Windows Analysis Report 6.png
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"RSA Public Key": "B+xl4hUTn5rXiL0afazu2ddSc/ECZk5wqODKe0fS2KdIXHYzLOi+LPPP1HVzyCQFE2ZPog7imXfWyeJPGgVZO8mmh7g0OCbF0hBgHX6wj0qY1fBDcQxYjLnhuuJTPFt0voqEKHGGIgbiz86prZpdJls6h0dECkyqCOUP77xD4bHwJFYwmMp7govarzlBsbdorQ4qNFnd4O2rK1GEuQisAwdMkb4j9MqHf7vkHewrh1BGBeNcr85NjoxXAnfZDuX+M7b1dWoszYHJF1rgWzk4yz7fc+7Q4leAIr2PkWbTRuRpOe4P6Ok01hKGTLORQhRgWw6Mv2aRFMimHgiQWhhaHetICEhMcBl5C0yxhZCOhu4=", "c2_domain": ["microsoft.com/windowsdisabler", "windows.update3.com", "berukoneru.website", "gerukoneru.website", "fortunarah.com"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 27 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: MSHTA Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag: |
Sigma detected: Suspicious Call by Ordinal | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Mshta Spawning Windows Shell | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Suspicious Csc.exe Source File Folder | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Suspicious Rundll32 Activity | Show sources |
Source: | Author: juju4, Jonhnathan Ribeiro, oscd.community: |
Sigma detected: Non Interactive PowerShell | Show sources |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Sigma detected: T1086 PowerShell Execution | Show sources |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Network Connect: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
PE file has a writeable .text section | Show sources |
Source: | Static PE information: |
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | File created: |
Source: | File created: |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Code function: |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Window detected: |
Source: | File opened: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key monitored for changes: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: |
Source: | Process information queried: |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Network Connect: |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: | ||
Source: | Thread register set: | ||
Source: | Thread register set: |
Creates a thread in another existing process (thread injection) | Show sources |
Source: | Thread created: | ||
Source: | Thread created: | ||
Source: | Thread created: | ||
Source: | Thread created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Code function: |
Source: | Key value queried: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation2 | DLL Side-Loading1 | DLL Side-Loading1 | Obfuscated Files or Information1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Command and Scripting Interpreter1 | Boot or Logon Initialization Scripts | Process Injection511 | DLL Side-Loading1 | LSASS Memory | Account Discovery1 | Remote Desktop Protocol | Email Collection1 | Exfiltration Over Bluetooth | Encrypted Channel11 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Masquerading1 | Security Account Manager | File and Directory Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Virtualization/Sandbox Evasion21 | NTDS | System Information Discovery25 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol13 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Process Injection511 | LSA Secrets | Query Registry1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Regsvr321 | Cached Domain Credentials | Security Software Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Rundll321 | DCSync | Virtualization/Sandbox Evasion21 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | Process Discovery2 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | Application Window Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | System Owner/User Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | Remote System Discovery1 | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | 18.219.227.107 | true | false | high | |
berukoneru.website | 79.110.52.144 | true | true | unknown | |
windows.update3.com | unknown | unknown | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
79.110.52.144 | berukoneru.website | Romania | 60233 | V4ESCROW-ASRO | true | |
18.219.227.107 | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | United States | 16509 | AMAZON-02US | false | |
3.12.124.139 | unknown | United States | 16509 | AMAZON-02US | true |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 539457 |
Start date: | 14.12.2021 |
Start time: | 10:32:11 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 14m 6s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | 6.png (renamed file extension from png to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 50 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winDLL@59/52@16/4 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
10:33:33 | API Interceptor | |
10:33:33 | API Interceptor | |
10:33:46 | API Interceptor | |
10:34:20 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:Axoe5FpOMxoe5Pib4GVsm5emdKVFn3eGOVpN6K3bkkjo5HgkjDt4iWN3yBGHh9sO:6fib4GGVoGIpN6KQkj2Akjh4iUxs14fr |
MD5: | 1F1446CE05A385817C3EF20CBD8B6E6A |
SHA1: | 1E4B1EE5EFCA361C9FB5DC286DD7A99DEA31F33D |
SHA-256: | 2BCEC12B7B67668569124FED0E0CEF2C1505B742F7AE2CF86C8544D07D59F2CE |
SHA-512: | 252AD962C0E8023419D756A11F0DDF2622F71CBC9DAE31DC14D9C400607DF43030E90BCFBF2EE9B89782CC952E8FB2DADD7BDBBA3D31E33DA5A589A76B87C514 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1192 |
Entropy (8bit): | 5.325275554903011 |
Encrypted: | false |
SSDEEP: | 24:3aEPpQrLAo4KAxX5qRPD42HOoFe9t4CvKuKnKJJx5:qEPerB4nqRL/HvFe9t4Cv94ar5 |
MD5: | 05CF074042A017A42C1877FC5DB819AB |
SHA1: | 5AF2016605B06ECE0BFB3916A9480D6042355188 |
SHA-256: | 971C67A02609B2B561618099F48D245EA4EB689C6E9F85232158E74269CAA650 |
SHA-512: | 96C1C1624BB50EC8A7222E4DD21877C3F4A4D03ACF15383E9CE41070C194A171B904E3BF568D8B2B7993EADE0259E65ED2E3C109FD062D94839D48DFF041439A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 3.9923065968914804 |
Encrypted: | false |
SSDEEP: | 24:HCe9E26c3tuHrhKdNII+ycuZhNqlcakS7lxPNnq9qd:8c3tuVKdu1ulqaa37Bq9K |
MD5: | 27C528436B2B3C05916BE7800A1BDCA3 |
SHA1: | 26B8F391092F85DDFD9F5820E91C7EEA36070D53 |
SHA-256: | 608F560F77DFA1AC315ABF79CE35E71EBD5E090F1E1335C5E6B4E38995128647 |
SHA-512: | 7CF7A7C94D4FEC56DC2145DCDDF6F0AD6BD71835ABCB81F1B90BD6817D12989F2063660385122EA17C8DF758058F975FBC3372A1EC83E8F0F030D8B7CE836EC4 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1332 |
Entropy (8bit): | 4.003514269567322 |
Encrypted: | false |
SSDEEP: | 24:HdzW9Nv9U8uHvhKdNII+ycuZhNoakS0PNnq92d:01U8upKdu1uloa3Uq9G |
MD5: | 29E70867DFDE4F487090ABBBCB2B484F |
SHA1: | 31B7F94349888DF87A60D3A792DF85D31460CA2E |
SHA-256: | C9C2C56C48B397FB5BB9ACFDF50E2ED7EFE06542BAE0BEC0A5581231FA63B8F1 |
SHA-512: | 43BBC13236AD8C9178FA4BD1CCF0179419EAA5FDA7C8A79B59B814557BAD0125F85D9712070021B5C6D9210138C5E3F1894F8B2CED4CBD2BA973FAB72322ADCA |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 4.001534923476038 |
Encrypted: | false |
SSDEEP: | 24:HYe9E26qW2KuHrFhKdNII+ycuZhNtakS7PNnq9qd:eqzKuLzKdu1ulta3xq9K |
MD5: | 40F552368035B59FB38A94FC74FE0504 |
SHA1: | 6C04143209198C63E8E2315435BC3EB3B99BB259 |
SHA-256: | 6EE40A1F274E2A37AE5C850C15BC241463652ED312820B9CCCAEB7BB1C822CF1 |
SHA-512: | F45BE36ED243E5F7F0E496EFE5171BAA7FD1BE3A0F83AB01300C05B09AC10D98897679338F4CFB30F25FC5BCB2D2DE34163BD339B79A65E45DCCEE7A21174603 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 3.975200179964607 |
Encrypted: | false |
SSDEEP: | 24:HOe9E26LWbhknZHFhKdNWI+ycuZhN+akS2PNnq9qd:ILtZTKd41ul+a3Kq9K |
MD5: | 2997036F1D6399BDEDC49939CBDB26D4 |
SHA1: | FBA41FB870A14910B1BC32C973C39C8C80458E93 |
SHA-256: | F4A370736333FC785FE73DBD7468D3FF3B2003BE891BDA032A3C2994614A495F |
SHA-512: | D7054F26A09ABB72827D6AA50382AB19950F48954DD8EACE5A7855487516ED0DB28C0BB6AB2C00CB2D740C50D4EDD68B567BE1EA8EDE1B1D17119991413829A9 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 395 |
Entropy (8bit): | 5.011724479977666 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZFMRSRa+eNMjSSRrh+SRNdDQaAntHQy:V/DTLDfuHV9eg5rh14aAntwy |
MD5: | B1DA1EF961AA0CE50C236459261D955A |
SHA1: | 99CF19F188248557193608FE42C1CB88FCF234E1 |
SHA-256: | 139659D9C1D794242DE8DEFB1E33C785B3B63A691230874656B2B1AFC9E0B26B |
SHA-512: | 27C4E9D4D1926A87EB5A2CAFD768D80A9D566C5FE9C7EB17F87453698415B30E251816738388C3171519A74B20AB0919C47C04A1E6CF9E1D82547540DF5E1682 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 371 |
Entropy (8bit): | 5.226640803853184 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fReHW6zxs7+AEszI923fReHWRyA:p37Lvkmb6KzJYW6WZE2JYWRyA |
MD5: | 0D4DF55C848FD70C7E467D2A26D53F45 |
SHA1: | F4B759DBF60B7BD4760AEEE2865A47EA64FE59BC |
SHA-256: | 65AD1A8591B4C85B19C20F7CB6F215675131DC225B6397BAC64CF9BA285E7F6C |
SHA-512: | 5855ED3F00032735847AA9F6B55DAD2607E959509E5EDCA111693CC59EBDF9F3C298FB6A39940BC5603C94F8A5D60E97788FCE82E9BE48A955013F8D0C00438A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 868 |
Entropy (8bit): | 5.320286032288214 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KzSWbE2SWRy1KaM5DqBVKVrdFAMBJTH:Akka6aSmE2S6y1KxDcVKdBJj |
MD5: | FA46AB7E9BCF97E847F3322DB66934B8 |
SHA1: | 49552871F35929703C3CD5F33753436E21017849 |
SHA-256: | C1CEBB10D75BF73B1B70A7855F8EC4923B79BD07EA173CB98395C0969369AE0F |
SHA-512: | FD5320F3AA7B95C4D9340BAF9358215D08AF44F6A0BEE8A9764E07FA897B4B6FA2E493B87FAF454D1A957B1F95A3CA02854BE2E892471416C046D755BDB8423B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.073206673156649 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryyHak7YnqqpQPN5Dlq5J:+RI+ycuZhNYHakSpQPNnqX |
MD5: | 5D58A66193F5DD7122F936E757049652 |
SHA1: | 21888C5F01076812CAB34CA539D7AFF39C3B8C91 |
