT | |
2021-12-14 09:21:39 UTC | 419 | IN | |
2021-12-14 09:21:39 UTC | 419 | IN | |
2021-12-14 09:21:39 UTC | 435 | IN | |
2021-12-14 09:21:39 UTC | 451 | IN | |
2021-12-14 09:21:39 UTC | 467 | IN | |
2021-12-14 09:21:39 UTC | 483 | IN | |
2021-12-14 09:21:39 UTC | 499 | IN | |
2021-12-14 09:21:39 UTC | 515 | IN | |
2021-12-14 09:21:39 UTC | 531 | IN | |
2021-12-14 09:21:39 UTC | 547 | IN | |
2021-12-14 09:21:39 UTC | 563 | IN | |
2021-12-14 09:21:39 UTC | 579 | IN | |
2021-12-14 09:21:39 UTC | 595 | IN | |
2021-12-14 09:21:39 UTC | 611 | IN | |
2021-12-14 09:21:39 UTC | 627 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.6 | 49815 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 595 | OUT | |
2021-12-14 09:21:39 UTC | 629 | IN | |
2021-12-14 09:21:39 UTC | 629 | IN | |
2021-12-14 09:21:39 UTC | 645 | IN | |
2021-12-14 09:21:39 UTC | 661 | IN | |
2021-12-14 09:21:39 UTC | 677 | IN | |
2021-12-14 09:21:39 UTC | 693 | IN | |
2021-12-14 09:21:39 UTC | 709 | IN | |
2021-12-14 09:21:39 UTC | 725 | IN | |
2021-12-14 09:21:39 UTC | 741 | IN | |
2021-12-14 09:21:39 UTC | 757 | IN | |
2021-12-14 09:21:39 UTC | 773 | IN | |
2021-12-14 09:21:39 UTC | 789 | IN | |
2021-12-14 09:21:39 UTC | 805 | IN | |
2021-12-14 09:21:39 UTC | 821 | IN | |
2021-12-14 09:21:39 UTC | 837 | IN | |
2021-12-14 09:21:39 UTC | 853 | IN | |
2021-12-14 09:21:39 UTC | 869 | IN | |
2021-12-14 09:21:39 UTC | 885 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.6 | 49816 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 661 | OUT | |
2021-12-14 09:21:39 UTC | 892 | IN | |
2021-12-14 09:21:39 UTC | 892 | IN | |
2021-12-14 09:21:39 UTC | 908 | IN | |
2021-12-14 09:21:39 UTC | 924 | IN | |
2021-12-14 09:21:39 UTC | 940 | IN | |
2021-12-14 09:21:39 UTC | 956 | IN | |
2021-12-14 09:21:39 UTC | 972 | IN | |
2021-12-14 09:21:39 UTC | 988 | IN | |
2021-12-14 09:21:39 UTC | 1004 | IN | |
2021-12-14 09:21:39 UTC | 1020 | IN | |
2021-12-14 09:21:39 UTC | 1036 | IN | |
2021-12-14 09:21:39 UTC | 1052 | IN | |
2021-12-14 09:21:39 UTC | 1068 | IN | |
2021-12-14 09:21:39 UTC | 1084 | IN | |
2021-12-14 09:21:39 UTC | 1100 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.6 | 49817 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 892 | OUT | |
2021-12-14 09:21:39 UTC | 1101 | IN | |
2021-12-14 09:21:39 UTC | 1102 | IN | |
2021-12-14 09:21:39 UTC | 1117 | IN | |
2021-12-14 09:21:39 UTC | 1133 | IN | |
2021-12-14 09:21:39 UTC | 1149 | IN | |
2021-12-14 09:21:39 UTC | 1165 | IN | |
2021-12-14 09:21:39 UTC | 1181 | IN | |
2021-12-14 09:21:39 UTC | 1197 | IN | |
2021-12-14 09:21:39 UTC | 1213 | IN | |
2021-12-14 09:21:39 UTC | 1229 | IN | |
2021-12-14 09:21:39 UTC | 1245 | IN | |
2021-12-14 09:21:39 UTC | 1261 | IN | |
2021-12-14 09:21:39 UTC | 1277 | IN | |
2021-12-14 09:21:39 UTC | 1293 | IN | |
2021-12-14 09:21:39 UTC | 1309 | IN | |
2021-12-14 09:21:39 UTC | 1325 | IN | |
2021-12-14 09:21:39 UTC | 1341 | IN | |
2021-12-14 09:21:39 UTC | 1357 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.6 | 49819 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 1364 | OUT | |
2021-12-14 09:21:39 UTC | 1364 | IN | |
2021-12-14 09:21:39 UTC | 1365 | IN | |
2021-12-14 09:21:39 UTC | 1380 | IN | |
2021-12-14 09:21:39 UTC | 1396 | IN | |
2021-12-14 09:21:39 UTC | 1412 | IN | |
2021-12-14 09:21:39 UTC | 1428 | IN | |
2021-12-14 09:21:39 UTC | 1444 | IN | |
2021-12-14 09:21:39 UTC | 1460 | IN | |
2021-12-14 09:21:39 UTC | 1476 | IN | |
2021-12-14 09:21:39 UTC | 1492 | IN | |
2021-12-14 09:21:39 UTC | 1508 | IN | |
2021-12-14 09:21:39 UTC | 1524 | IN | |
2021-12-14 09:21:39 UTC | 1540 | IN | |
2021-12-14 09:21:39 UTC | 1556 | IN | |
2021-12-14 09:21:39 UTC | 1572 | IN | |
2021-12-14 09:21:39 UTC | 1588 | IN | |
2021-12-14 09:21:39 UTC | 1604 | IN | |
2021-12-14 09:21:39 UTC | 1620 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.6 | 49820 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:39 UTC | 1627 | OUT | |
2021-12-14 09:21:39 UTC | 1627 | IN | |
2021-12-14 09:21:39 UTC | 1628 | IN | |
2021-12-14 09:21:39 UTC | 1643 | IN | |
2021-12-14 09:21:39 UTC | 1659 | IN | |
2021-12-14 09:21:39 UTC | 1675 | IN | |
2021-12-14 09:21:39 UTC | 1691 | IN | |
2021-12-14 09:21:39 UTC | 1707 | IN | |
2021-12-14 09:21:39 UTC | 1723 | IN | |
2021-12-14 09:21:39 UTC | 1739 | IN | |
2021-12-14 09:21:39 UTC | 1755 | IN | |
2021-12-14 09:21:39 UTC | 1771 | IN | |
2021-12-14 09:21:39 UTC | 1787 | IN | |
2021-12-14 09:21:40 UTC | 1803 | IN | |
2021-12-14 09:21:40 UTC | 1819 | IN | |
2021-12-14 09:21:40 UTC | 1835 | IN | |
2021-12-14 09:21:40 UTC | 1851 | IN | |
2021-12-14 09:21:40 UTC | 1867 | IN | |
2021-12-14 09:21:40 UTC | 1884 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.6 | 49821 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:40 UTC | 1883 | OUT | |
2021-12-14 09:21:40 UTC | 1890 | IN | |
2021-12-14 09:21:40 UTC | 1891 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.6 | 49822 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:21:40 UTC | 1892 | OUT | |
2021-12-14 09:21:40 UTC | 1893 | IN | |