SHA-256: | 0735A78CEDD997EA2580034E6867C7010C496B55B3A12DADD449C590F098EDA2 |
SHA-512: | 5F45E1D4529795A6627FF8BA212FEC06B42F660D23AF9F53AC57AACD0C5D3C51056CC1B2722AD7AA35EC4CDC8C6531A656AEDA2F28501F112037A71522FC3D80 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 395 |
Entropy (8bit): | 5.011724479977666 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZFMRSRa+eNMjSSRrh+SRNdDQaAntHQy:V/DTLDfuHV9eg5rh14aAntwy |
MD5: | B1DA1EF961AA0CE50C236459261D955A |
SHA1: | 99CF19F188248557193608FE42C1CB88FCF234E1 |
SHA-256: | 139659D9C1D794242DE8DEFB1E33C785B3B63A691230874656B2B1AFC9E0B26B |
SHA-512: | 27C4E9D4D1926A87EB5A2CAFD768D80A9D566C5FE9C7EB17F87453698415B30E251816738388C3171519A74B20AB0919C47C04A1E6CF9E1D82547540DF5E1682 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 371 |
Entropy (8bit): | 5.151296249516787 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fGYJ/fJrGzxs7+AEszI923fGYJ/fJrb:p37Lvkmb6KzuYJ/fJrGWZE2uYJ/fJrb |
MD5: | C5EAA36B02E3E42DCAC19315987BD2BF |
SHA1: | 9E911AD12F0713B3E5C501D19BB86C77472FD22D |
SHA-256: | AA30E86130161DA18E4EB94BB2F46B956D4A23C1359588276525791FED359947 |
SHA-512: | 1763E1B034A500C4556525E5CCFE1839BC4F342441CC0AD54EEC4F917C0B3ADA905168E8BBFA1447050F154A37F0FBD27945075CB5ADDBEC4A71F41D3C142D5E |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.5996985608858223 |
Encrypted: | false |
SSDEEP: | 24:etGS0/W2dg85xyFODuhxkXdWXoWtkZfOnXF+WI+ycuZhNYHakSpQPNnq:6lkb5xykIktWEJOn1l1ulGa3Cq |
MD5: | 49B131E65B23D979BA7ED017BA9C7F61 |
SHA1: | E4F38CA7AD5EE7CDD3755D0AF594DCE2EBB29035 |
SHA-256: | EDAB1CDD86EBBB84944E94F478BFADF9B7704336C65BE2CF7EF74A2691261512 |
SHA-512: | 45C0B537C27F0694CD6C31481830D1BB220475DD1638B2A19E4635B90D27CD4BCDF3FD44E5165317C78819FB2700969F759254148F7D13E96999F8F2E577FB7D |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 868 |
Entropy (8bit): | 5.289875059357362 |
Encrypted: | false |
SSDEEP: | 12:xKIR37Lvkmb6KzuYJ/fJrGWZE2uYJ/fJraKaMK4BFNn5KBZvK2wo8dRSgarZucvs:AId3ka6KzZE2gKaM5DqBVKVrdFAMBJTH |
MD5: | 5520D1A07EE800264B0E26905CDD21F1 |
SHA1: | AB2EBB2894E8B4D6800436C7D1678737430BB273 |
SHA-256: | 5658F5CB41F431B1472EEF88932E02DEF879A12362D986DFD847F6E7EEA41DA8 |
SHA-512: | 7C9DB98B82C608CC22A132923F42F1358B08776A033B012C06BFF2B747C28CB72B1C05C13DFA12DFC4E66A1A2F14F614F74329B0BE67CD2086A92D1B1B4A04F2 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0739498574927255 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grywak7Ynqq2PN5Dlq5J:+RI+ycuZhN+akS2PNnqX |
MD5: | 2C961A918364FF38854F8EC54AF4945F |
SHA1: | B0B1AF0532EAC84BAF2E604E3FF19E39D365B473 |
SHA-256: | 501BAEF967AAD4AB2AA2F5BFC768E871A8E98381C5AA409ADBCA5E31538DF8F1 |
SHA-512: | 11EB0EDBDBB19470C827A85E25BDD9989476E58B9E6074C91DD38CCEDD5935B7F23D842A1CFE1E852E6044E385DFDEC0C6B65800FFE5F07813171650BA8F48D7 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 414 |
Entropy (8bit): | 5.049516587690195 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJwMRSR7a1f892RV9SRa+rVSSRnA/fsTfaskNDVzy:V/DTLDfuEB92Ru9rV5nA/ETf5EDVzy |
MD5: | 66D77EA7A947B910D56CFB0FC4B85BE6 |
SHA1: | 9D503A2C0DDAEE23A81802CA8444D8B7039ECE6B |
SHA-256: | 66E86036222F5D3B474370BBBA04C4A7DECC42D05D25675846CBA63F16877D8B |
SHA-512: | A53181798E577ABD31EE4063903E62171903B369B4FF26C337CC0108BE8883BEE39000A858FB24E92D13CDB89EF5782AADF06B7BD6807DD2D46458F813EE772B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 371 |
Entropy (8bit): | 5.199068343906432 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fjoQ0zxs7+AEszI923fjoG:p37Lvkmb6KzLorWZE2LoG |
MD5: | 30EEDF26D86038CE52442382C4102198 |
SHA1: | CF34BD8F77949FE161B5776819A519BE39E881D4 |
SHA-256: | 4FB991BB47038A3CE9017D5F7A9C5AF7437683FB51BD2FD9CE697EF26221ABB7 |
SHA-512: | 2BC5537B7D3744A654F9E7D7F13A1C1FCA8FD587700BA36940EE021FC814C82C1ED2E07A9296CFF6754E04C199A3830B11B01A8666565CF657157B0CA7BFECC2 |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.634144238857034 |
Encrypted: | false |
SSDEEP: | 24:etGSM8+mUE7R85z7woel/gNE4/eiDPtkZfjgOTrYu3DZ0WI+ycuZhN+akS2PNnq:62XE7S5gG8iyJjg49ZX1ul+a3Kq |
MD5: | 833C125BC415845EE1B8A822DC088C02 |
SHA1: | D6A1176ACF053B03DA6D519EAB4EB7017B48A0E8 |
SHA-256: | 996E609A3921946330E840406C64CD8F7AB162B88504BCE05DCA581E264CD7E3 |
SHA-512: | 000291790C6E39E5F6D5AA5D4F3C5B2C27C411089C4AA55F7FB26E44B7C00E079F7E9B16F5ECFE20253256C51FF572414ECAA138F75C19A0657B2562733D01B4 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 868 |
Entropy (8bit): | 5.305483822092941 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KzLRE2LIKaM5DqBVKVrdFAMBJTH:Akka6aLRE2LIKxDcVKdBJj |
MD5: | F92374784F54FAECD630C33FDA8432E7 |
SHA1: | D7EE4FE021D3E360ABE78C8F6D8F0669ADBB8226 |
SHA-256: | 6D480811F8E381CACFDB17A10A0FDA08081AF31457C33DD74AE5E466667863C9 |
SHA-512: | 48ABFF4108A6A3B8D2E38632EF7120BB65D6C0BB124D414B3FFF6B6DF64B914BFD926E3F759B4F05C5CF1598CE47D004E24D77C3A5DD504C74D563D917B61394 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0937098411846407 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryglcak7Ynqq7lxPN5Dlq5J:+RI+ycuZhNqlcakS7lxPNnqX |
MD5: | 7BB8DBEA1D7CC9AE6DD3C9DDACDD5B05 |
SHA1: | 70F372DC7BEC4258A118B2994CF727706C637A6F |
SHA-256: | 7E32817C8D9513A2384D66358662E876E51F86C98ED88DCEF8600E517D18EE4B |
SHA-512: | 854DF89436FA8D435CFFA8AD3849731BDF6C1DC51ABCB702C67966E54952001EF34C86E6C44F4FB255A4B709C3E71DE9BBC99C82BDE9E997E39810C8F1B55B75 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 414 |
Entropy (8bit): | 5.049516587690195 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJwMRSR7a1f892RV9SRa+rVSSRnA/fsTfaskNDVzy:V/DTLDfuEB92Ru9rV5nA/ETf5EDVzy |
MD5: | 66D77EA7A947B910D56CFB0FC4B85BE6 |
SHA1: | 9D503A2C0DDAEE23A81802CA8444D8B7039ECE6B |
SHA-256: | 66E86036222F5D3B474370BBBA04C4A7DECC42D05D25675846CBA63F16877D8B |
SHA-512: | A53181798E577ABD31EE4063903E62171903B369B4FF26C337CC0108BE8883BEE39000A858FB24E92D13CDB89EF5782AADF06B7BD6807DD2D46458F813EE772B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 371 |
Entropy (8bit): | 5.193724877080382 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fkosQoOUzxs7+AEszI923fkosQoM:p37Lvkmb6KzPxUWZE2PL |
MD5: | B5A546325FF70B405A6EDD0E5B93A5B0 |
SHA1: | 1E9346960956AE815C2BDA5EC359E6D535A870FE |
SHA-256: | D00CA81D76135390A9D1558CDE7562A4BE918C9DE9777A71881B6454A3ECE403 |
SHA-512: | 11A099697D3417B2E47DABAA93C85D5EE6B3096F48B44B1EE1B37A822EC78DC8B04AD599CFA641FAECB6FC951C9E0F5916A938BA84A09F026EEF36F00494BE6D |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6346506026861856 |
Encrypted: | false |
SSDEEP: | 24:etGSR8+mUE7R85z7woel/gXxp4/eiDPtkZf/mB5DZ0WI+ycuZhNqlcakS7lxPNnq:6nXE7S5gGBbiyJ/mBxZX1ulqaa37Bq |
MD5: | 32F1B9D17FF5CE273F76E691A3957DA8 |
SHA1: | 3233B9F58DAA9DF48B43342EE29CC6AD6B8D4178 |
SHA-256: | 81BBAACB864F40359F08B4E22970E88F040D833B132CF5E48765A22CEE909384 |
SHA-512: | D1B55F658650A21F57676944AE121C986A3FB3E6092FFACC61B59EDD5AFC7F695F6292C8AB281AF716B88DDAB7BCCAF2DC03D1BE27CEE8C992ABCC5904D87640 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 868 |
Entropy (8bit): | 5.308132284793118 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KzPx1E2PKKaM5DqBVKVrdFAMBJTH:Akka6aPx1E2PKKxDcVKdBJj |
MD5: | 7E8A8641A737C70C899C4179EDDFC967 |
SHA1: | 3D6B8AB11FC9BF77D4395D19B1F8555B94768BB2 |
SHA-256: | 542B3D61A71514E012405F6DA07489BEEAEC5F0454D4CB25967E2BABCC896873 |
SHA-512: | 681789A5B72DA601257B45D36839BC0D1F422AE4B440D2A467ECD19552A2A8E00D8D686EE3B835508026643F184F955F221A4EBFC86DD02BDC111C966CEEC55A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 395 |
Entropy (8bit): | 5.011724479977666 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZFMRSRa+eNMjSSRrh+SRNdDQaAntHQy:V/DTLDfuHV9eg5rh14aAntwy |
MD5: | B1DA1EF961AA0CE50C236459261D955A |
SHA1: | 99CF19F188248557193608FE42C1CB88FCF234E1 |
SHA-256: | 139659D9C1D794242DE8DEFB1E33C785B3B63A691230874656B2B1AFC9E0B26B |
SHA-512: | 27C4E9D4D1926A87EB5A2CAFD768D80A9D566C5FE9C7EB17F87453698415B30E251816738388C3171519A74B20AB0919C47C04A1E6CF9E1D82547540DF5E1682 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 371 |
Entropy (8bit): | 5.2527558218035555 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923f6LKafLXzxs7+AEszI923f6LKafLSn:p37Lvkmb6KzSOafrWZE2SOafGn |
MD5: | 0E1A4FB543233681B29500DF56AA6F57 |
SHA1: | 8184927FBC93A8FCE2FD8CDCEC13AC2F88FB8306 |
SHA-256: | EADB21BF3DAE2990213DE43C3E98CBAA88F21623B1B6A918BEE662FEEFB42507 |
SHA-512: | 8B62C9B1DE30ABD20A4C74F4D9697A9E681275136986C384D12084DE41FB94DC7FB8C843E9AF851B0576CF89C26D7A127FC9B966BCDC953F89C0F9F956BAAAFC |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 868 |
Entropy (8bit): | 5.3183379397344765 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KzSOafIE2SOafGuKaM5DqBVKVrdFAMBJTH:Akka6aSOeIE2SOeHKxDcVKdBJj |
MD5: | 7241074EE55D01DA6C48E3A1DED01E88 |
SHA1: | 8221789569283A548A8860B38CE838E40150866B |
SHA-256: | FAF7AEF162FB9D7E43C8A189411C11D62BB1990731351E8520ED648937EE5A97 |
SHA-512: | B7EF07709729A576FE4718BCA73B0CB499EBB5FEDF2323101207C6D4C5A9A41F64137EF3FA75F502B59CF391C85D65F5E70EB1AE0A46E787C83DC4A0268271BC |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.109921450738045 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grydThak7YnqqsTGPN5Dlq5J:+RI+ycuZhNtakS7PNnqX |
MD5: | 1DF567DCC97B0A7A089824364B677531 |
SHA1: | F78BFB839164EEA3C6373359223DF1E347ABAAF3 |
SHA-256: | E9775CAE51FE4CF3AE6BD9573077DBCB268034D0940A69E9E8020305F210E05E |
SHA-512: | EA75DC230C2B40003F3FB9ECBB6252FF72AFAC23751E0FA6C72C006A435CECCC93D70F245302BD2402B161D11FDE48F521138FDC6348DD7F8ECC8CEFAB23BC05 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 414 |
Entropy (8bit): | 5.049516587690195 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJwMRSR7a1f892RV9SRa+rVSSRnA/fsTfaskNDVzy:V/DTLDfuEB92Ru9rV5nA/ETf5EDVzy |
MD5: | 66D77EA7A947B910D56CFB0FC4B85BE6 |
SHA1: | 9D503A2C0DDAEE23A81802CA8444D8B7039ECE6B |
SHA-256: | 66E86036222F5D3B474370BBBA04C4A7DECC42D05D25675846CBA63F16877D8B |
SHA-512: | A53181798E577ABD31EE4063903E62171903B369B4FF26C337CC0108BE8883BEE39000A858FB24E92D13CDB89EF5782AADF06B7BD6807DD2D46458F813EE772B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 371 |
Entropy (8bit): | 5.222902776745778 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fhQHgUzxs7+AEszI923fhQHs9:p37Lvkmb6Kz5QHDWZE25QHs9 |
MD5: | 06D22660044726226847AB9E405CDCA3 |
SHA1: | 0FB2A0C3CFCD8C7F2B1DDBB956ABDABBFA1CB06D |
SHA-256: | EE83EE6D67E2174D63373BE421E6411D81997D2C20B757074BED1C71EC273790 |
SHA-512: | 5A6F2E94B557B234CC1E12BF643048A3A797453ECF8885F6D44B8CD4B2415330C9C4A95E0CFEF4BEB30E5165CE630D4F0805195BD16BAE7FE6FA84374814475F |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6349672358126073 |
Encrypted: | false |
SSDEEP: | 24:etGSD8+mUE7R85z7woel/gx4/eiDPtkZfZzwLDZ0WI+ycuZhNtakS7PNnq:6BXE7S5gGjiyJZzwZX1ulta3xq |
MD5: | 90EE0F91FF3E5AC8250C42785D163FB7 |
SHA1: | 13276BD1000D8F797C73C9B4BCA08127868C1EC9 |
SHA-256: | E7251525735F9C3302CDE3DBF5F1796096283241712C20F38F5C4F64EA73070D |
SHA-512: | 921B418BE5E4FC2F4D49CBCE1B323721E125F50C832A8E5A66037C7EB41230D29113DA342EF0A050A0DD9423A3AE96562D67682CF84D06DF77001A879A5B6E49 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 868 |
Entropy (8bit): | 5.320077744261521 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KzXE2V4KaM5DqBVKVrdFAMBJTH:Akka6aXE2V4KxDcVKdBJj |
MD5: | 5D4927D1B228C0B04BE990A5CF5142D1 |
SHA1: | BA0F046F862F9C11763D08A4CF8D3920EA250AD1 |
SHA-256: | 4C6B817FC7F440DE8C31AD988B1CCEA218531E2BCC2FDDBBF79F1AC6EA07E95E |
SHA-512: | 94F287FF11ACB9E1772EF97E61C2B408DC85086F92DCBDECB69D6180F67EC2F3DCD7BAED33CCDB9E8F2CD507E458D07298962F8C62B481AEA9F39B293C0BDE9D |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 395 |
Entropy (8bit): | 5.011724479977666 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJZFMRSRa+eNMjSSRrh+SRNdDQaAntHQy:V/DTLDfuHV9eg5rh14aAntwy |
MD5: | B1DA1EF961AA0CE50C236459261D955A |
SHA1: | 99CF19F188248557193608FE42C1CB88FCF234E1 |
SHA-256: | 139659D9C1D794242DE8DEFB1E33C785B3B63A691230874656B2B1AFC9E0B26B |
SHA-512: | 27C4E9D4D1926A87EB5A2CAFD768D80A9D566C5FE9C7EB17F87453698415B30E251816738388C3171519A74B20AB0919C47C04A1E6CF9E1D82547540DF5E1682 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 371 |
Entropy (8bit): | 5.255365080899839 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fiVCWzxs7+AEszI923fiVCr:p37Lvkmb6KzKVCWWZE2KVCr |
MD5: | 7C6E6D084FD264B37BCD7CC2BFAF1523 |
SHA1: | 197FBFFC51C699B27EB6EB0C914E044103B1503E |
SHA-256: | 1EAA871B794C66E8F63C4EAC98E9110E562B64B2C81CE1F4B380ACF378EA0BB1 |
SHA-512: | 51B70D5DB9523935220EBD45501021056DEC17D6CFD1A016FF19060E8B5980E809F468D040F06ADBF8F013093301D2106286136F2F818153CC127E9AA3442277 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 868 |
Entropy (8bit): | 5.335054980168907 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KzKwnE2KwqKaM5DqBVKVrdFAMBJTH:Akka6aPE2iKxDcVKdBJj |
MD5: | D25692BE4A7B9E0D1859FED2E0B81B64 |
SHA1: | 5686819FE68A92F329686AEDF4CDD3CC8DA92609 |
SHA-256: | D1260E5FC02624D38E533E5DB33FC83912F8A907509D4C1809BAB069CDDB8912 |
SHA-512: | 3560116FF740032B6B93CA22BDB32481B7CDEFEAC20A1577F1B95FD465B04F5281AED4F4DFD25C3B5CABEF38073ED50421991A8D62B3E22E7B62FE47CD62CB5D |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1139785671928237 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryGak7Ynqq0PN5Dlq5J:+RI+ycuZhNoakS0PNnqX |
MD5: | 74AC8729B044EF3E55CA0A024EFF165F |
SHA1: | CBFB0EA2703141E51FB43DA9F9288DA871566FB7 |
SHA-256: | C9AF660105465928BE198DBDEB8D4BE5BA9D1B3048299AEB4CA1678D0E829480 |
SHA-512: | E4B800C3568143FB841E0B86831C9ECFE1165EB81A17A885755C419CE4DA1E9CAEEA927893336E8F5F0EADACA2295DB5AA983F18D8E2E48A71846F4BFC87BFCA |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 414 |
Entropy (8bit): | 5.049516587690195 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJwMRSR7a1f892RV9SRa+rVSSRnA/fsTfaskNDVzy:V/DTLDfuEB92Ru9rV5nA/ETf5EDVzy |
MD5: | 66D77EA7A947B910D56CFB0FC4B85BE6 |
SHA1: | 9D503A2C0DDAEE23A81802CA8444D8B7039ECE6B |
SHA-256: | 66E86036222F5D3B474370BBBA04C4A7DECC42D05D25675846CBA63F16877D8B |
SHA-512: | A53181798E577ABD31EE4063903E62171903B369B4FF26C337CC0108BE8883BEE39000A858FB24E92D13CDB89EF5782AADF06B7BD6807DD2D46458F813EE772B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 371 |
Entropy (8bit): | 5.28862302275331 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fPt10zxs7+AEszI923fPtdx:p37Lvkmb6KzMWZE2p |
MD5: | FEC723AE4CE1D4A72A48375DAE57F152 |
SHA1: | 7D0E0234A688710DE2AFE91CBDAA0F7EDC5449C4 |
SHA-256: | AF7C1A6DBC10AA5EBB5D72297108D245410FB5FB55D48E3386E4799963732300 |
SHA-512: | F018829EA6161344C82F9D46ADA4599BD8C86390DDA4048A59359DB7CC7DDCC052E55B8F893292408EE8D11F5C956A14B79279F119039E799C97D3B6EC77FA6C |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.64310436733059 |
Encrypted: | false |
SSDEEP: | 24:etGSR8+mUE7R85z7woel/gYp94/eiDPtkZfEPFXmSDZ0WI+ycuZhNoakS0PNnq:6nXE7S5gGYpXiyJmFXm0ZX1uloa3Uq |
MD5: | E78B4F20C9C3ECDFAADE20B23787EBCB |
SHA1: | B89C1EC666680DA7AB129A0F5E9A593625D94201 |
SHA-256: | 0CF920EAE8AD9733EB1FEAE76CAE748499E334BD5AF3B8E6F0D1940810C3D7F2 |
SHA-512: | 87CA675464DED2449A4BC6AD61202FA04F00D1AF173D1BF3E471CC5413A85C204EA967C27177FC37A4E80B7E5E31258FA41C0081FF35638F42CC28429D3AC532 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 868 |
Entropy (8bit): | 5.348694375232745 |
Encrypted: | false |
SSDEEP: | 12:xKIR37Lvkmb6KzMWZE2sKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:AId3ka6Kz9E2sKaM5DqBVKVrdFAMBJTH |
MD5: | D86ACBAA58E203B2849D410C07220578 |
SHA1: | 22F3A10EF4FB73B6A76D6FA4C6DCC7D8E6842A83 |
SHA-256: | 9FEC93CFFFF08573DED5958B966582FAC2EB57E68469BF94850C73385625AB86 |
SHA-512: | 4C56050C5B07C3C13FEFCF808D5E9B28BDC724255406C6A01167949E7E036623E544F32E2B6C16526B4A02BFB52F3DD887F5F362AB856BB5679834C87A68524B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1359 |
Entropy (8bit): | 5.406002359282101 |
Encrypted: | false |
SSDEEP: | 24:BxSAPzDvBB/x2DOXUWnpLCHm4XWUHjeTKKjX4CIym1ZJXXB/pLCHm4StnxSAZ7t:BZP/v//oOHKm4GUqDYB1Z9B/Km4SRZZR |
MD5: | 51B9F4D065CD36EEB47C62B81AFB7F06 |
SHA1: | BCFD8E1BD2F58F4F3F3150F672857CF45E23BC2A |
SHA-256: | FAF75023385D35770B9D01F760C1876E1E25445A6D9C839CDAE71091453519F8 |
SHA-512: | 2BC504F6988648C5FA1DEF96CA3B22A0CC01AD926334F4FB0271D0FA324304F00CF6FBEE76A575C72EFF27D6C4C45BC19DB97E463E175CC38B6793219BD020E6 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1359 |
Entropy (8bit): | 5.403706904252732 |
Encrypted: | false |
SSDEEP: | 24:BxSAPzDvBB/x2DOXUWnpLCHm4XWiHjeTKKjX4CIym1ZJXXJpLCHm4StOnxSAZ7iq:BZP/v//oOHKm4GiqDYB1Z9JKm4SaZZ7d |
MD5: | 7291ABA011A1193C203450F5D3512461 |
SHA1: | 310F781764BB9AC8A8D3B7F14E38AD05EE18730C |
SHA-256: | 0FA2BD16F02EEC7CA811D01D14782EC171D0A7E6AC1C4439C87B2E6A0C6536C4 |
SHA-512: | C2BAB621C1E45A10BEC063ED6F84F63BD94D8533B83FC22A552BA35791A25B0254CF95F3341DC46CE4C6ED63D9698E2114A4A17D3F25BC38B6305B5A257955D9 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1146 |
Entropy (8bit): | 5.544628786712 |
Encrypted: | false |
SSDEEP: | 24:BxSAPJDvBB/x2DOXUWnpLCHm4XW/HjeTKKjX4CIym1ZJXX7pLCHm4v:BZPhv//oOHKm4G/qDYB1Z97Km4v |
MD5: | E0C308808C66AB01D5B3EF7C3856B1D5 |
SHA1: | 13F36AB3AAEA583989B9C72E15A29F8F49EC8B2A |
SHA-256: | EA41567677F8A22C46060C26ACB8AE2B68B789283782A6096F264A4DBF25468D |
SHA-512: | 3EF71D741446DA480EEA5ECDDF428571059A11C2516C8287FA5A891426E1014D9C41649F5D1912D748379F93468DD1C7EB8A9AC14CCD3FFEFBF292E3C707EE4E |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1146 |
Entropy (8bit): | 5.542879881063877 |
Encrypted: | false |
SSDEEP: | 24:BxSAPzDvBB/x2DOXUWnpLCHm4XWnHjeTKKjX4CIym1ZJXXB/pLCHm4v:BZP/v//oOHKm4GnqDYB1Z9B/Km4v |
MD5: | 635442A47792E7CA6AB6C67E60181544 |
SHA1: | 1476DE8E879BA1B92742F3F951AECE56DE2A882A |
SHA-256: | C9026B19F44A3E5A20EA9A2F355703C5BC988246CC98D0EE2228333766324050 |
SHA-512: | 6621F0DB6601D61F5736EB95425F4590ADB546FA422ACC627F4A26544387BA9F274D9A5B13E54DA30228EEBD8EB4DE76CE125A435080D46A6FC5A502FAF2646F |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.270863171013114 |
TrID: |
|
File name: | 6.dll |
File size: | 1781920 |
MD5: | ac57d694b86d8532b38d3d62f6de3afc |
SHA1: | c858ec742ba91bf8c139b7bb654ca2d67747c5ef |
SHA256: | fa668d1a58b3b92d9c1b9a740facfaebb35dd723deaf5a3833592208a8a47e5e |
SHA512: | cd9635d667a43c0d6715ec05c114c424b3f1292d7997c8d6c86f937ff81a08262763d33621c7d75d3c2a5fac75b58c71489fe3360fd4a2d6c804e7a72a06683b |
SSDEEP: | 49152:JOMo8UQw8MT8UQw8MT8UQw8MT8UQw8MT8UQw8MT8UQw8Mc:xo8UQw8MT8UQw8MT8UQw8MT8UQw8MT8Z |
File Content Preview: | MZ......................................................................!..L.!This .ro.ra. cannot be run in DOS m.de....$.......PE..L...[..a...........!....................................................................................................V.. |
File Icon |
---|
Icon Hash: | 82b0f4c6d2c66cb1 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1001f3fe |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | |
Time Stamp: | 0x61B6D25B [Mon Dec 13 04:55:55 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 90a569c76737ac6eae14ae164dabea89 |
Authenticode Signature |
---|
Signature Valid: | false |
Signature Issuer: | CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 8E8056A2284F0304445ED325353454BF |
Thumbprint SHA-1: | E16BB6EE4ED3935C46C356D147E811286BA4BBFE |
Thumbprint SHA-256: | 968F9536C18A4475095B37792855AA62306275DEC05BD72F21653C98026CFC4E |
Serial: | 038EDB2FC6E405731A760F1516144C85 |