2021-12-14 09:21:40 UTC | 1893 | IN |
Code Manipulations |
---|
User Modules |
---|
Hook Summary |
---|
Function Name | Hook Type | Active in Processes |
---|---|---|
api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW | IAT | explorer.exe |
api-ms-win-core-registry-l1-1-0.dll:RegGetValueW | IAT | explorer.exe |
CreateProcessAsUserW | EAT | explorer.exe |
CreateProcessAsUserW | INLINE | explorer.exe |
CreateProcessW | EAT | explorer.exe |
CreateProcessW | INLINE | explorer.exe |
CreateProcessA | EAT | explorer.exe |
CreateProcessA | INLINE | explorer.exe |
Processes |
---|
Process: explorer.exe, Module: user32.dll |
---|
Function Name | Hook Type | New Data |
---|---|---|
api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW | IAT | 7FFD88935200 |
api-ms-win-core-registry-l1-1-0.dll:RegGetValueW | IAT | 4E12000 |
Process: explorer.exe, Module: WININET.dll |
---|
Function Name | Hook Type | New Data |
---|---|---|
api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW | IAT | 7FFD88935200 |
api-ms-win-core-registry-l1-1-0.dll:RegGetValueW | IAT | 4E12000 |
Process: explorer.exe, Module: KERNEL32.DLL |
---|
Function Name | Hook Type | New Data |
---|---|---|
CreateProcessAsUserW | EAT | 7FFD8893521C |
CreateProcessAsUserW | INLINE | 0xFF 0xF2 0x25 0x50 0x00 0x00 |
CreateProcessW | EAT | 7FFD88935200 |
CreateProcessW | INLINE | 0xFF 0xF2 0x25 0x50 0x00 0x00 |
CreateProcessA | EAT | 7FFD8893520E |
CreateProcessA | INLINE | 0xFF 0xF2 0x25 0x50 0x00 0x00 |
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 10:20:20 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2d0000 |
File size: | 116736 bytes |
MD5 hash: | 7DEB5DB86C0AC789123DEC286286B938 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 10:20:20 |
Start date: | 14/12/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:20:21 |
Start date: | 14/12/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x940000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 10:20:21 |
Start date: | 14/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xad0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 10:20:21 |
Start date: | 14/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xad0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 10:21:44 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b8c0000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 10:21:44 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b8c0000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 10:21:44 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b8c0000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 10:21:45 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b8c0000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 10:21:46 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff743d60000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 10:21:47 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:21:47 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff743d60000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:21:47 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff743d60000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:21:47 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:21:47 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff743d60000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:21:47 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:21:48 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:22:01 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746f40000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:22:03 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746f40000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:22:06 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff60c110000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:22:06 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61bc20000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:22:08 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746f40000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:22:09 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff60c110000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 10:22:09 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff60c110000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 10:22:10 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61bc20000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:22:11 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff60c110000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 10:22:11 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746f40000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:22:13 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61bc20000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:22:15 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff746f40000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:22:15 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61bc20000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|