Entrypoint Preview |
---|
Instruction |
---|
mov ebx, edi |
or ebx, edi |
jmp 00007FD68CC158E2h |
ret |
ret |
pop ecx |
push esi |
pop ebx |
ret |
mov edi, dword ptr [1000335Ch] |
call 00007FD68CC147C8h |
mov esp, dword ptr [ebp-18h] |
mov word ptr [100030FCh], es |
mov ecx, dword ptr [ebp-04h] |
lea ebp, dword ptr [esp+10h] |
int3 |
int3 |
push ebp |
push edi |
mov dword ptr [10003120h], eax |
push eax |
je 00007FD68CC144B6h |
int3 |
mov dword ptr fs:[00000000h], ecx |
mov eax, dword ptr [ebp+0Ch] |
mov ecx, edi |
push eax |
jmp dword ptr [100040BCh] |
add ecx, eax |
mov eax, dword ptr [ecx] |
cmp edi, ecx |
mov eax, dword ptr [ecx] |
push 10000000h |
mov eax, dword ptr [ebp-14h] |
push 00000000h |
push 1001E268h |
ret |
xor esi, esi |
xor esi, esi |
xor esi, esi |
pop eax |
int3 |
int3 |
int3 |
mov esp, dword ptr [ebp-18h] |
int3 |
jmp dword ptr [10004078h] |
pop ebx |
sete cl |
call 00007FD68CC14373h |
int3 |
mov ecx, edi |
ret |
jmp dword ptr [1000406Ch] |
ret |
call 00007FD68CC1407Ch |
int3 |
int3 |
mov word ptr [100030F8h], fs |
cmp dword ptr [10003010h], 00000000h |
int3 |
int3 |
int3 |
call 00007FD68CC1453Fh |
int3 |
int3 |
mov ebp, esp |
push dword ptr [ebp+08h] |
int3 |
sub al, cl |
jmp 00007FD68CC170D8h |
int3 |
int3 |
int3 |
push eax |
mov dword ptr [ebp-04h], eax |
int3 |
cmp dword ptr [00000000h], 00000000h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x1cff0 | 0x56 | .text |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x43d04 | 0xb4 | .data |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x47000 | 0x16f8e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1b1800 | 0x18a0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1b7000 | 0x6ec | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x28d06 | 0x27c | .data |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x26ec0 | 0x24800 | False | 0.516815603596 | data | 5.50396706074 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x28000 | 0x1e4fe | 0x1be00 | False | 0.057858043722 | data | 6.06796420192 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x47000 | 0x16f8e8 | 0x16fa00 | False | 0.218529518021 | data | 4.81717219526 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1b7000 | 0x6ec | 0x800 | False | 0.75 | data | 6.07315256741 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x4af70 | 0x668 | data | English | United States |
RT_ICON | 0x4b5d8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x4b8c0 | 0x1e8 | data | English | United States |
RT_ICON | 0x4baa8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x4bbd0 | 0xea8 | data | English | United States |
RT_ICON | 0x4ca78 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x4d320 | 0x6c8 | data | English | United States |
RT_ICON | 0x4d9e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x4df50 | 0x25a8 | data | English | United States |
RT_ICON | 0x504f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x515a0 | 0x988 | data | English | United States |
RT_ICON | 0x51f28 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x52390 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x647b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x693e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x6d608 | 0x25a8 | data | English | United States |
RT_ICON | 0x6fbb0 | 0x10a8 | data | English | United States |
RT_ICON | 0x70c58 | 0xeb0 | data | English | United States |
RT_ICON | 0x71b08 | 0x988 | data | English | United States |
RT_ICON | 0x72490 | 0x6b8 | data | English | United States |
RT_ICON | 0x72b48 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x72fb0 | 0x668 | data | English | United States |
RT_ICON | 0x73618 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x73900 | 0x1e8 | data | English | United States |
RT_ICON | 0x73ae8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x73c10 | 0xea8 | data | English | United States |
RT_ICON | 0x74ab8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x75360 | 0x6c8 | data | English | United States |
RT_ICON | 0x75a28 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x75f90 | 0x25a8 | data | English | United States |
RT_ICON | 0x78538 | 0x10a8 | data | English | United States |
RT_ICON | 0x795e0 | 0x988 | data | English | United States |
RT_ICON | 0x79f68 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x7a3d0 | 0x668 | data | English | United States |
RT_ICON | 0x7aa38 | 0x2e8 | data | English | United States |
RT_ICON | 0x7ad20 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x7ae48 | 0xea8 | data | English | United States |
RT_ICON | 0x7bcf0 | 0x8a8 | data | English | United States |
RT_ICON | 0x7c598 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x7cb00 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x81030 | 0x25a8 | data | English | United States |
RT_ICON | 0x835d8 | 0x10a8 | data | English | United States |
RT_ICON | 0x84680 | 0x988 | data | English | United States |
RT_ICON | 0x85008 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x85470 | 0x668 | data | English | United States |
RT_ICON | 0x85ad8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x85dc0 | 0x1e8 | data | English | United States |
RT_ICON | 0x85fa8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x860d0 | 0xea8 | data | English | United States |
RT_ICON | 0x86f78 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x87820 | 0x6c8 | data | English | United States |
RT_ICON | 0x87ee8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x88450 | 0x25a8 | data | English | United States |
RT_ICON | 0x8a9f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x8baa0 | 0x988 | data | English | United States |
RT_ICON | 0x8c428 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x8c890 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x9ecb8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0xa38e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0xa7b08 | 0x25a8 | data | English | United States |
RT_ICON | 0xaa0b0 | 0x10a8 | data | English | United States |
RT_ICON | 0xab158 | 0xeb0 | data | English | United States |
RT_ICON | 0xac008 | 0x988 | data | English | United States |
RT_ICON | 0xac990 | 0x6b8 | data | English | United States |
RT_ICON | 0xad048 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xad4b0 | 0x668 | data | English | United States |
RT_ICON | 0xadb18 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xade00 | 0x1e8 | data | English | United States |
RT_ICON | 0xadfe8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xae110 | 0xea8 | data | English | United States |
RT_ICON | 0xaefb8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xaf860 | 0x6c8 | data | English | United States |
RT_ICON | 0xaff28 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb0490 | 0x25a8 | data | English | United States |
RT_ICON | 0xb2a38 | 0x10a8 | data | English | United States |
RT_ICON | 0xb3ae0 | 0x988 | data | English | United States |
RT_ICON | 0xb4468 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb48d0 | 0x668 | data | English | United States |
RT_ICON | 0xb4f38 | 0x2e8 | data | English | United States |
RT_ICON | 0xb5220 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb5348 | 0xea8 | data | English | United States |
RT_ICON | 0xb61f0 | 0x8a8 | data | English | United States |
RT_ICON | 0xb6a98 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb7000 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0xbb530 | 0x25a8 | data | English | United States |
RT_ICON | 0xbdad8 | 0x10a8 | data | English | United States |
RT_ICON | 0xbeb80 | 0x988 | data | English | United States |
RT_ICON | 0xbf508 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xbf970 | 0x668 | data | English | United States |
RT_ICON | 0xbffd8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xc02c0 | 0x1e8 | data | English | United States |
RT_ICON | 0xc04a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc05d0 | 0xea8 | data | English | United States |
RT_ICON | 0xc1478 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xc1d20 | 0x6c8 | data | English | United States |
RT_ICON | 0xc23e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc2950 | 0x25a8 | data | English | United States |
RT_ICON | 0xc4ef8 | 0x10a8 | data | English | United States |
RT_ICON | 0xc5fa0 | 0x988 | data | English | United States |
RT_ICON | 0xc6928 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc6d90 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0xd91b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0xddde0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0xe2008 | 0x25a8 | data | English | United States |
RT_ICON | 0xe45b0 | 0x10a8 | data | English | United States |
RT_ICON | 0xe5658 | 0xeb0 | data | English | United States |
RT_ICON | 0xe6508 | 0x988 | data | English | United States |
RT_ICON | 0xe6e90 | 0x6b8 | data | English | United States |
RT_ICON | 0xe7548 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xe79b0 | 0x668 | data | English | United States |
RT_ICON | 0xe8018 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xe8300 | 0x1e8 | data | English | United States |
RT_ICON | 0xe84e8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xe8610 | 0xea8 | data | English | United States |
RT_ICON | 0xe94b8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xe9d60 | 0x6c8 | data | English | United States |
RT_ICON | 0xea428 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xea990 | 0x25a8 | data | English | United States |
RT_ICON | 0xecf38 | 0x10a8 | data | English | United States |
RT_ICON | 0xedfe0 | 0x988 | data | English | United States |
RT_ICON | 0xee968 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xeedd0 | 0x668 | data | English | United States |
RT_ICON | 0xef438 | 0x2e8 | data | English | United States |
RT_ICON | 0xef720 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xef848 | 0xea8 | data | English | United States |
RT_ICON | 0xf06f0 | 0x8a8 | data | English | United States |
RT_ICON | 0xf0f98 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf1500 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0xf5a30 | 0x25a8 | data | English | United States |
RT_ICON | 0xf7fd8 | 0x10a8 | data | English | United States |
RT_ICON | 0xf9080 | 0x988 | data | English | United States |
RT_ICON | 0xf9a08 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf9e70 | 0x668 | data | English | United States |
RT_ICON | 0xfa4d8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xfa7c0 | 0x1e8 | data | English | United States |
RT_ICON | 0xfa9a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xfaad0 | 0xea8 | data | English | United States |
RT_ICON | 0xfb978 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xfc220 | 0x6c8 | data | English | United States |
RT_ICON | 0xfc8e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xfce50 | 0x25a8 | data | English | United States |
RT_ICON | 0xff3f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x1004a0 | 0x988 | data | English | United States |
RT_ICON | 0x100e28 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x101290 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x1136b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x1182e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x11c508 | 0x25a8 | data | English | United States |
RT_ICON | 0x11eab0 | 0x10a8 | data | English | United States |
RT_ICON | 0x11fb58 | 0xeb0 | data | English | United States |
RT_ICON | 0x120a08 | 0x988 | data | English | United States |
RT_ICON | 0x121390 | 0x6b8 | data | English | United States |
RT_ICON | 0x121a48 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x121eb0 | 0x668 | data | English | United States |
RT_ICON | 0x122518 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x122800 | 0x1e8 | data | English | United States |
RT_ICON | 0x1229e8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x122b10 | 0xea8 | data | English | United States |
RT_ICON | 0x1239b8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x124260 | 0x6c8 | data | English | United States |
RT_ICON | 0x124928 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x124e90 | 0x25a8 | data | English | United States |
RT_ICON | 0x127438 | 0x10a8 | data | English | United States |
RT_ICON | 0x1284e0 | 0x988 | data | English | United States |
RT_ICON | 0x128e68 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1292d0 | 0x668 | data | English | United States |
RT_ICON | 0x129938 | 0x2e8 | data | English | United States |
RT_ICON | 0x129c20 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x129d48 | 0xea8 | data | English | United States |
RT_ICON | 0x12abf0 | 0x8a8 | data | English | United States |
RT_ICON | 0x12b498 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x12ba00 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x12ff30 | 0x25a8 | data | English | United States |
RT_ICON | 0x1324d8 | 0x10a8 | data | English | United States |
RT_ICON | 0x133580 | 0x988 | data | English | United States |
RT_ICON | 0x133f08 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x134370 | 0x668 | data | English | United States |
RT_ICON | 0x1349d8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x134cc0 | 0x1e8 | data | English | United States |
RT_ICON | 0x134ea8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x134fd0 | 0xea8 | data | English | United States |
RT_ICON | 0x135e78 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x136720 | 0x6c8 | data | English | United States |
RT_ICON | 0x136de8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x137350 | 0x25a8 | data | English | United States |
RT_ICON | 0x1398f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x13a9a0 | 0x988 | data | English | United States |
RT_ICON | 0x13b328 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x13b790 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x14dbb8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x1527e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x156a08 | 0x25a8 | data | English | United States |
RT_ICON | 0x158fb0 | 0x10a8 | data | English | United States |
RT_ICON | 0x15a058 | 0xeb0 | data | English | United States |
RT_ICON | 0x15af08 | 0x988 | data | English | United States |
RT_ICON | 0x15b890 | 0x6b8 | data | English | United States |
RT_ICON | 0x15bf48 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x15c3b0 | 0x668 | data | English | United States |
RT_ICON | 0x15ca18 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x15cd00 | 0x1e8 | data | English | United States |
RT_ICON | 0x15cee8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x15d010 | 0xea8 | data | English | United States |
RT_ICON | 0x15deb8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x15e760 | 0x6c8 | data | English | United States |
RT_ICON | 0x15ee28 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x15f390 | 0x25a8 | data | English | United States |
RT_ICON | 0x161938 | 0x10a8 | data | English | United States |
RT_ICON | 0x1629e0 | 0x988 | data | English | United States |
RT_ICON | 0x163368 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1637d0 | 0x668 | data | English | United States |
RT_ICON | 0x163e38 | 0x2e8 | data | English | United States |
RT_ICON | 0x164120 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x164248 | 0xea8 | data | English | United States |
RT_ICON | 0x1650f0 | 0x8a8 | data | English | United States |
RT_ICON | 0x165998 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x165f00 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x16a430 | 0x25a8 | data | English | United States |
RT_ICON | 0x16c9d8 | 0x10a8 | data | English | United States |
RT_ICON | 0x16da80 | 0x988 | data | English | United States |
RT_ICON | 0x16e408 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x16e870 | 0x668 | data | English | United States |
RT_ICON | 0x16eed8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x16f1c0 | 0x1e8 | data | English | United States |
RT_ICON | 0x16f3a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x16f4d0 | 0xea8 | data | English | United States |
RT_ICON | 0x170378 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x170c20 | 0x6c8 | data | English | United States |
RT_ICON | 0x1712e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x171850 | 0x25a8 | data | English | United States |
RT_ICON | 0x173df8 | 0x10a8 | data | English | United States |
RT_ICON | 0x174ea0 | 0x988 | data | English | United States |
RT_ICON | 0x175828 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x175c90 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x1880b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x18cce0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x190f08 | 0x25a8 | data | English | United States |
RT_ICON | 0x1934b0 | 0x10a8 | data | English | United States |
RT_ICON | 0x194558 | 0xeb0 | data | English | United States |
RT_ICON | 0x195408 | 0x988 | data | English | United States |
RT_ICON | 0x195d90 | 0x6b8 | data | English | United States |
RT_ICON | 0x196448 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1968b0 | 0x668 | data | English | United States |
RT_ICON | 0x196f18 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x197200 | 0x1e8 | data | English | United States |
RT_ICON | 0x1973e8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x197510 | 0xea8 | data | English | United States |
RT_ICON | 0x1983b8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x198c60 | 0x6c8 | data | English | United States |
RT_ICON | 0x199328 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x199890 | 0x25a8 | data | English | United States |
RT_ICON | 0x19be38 | 0x10a8 | data | English | United States |
RT_ICON | 0x19cee0 | 0x988 | data | English | United States |
RT_ICON | 0x19d868 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x19dcd0 | 0x668 | data | English | United States |
RT_ICON | 0x19e338 | 0x2e8 | data | English | United States |
RT_ICON | 0x19e620 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x19e748 | 0xea8 | data | English | United States |
RT_ICON | 0x19f5f0 | 0x8a8 | data | English | United States |
RT_ICON | 0x19fe98 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1a0400 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x1a4930 | 0x25a8 | data | English | United States |
RT_ICON | 0x1a6ed8 | 0x10a8 | data | English | United States |
RT_ICON | 0x1a7f80 | 0x988 | data | English | United States |
RT_ICON | 0x1a8908 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_GROUP_ICON | 0x1a8d70 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a8e20 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a8ea4 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a8f54 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a8ff4 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a90a4 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a9128 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a91d8 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a9278 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9328 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a93ac | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a945c | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a94fc | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a95ac | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a9630 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a96e0 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a9780 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9830 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a98b4 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9964 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1a9a04 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9ab4 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1a9b38 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1a9be8 | 0xa0 | data | English | United States |
RT_VERSION | 0x1a9c88 | 0x340 | data | English | United States |
RT_VERSION | 0x1a9fc8 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1aa2c0 | 0x344 | data | English | United States |
RT_VERSION | 0x1aa604 | 0x318 | data | English | United States |
RT_VERSION | 0x1aa91c | 0x340 | data | English | United States |
RT_VERSION | 0x1aac5c | 0x2f8 | data | English | United States |
RT_VERSION | 0x1aaf54 | 0x344 | data | English | United States |
RT_VERSION | 0x1ab298 | 0x318 | data | English | United States |
RT_VERSION | 0x1ab5b0 | 0x340 | data | English | United States |
RT_VERSION | 0x1ab8f0 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1abbe8 | 0x344 | data | English | United States |
RT_VERSION | 0x1abf2c | 0x318 | data | English | United States |
RT_VERSION | 0x1ac244 | 0x340 | data | English | United States |
RT_VERSION | 0x1ac584 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1ac87c | 0x344 | data | English | United States |
RT_VERSION | 0x1acbc0 | 0x318 | data | English | United States |
RT_VERSION | 0x1aced8 | 0x340 | data | English | United States |
RT_VERSION | 0x1ad218 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1ad510 | 0x344 | data | English | United States |
RT_VERSION | 0x1ad854 | 0x318 | data | English | United States |
RT_VERSION | 0x1adb6c | 0x340 | data | English | United States |
RT_VERSION | 0x1adeac | 0x2f8 | data | English | United States |
RT_VERSION | 0x1ae1a4 | 0x344 | data | English | United States |
RT_VERSION | 0x1ae4e8 | 0x318 | data | English | United States |
RT_MANIFEST | 0x1ae800 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1aef80 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1af1c8 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1af594 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1afd7c | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b04fc | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b0744 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b0b10 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b12f8 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b1a78 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b1cc0 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b208c | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b2874 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b2ff4 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b323c | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b3608 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b3df0 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b4570 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b47b8 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b4b84 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b536c | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b5aec | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b5d34 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b6100 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
advapi32.dll | RegDeleteKeyA, RegCreateKeyExA, RegQueryValueExA, RegCloseKey, RegEnumValueA, RegSetValueExA, RegDeleteValueA, RegEnumKeyA, RegOpenKeyExA |
comctl32.dll | ImageList_Destroy, ImageList_AddMasked, ImageList_Create |
gdi32.dll | GetDeviceCaps, SetBkColor, CreateBrushIndirect, CreateFontIndirectA, SetTextColor, SetBkMode, SelectObject, DeleteObject |
kernel32.dll | GetCommandLineA, CreateThread, LoadLibraryExA, GetFullPathNameA, SetFileAttributesA, GlobalUnlock, WaitForSingleObject, GetTempPathA, GlobalAlloc, GetTempFileNameA, VirtualProtect, GetFileAttributesA, GetProcAddress, GetSystemDirectoryA, Sleep, SearchPathA, GlobalLock, GetPrivateProfileStringA, GetDiskFreeSpaceA, GetCurrentDirectoryA, MultiByteToWideChar, MulDiv, FindClose, lstrcpynA, GetVersion, MoveFileA, SetErrorMode, GetCurrentProcess, FindFirstFileA, GetShortPathNameA, ExpandEnvironmentStringsA, SetFilePointer, GetFileSize, lstrcmpiA, FreeLibrary, GetTickCount, RemoveDirectoryA, ReadFile, CreateDirectoryA, ExitProcess, FindNextFileA, SetCurrentDirectoryA, LoadLibraryA, SetFileTime, CreateFileA, lstrlenA, lstrcmpA, GetModuleHandleA, GetModuleFileNameA, DeleteFileA, WriteFile, CloseHandle, CompareFileTime, lstrcatA, GlobalFree, GetWindowsDirectoryA, WritePrivateProfileStringA, CopyFileA, CreateProcessA, GetExitCodeProcess, GetLastError |
ole32.dll | CoTaskMemFree, OleInitialize, CoCreateInstance, OleUninitialize |
shell32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHGetSpecialFolderLocation, ShellExecuteA, SHFileOperationA |
user32.dll | IsWindowVisible, DispatchMessageA, SendMessageTimeoutA, CreateWindowExA, GetClientRect, SetWindowPos, SystemParametersInfoA, LoadBitmapA, CharPrevA, EndPaint, DestroyWindow, EnableMenuItem, AppendMenuA, ShowWindow, SetWindowLongA, InvalidateRect, EnableWindow, OpenClipboard, EmptyClipboard, GetMessagePos, SendMessageA, ExitWindowsEx, IsWindowEnabled, BeginPaint, GetSysColor, PostQuitMessage, GetSystemMetrics, MessageBoxIndirectA, SetDlgItemTextA, EndDialog, SetClassLongA, GetDC, DefWindowProcA, CloseClipboard, GetDlgItemTextA, SetForegroundWindow, FillRect, LoadCursorA, CharNextA, IsWindow, GetSystemMenu, CreateDialogParamA, GetWindowRect, RegisterClassA, GetWindowLongA, DrawTextA, FindWindowExA, CheckDlgButton, TrackPopupMenu, wsprintfA, DialogBoxParamA, CreatePopupMenu, SetCursor, SetWindowTextA, ScreenToClient, LoadImageA, SetClipboardData |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
DllRegisterServer | 1 | 0x1002513f |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright 2016 Symantec Corporation. All rights reserved. |
InternalName | SymErr |
FileVersion | 7.6.2.5 |
CompanyName | Symantec Corporation |
ProductName | Symantec Shared Component |
ProductVersion | 7.6 |
FileDescription | Symantec Error Reporting |
OriginalFilename | SymErr.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 14, 2021 10:33:56.169133902 CET | 49772 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.169179916 CET | 443 | 49772 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.169270992 CET | 49772 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.170115948 CET | 49772 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.170137882 CET | 443 | 49772 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.320444107 CET | 443 | 49772 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.323769093 CET | 49773 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.323807001 CET | 443 | 49773 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.323893070 CET | 49773 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.325078011 CET | 49773 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.325093985 CET | 443 | 49773 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.384921074 CET | 49774 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.384965897 CET | 443 | 49774 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.385071993 CET | 49774 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.385968924 CET | 49774 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.385997057 CET | 443 | 49774 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.445888996 CET | 49775 | 443 | 192.168.2.5 | 3.12.124.139 |
Dec 14, 2021 10:33:56.445933104 CET | 443 | 49775 | 3.12.124.139 | 192.168.2.5 |
Dec 14, 2021 10:33:56.446013927 CET | 49775 | 443 | 192.168.2.5 | 3.12.124.139 |
Dec 14, 2021 10:33:56.446840048 CET | 49775 | 443 | 192.168.2.5 | 3.12.124.139 |
Dec 14, 2021 10:33:56.446865082 CET | 443 | 49775 | 3.12.124.139 | 192.168.2.5 |
Dec 14, 2021 10:33:56.475581884 CET | 443 | 49773 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.477123976 CET | 49776 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.477180004 CET | 443 | 49776 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.477348089 CET | 49776 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.478054047 CET | 49776 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.478080034 CET | 443 | 49776 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.536524057 CET | 443 | 49774 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.538096905 CET | 49777 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.538141012 CET | 443 | 49777 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.538228035 CET | 49777 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.539164066 CET | 49777 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.539185047 CET | 443 | 49777 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.597301960 CET | 443 | 49775 | 3.12.124.139 | 192.168.2.5 |
Dec 14, 2021 10:33:56.599082947 CET | 49778 | 443 | 192.168.2.5 | 3.12.124.139 |
Dec 14, 2021 10:33:56.599128008 CET | 443 | 49778 | 3.12.124.139 | 192.168.2.5 |
Dec 14, 2021 10:33:56.599239111 CET | 49778 | 443 | 192.168.2.5 | 3.12.124.139 |
Dec 14, 2021 10:33:56.600239038 CET | 49778 | 443 | 192.168.2.5 | 3.12.124.139 |
Dec 14, 2021 10:33:56.600253105 CET | 443 | 49778 | 3.12.124.139 | 192.168.2.5 |
Dec 14, 2021 10:33:56.628398895 CET | 443 | 49776 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.629982948 CET | 49779 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.630032063 CET | 443 | 49779 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.630146980 CET | 49779 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.630968094 CET | 49779 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.630990982 CET | 443 | 49779 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.689443111 CET | 443 | 49777 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.691081047 CET | 49780 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.691126108 CET | 443 | 49780 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.691215992 CET | 49780 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.692574978 CET | 49780 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.692596912 CET | 443 | 49780 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.750622034 CET | 443 | 49778 | 3.12.124.139 | 192.168.2.5 |
Dec 14, 2021 10:33:56.752547979 CET | 49781 | 443 | 192.168.2.5 | 3.12.124.139 |
Dec 14, 2021 10:33:56.752585888 CET | 443 | 49781 | 3.12.124.139 | 192.168.2.5 |
Dec 14, 2021 10:33:56.752688885 CET | 49781 | 443 | 192.168.2.5 | 3.12.124.139 |
Dec 14, 2021 10:33:56.753557920 CET | 49781 | 443 | 192.168.2.5 | 3.12.124.139 |
Dec 14, 2021 10:33:56.753567934 CET | 443 | 49781 | 3.12.124.139 | 192.168.2.5 |
Dec 14, 2021 10:33:56.755451918 CET | 49782 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.755487919 CET | 443 | 49782 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.755567074 CET | 49782 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.756136894 CET | 49782 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.756164074 CET | 443 | 49782 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.781342030 CET | 443 | 49779 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.843327045 CET | 443 | 49780 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.845531940 CET | 49783 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.845575094 CET | 443 | 49783 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.845649958 CET | 49783 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.846473932 CET | 49783 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.846491098 CET | 443 | 49783 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.903898001 CET | 443 | 49781 | 3.12.124.139 | 192.168.2.5 |
Dec 14, 2021 10:33:56.905615091 CET | 49784 | 443 | 192.168.2.5 | 3.12.124.139 |
Dec 14, 2021 10:33:56.905653000 CET | 443 | 49784 | 3.12.124.139 | 192.168.2.5 |
Dec 14, 2021 10:33:56.905747890 CET | 49784 | 443 | 192.168.2.5 | 3.12.124.139 |
Dec 14, 2021 10:33:56.906493902 CET | 443 | 49782 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.906672955 CET | 49784 | 443 | 192.168.2.5 | 3.12.124.139 |
Dec 14, 2021 10:33:56.906692982 CET | 443 | 49784 | 3.12.124.139 | 192.168.2.5 |
Dec 14, 2021 10:33:56.908546925 CET | 49785 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.908580065 CET | 443 | 49785 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.908668995 CET | 49785 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.909574032 CET | 49785 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:56.909584999 CET | 443 | 49785 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:56.996841908 CET | 443 | 49783 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:57.057349920 CET | 443 | 49784 | 3.12.124.139 | 192.168.2.5 |
Dec 14, 2021 10:33:57.060131073 CET | 443 | 49785 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:57.065263033 CET | 49786 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:57.065311909 CET | 443 | 49786 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:57.065414906 CET | 49786 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:57.066065073 CET | 49786 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:57.066081047 CET | 443 | 49786 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:57.216689110 CET | 443 | 49786 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:57.226584911 CET | 49787 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:57.226634979 CET | 443 | 49787 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:57.226720095 CET | 49787 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:57.227541924 CET | 49787 | 443 | 192.168.2.5 | 18.219.227.107 |
Dec 14, 2021 10:33:57.227566004 CET | 443 | 49787 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:33:57.378197908 CET | 443 | 49787 | 18.219.227.107 | 192.168.2.5 |
Dec 14, 2021 10:34:06.990562916 CET | 49795 | 443 | 192.168.2.5 | 79.110.52.144 |
Dec 14, 2021 10:34:06.990613937 CET | 443 | 49795 | 79.110.52.144 | 192.168.2.5 |
Dec 14, 2021 10:34:06.990704060 CET | 49795 | 443 | 192.168.2.5 | 79.110.52.144 |
Dec 14, 2021 10:34:06.991794109 CET | 49795 | 443 | 192.168.2.5 | 79.110.52.144 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 14, 2021 10:33:56.145939112 CET | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:33:56.164990902 CET | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:33:56.364356041 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:33:56.382654905 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:33:56.425647974 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:33:56.444000959 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:33:56.735696077 CET | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:33:56.753909111 CET | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:34:06.972225904 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:34:06.988746881 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:34:07.185264111 CET | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:34:07.205163956 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:34:07.244362116 CET | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:34:07.262615919 CET | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:34:07.430716991 CET | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:34:07.448971033 CET | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:34:07.580158949 CET | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:34:07.596787930 CET | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:34:07.788218975 CET | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:34:07.792956114 CET | 51649 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:34:07.804882050 CET | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:34:07.810184002 CET | 65086 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:34:07.811239958 CET | 53 | 51649 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:34:07.826984882 CET | 53 | 65086 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:34:08.269373894 CET | 56432 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:34:08.285397053 CET | 53 | 56432 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:34:08.324105024 CET | 52929 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:34:08.340738058 CET | 53 | 52929 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:34:08.428600073 CET | 64317 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:34:08.445041895 CET | 53 | 64317 | 8.8.8.8 | 192.168.2.5 |
Dec 14, 2021 10:34:08.793006897 CET | 61004 | 53 | 192.168.2.5 | 8.8.8.8 |
Dec 14, 2021 10:34:08.812880993 CET | 53 | 61004 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Dec 14, 2021 10:33:56.145939112 CET | 192.168.2.5 | 8.8.8.8 | 0xc7c | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:33:56.364356041 CET | 192.168.2.5 | 8.8.8.8 | 0xce4a | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:33:56.425647974 CET | 192.168.2.5 | 8.8.8.8 | 0xcd9e | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:33:56.735696077 CET | 192.168.2.5 | 8.8.8.8 | 0x8d48 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:34:06.972225904 CET | 192.168.2.5 | 8.8.8.8 | 0x7b27 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:34:07.185264111 CET | 192.168.2.5 | 8.8.8.8 | 0x769b | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:34:07.244362116 CET | 192.168.2.5 | 8.8.8.8 | 0x2011 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:34:07.430716991 CET | 192.168.2.5 | 8.8.8.8 | 0xf508 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:34:07.580158949 CET | 192.168.2.5 | 8.8.8.8 | 0xfa | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:34:07.788218975 CET | 192.168.2.5 | 8.8.8.8 | 0x2a7c | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:34:07.792956114 CET | 192.168.2.5 | 8.8.8.8 | 0x714b | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:34:07.810184002 CET | 192.168.2.5 | 8.8.8.8 | 0x6f61 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:34:08.269373894 CET | 192.168.2.5 | 8.8.8.8 | 0x72a8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:34:08.324105024 CET | 192.168.2.5 | 8.8.8.8 | 0x80a1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:34:08.428600073 CET | 192.168.2.5 | 8.8.8.8 | 0xf677 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 10:34:08.793006897 CET | 192.168.2.5 | 8.8.8.8 | 0xb228 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Dec 14, 2021 10:33:56.164990902 CET | 8.8.8.8 | 192.168.2.5 | 0xc7c | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.164990902 CET | 8.8.8.8 | 192.168.2.5 | 0xc7c | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.164990902 CET | 8.8.8.8 | 192.168.2.5 | 0xc7c | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.164990902 CET | 8.8.8.8 | 192.168.2.5 | 0xc7c | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.382654905 CET | 8.8.8.8 | 192.168.2.5 | 0xce4a | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.382654905 CET | 8.8.8.8 | 192.168.2.5 | 0xce4a | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.382654905 CET | 8.8.8.8 | 192.168.2.5 | 0xce4a | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.382654905 CET | 8.8.8.8 | 192.168.2.5 | 0xce4a | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.444000959 CET | 8.8.8.8 | 192.168.2.5 | 0xcd9e | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.444000959 CET | 8.8.8.8 | 192.168.2.5 | 0xcd9e | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.444000959 CET | 8.8.8.8 | 192.168.2.5 | 0xcd9e | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.444000959 CET | 8.8.8.8 | 192.168.2.5 | 0xcd9e | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.753909111 CET | 8.8.8.8 | 192.168.2.5 | 0x8d48 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.753909111 CET | 8.8.8.8 | 192.168.2.5 | 0x8d48 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.753909111 CET | 8.8.8.8 | 192.168.2.5 | 0x8d48 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:33:56.753909111 CET | 8.8.8.8 | 192.168.2.5 | 0x8d48 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:34:06.988746881 CET | 8.8.8.8 | 192.168.2.5 | 0x7b27 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:34:07.205163956 CET | 8.8.8.8 | 192.168.2.5 | 0x769b | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:34:07.262615919 CET | 8.8.8.8 | 192.168.2.5 | 0x2011 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:34:07.448971033 CET | 8.8.8.8 | 192.168.2.5 | 0xf508 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:34:07.596787930 CET | 8.8.8.8 | 192.168.2.5 | 0xfa | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:34:07.804882050 CET | 8.8.8.8 | 192.168.2.5 | 0x2a7c | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:34:07.811239958 CET | 8.8.8.8 | 192.168.2.5 | 0x714b | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:34:07.826984882 CET | 8.8.8.8 | 192.168.2.5 | 0x6f61 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:34:08.285397053 CET | 8.8.8.8 | 192.168.2.5 | 0x72a8 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:34:08.340738058 CET | 8.8.8.8 | 192.168.2.5 | 0x80a1 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:34:08.445041895 CET | 8.8.8.8 | 192.168.2.5 | 0xf677 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 10:34:08.812880993 CET | 8.8.8.8 | 192.168.2.5 | 0xb228 | No error (0) | 79.110.52.144 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49795 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:34:07 UTC | 0 | OUT | |
2021-12-14 09:34:07 UTC | 0 | IN | |
2021-12-14 09:34:07 UTC | 0 | IN | |
2021-12-14 09:34:07 UTC | 16 | IN | |
2021-12-14 09:34:07 UTC | 32 | IN | |
2021-12-14 09:34:07 UTC | 48 | IN | |
2021-12-14 09:34:07 UTC | 64 | IN | |
2021-12-14 09:34:07 UTC | 80 | IN | |
2021-12-14 09:34:07 UTC | 96 | IN | |
2021-12-14 09:34:07 UTC | 112 | IN | |
2021-12-14 09:34:07 UTC | 128 | IN | |
2021-12-14 09:34:07 UTC | 144 | IN | |
2021-12-14 09:34:07 UTC | 160 | IN | |
2021-12-14 09:34:07 UTC | 176 | IN | |
2021-12-14 09:34:07 UTC | 192 | IN | |
2021-12-14 09:34:07 UTC | 208 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49796 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:34:07 UTC | 209 | OUT | |
2021-12-14 09:34:07 UTC | 210 | IN | |
2021-12-14 09:34:07 UTC | 210 | IN | |
2021-12-14 09:34:07 UTC | 226 | IN | |
2021-12-14 09:34:07 UTC | 242 | IN | |
2021-12-14 09:34:07 UTC | 258 | IN | |
2021-12-14 09:34:07 UTC | 274 | IN | |
2021-12-14 09:34:07 UTC | 322 | IN | |
2021-12-14 09:34:07 UTC | 338 | IN | |
2021-12-14 09:34:07 UTC | 354 | IN | |
2021-12-14 09:34:07 UTC | 370 | IN | |
2021-12-14 09:34:07 UTC | 386 | IN | |
2021-12-14 09:34:07 UTC | 402 | IN | |
2021-12-14 09:34:07 UTC | 418 | IN | |
2021-12-14 09:34:07 UTC | 482 | IN | |
2021-12-14 09:34:07 UTC | 498 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.5 | 49807 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:34:08 UTC | 1895 | OUT | |
2021-12-14 09:34:08 UTC | 1896 | IN | |
2021-12-14 09:34:08 UTC | 1896 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.5 | 49808 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:34:08 UTC | 1898 | OUT | |
2021-12-14 09:34:08 UTC | 1898 | IN | |
2021-12-14 09:34:08 UTC | 1899 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.5 | 49797 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:34:07 UTC | 209 | OUT | |
2021-12-14 09:34:07 UTC | 290 | IN | |
2021-12-14 09:34:07 UTC | 290 | IN | |
2021-12-14 09:34:07 UTC | 306 | IN | |
2021-12-14 09:34:07 UTC | 434 | IN | |
2021-12-14 09:34:07 UTC | 450 | IN | |
2021-12-14 09:34:07 UTC | 466 | IN | |
2021-12-14 09:34:07 UTC | 499 | IN | |
2021-12-14 09:34:07 UTC | 515 | IN | |
2021-12-14 09:34:07 UTC | 531 | IN | |
2021-12-14 09:34:07 UTC | 547 | IN | |
2021-12-14 09:34:07 UTC | 563 | IN | |
2021-12-14 09:34:07 UTC | 579 | IN | |
2021-12-14 09:34:07 UTC | 595 | IN | |
2021-12-14 09:34:07 UTC | 611 | IN | |
2021-12-14 09:34:07 UTC | 627 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.5 | 49798 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:34:07 UTC | 628 | OUT | |
2021-12-14 09:34:07 UTC | 629 | IN | |
2021-12-14 09:34:07 UTC | 629 | IN | |
2021-12-14 09:34:07 UTC | 645 | IN | |
2021-12-14 09:34:07 UTC | 661 | IN | |
2021-12-14 09:34:07 UTC | 677 | IN | |
2021-12-14 09:34:07 UTC | 693 | IN | |
2021-12-14 09:34:07 UTC | 709 | IN | |
2021-12-14 09:34:07 UTC | 725 | IN | |
2021-12-14 09:34:07 UTC | 741 | IN | |
2021-12-14 09:34:07 UTC | 757 | IN | |
2021-12-14 09:34:07 UTC | 773 | IN | |
2021-12-14 09:34:07 UTC | 789 | IN | |
2021-12-14 09:34:07 UTC | 805 | IN | |
2021-12-14 09:34:07 UTC | 821 | IN | |
2021-12-14 09:34:07 UTC | 837 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.5 | 49799 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:34:07 UTC | 838 | OUT | |
2021-12-14 09:34:07 UTC | 838 | IN | |
2021-12-14 09:34:07 UTC | 839 | IN | |
2021-12-14 09:34:07 UTC | 854 | IN | |
2021-12-14 09:34:07 UTC | 870 | IN | |
2021-12-14 09:34:07 UTC | 886 | IN | |
2021-12-14 09:34:07 UTC | 902 | IN | |
2021-12-14 09:34:07 UTC | 918 | IN | |
2021-12-14 09:34:07 UTC | 934 | IN | |
2021-12-14 09:34:07 UTC | 950 | IN | |
2021-12-14 09:34:07 UTC | 966 | IN | |
2021-12-14 09:34:07 UTC | 982 | IN | |
2021-12-14 09:34:07 UTC | 998 | IN | |
2021-12-14 09:34:07 UTC | 1014 | IN | |
2021-12-14 09:34:07 UTC | 1030 | IN | |
2021-12-14 09:34:07 UTC | 1046 | IN | |
2021-12-14 09:34:07 UTC | 1062 | IN | |
2021-12-14 09:34:07 UTC | 1078 | IN | |
2021-12-14 09:34:07 UTC | 1094 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.5 | 49802 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:34:07 UTC | 1101 | OUT | |
2021-12-14 09:34:08 UTC | 1102 | IN | |
2021-12-14 09:34:08 UTC | 1102 | IN | |
2021-12-14 09:34:08 UTC | 1118 | IN | |
2021-12-14 09:34:08 UTC | 1198 | IN | |
2021-12-14 09:34:08 UTC | 1214 | IN | |
2021-12-14 09:34:08 UTC | 1230 | IN | |
2021-12-14 09:34:08 UTC | 1310 | IN | |
2021-12-14 09:34:08 UTC | 1326 | IN | |
2021-12-14 09:34:08 UTC | 1374 | IN | |
2021-12-14 09:34:08 UTC | 1390 | IN | |
2021-12-14 09:34:08 UTC | 1406 | IN | |
2021-12-14 09:34:08 UTC | 1422 | IN | |
2021-12-14 09:34:08 UTC | 1566 | IN | |
2021-12-14 09:34:08 UTC | 1598 | IN | |
2021-12-14 09:34:08 UTC | 1614 | IN | |
2021-12-14 09:34:08 UTC | 1630 | IN | |
2021-12-14 09:34:08 UTC | 1678 | IN | |
2021-12-14 09:34:08 UTC | 1694 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.5 | 49801 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:34:07 UTC | 1101 | OUT | |
2021-12-14 09:34:08 UTC | 1134 | IN | |
2021-12-14 09:34:08 UTC | 1134 | IN | |
2021-12-14 09:34:08 UTC | 1150 | IN | |
2021-12-14 09:34:08 UTC | 1246 | IN | |
2021-12-14 09:34:08 UTC | 1262 | IN | |
2021-12-14 09:34:08 UTC | 1278 | IN | |
2021-12-14 09:34:08 UTC | 1438 | IN | |
2021-12-14 09:34:08 UTC | 1454 | IN | |
2021-12-14 09:34:08 UTC | 1470 | IN | |
2021-12-14 09:34:08 UTC | 1486 | IN | |
2021-12-14 09:34:08 UTC | 1502 | IN | |
2021-12-14 09:34:08 UTC | 1518 | IN | |
2021-12-14 09:34:08 UTC | 1534 | IN | |
2021-12-14 09:34:08 UTC | 1748 | IN | |
2021-12-14 09:34:08 UTC | 1764 | IN | |
2021-12-14 09:34:08 UTC | 1780 | IN | |
2021-12-14 09:34:08 UTC | 1796 | IN | |
2021-12-14 09:34:08 UTC | 1812 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.5 | 49803 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:34:07 UTC | 1101 | OUT | |
2021-12-14 09:34:08 UTC | 1166 | IN | |
2021-12-14 09:34:08 UTC | 1166 | IN | |
2021-12-14 09:34:08 UTC | 1182 | IN | |
2021-12-14 09:34:08 UTC | 1294 | IN | |
2021-12-14 09:34:08 UTC | 1342 | IN | |
2021-12-14 09:34:08 UTC | 1358 | IN | |
2021-12-14 09:34:08 UTC | 1550 | IN | |
2021-12-14 09:34:08 UTC | 1582 | IN | |
2021-12-14 09:34:08 UTC | 1646 | IN | |
2021-12-14 09:34:08 UTC | 1662 | IN | |
2021-12-14 09:34:08 UTC | 1700 | IN | |
2021-12-14 09:34:08 UTC | 1716 | IN | |
2021-12-14 09:34:08 UTC | 1732 | IN | |
2021-12-14 09:34:08 UTC | 1819 | IN | |
2021-12-14 09:34:08 UTC | 1835 | IN | |
2021-12-14 09:34:08 UTC | 1851 | IN | |
2021-12-14 09:34:08 UTC | 1867 | IN | |
2021-12-14 09:34:08 UTC | 1883 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.5 | 49805 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:34:08 UTC | 1890 | OUT | |
2021-12-14 09:34:08 UTC | 1891 | IN | |
2021-12-14 09:34:08 UTC | 1891 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.5 | 49806 | 79.110.52.144 | 443 | C:\Windows\SysWOW64\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 09:34:08 UTC | 1890 | OUT | |
2021-12-14 09:34:08 UTC | 1893 | IN | |
2021-12-14 09:34:08 UTC | 1893 | IN |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 10:33:06 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10c0000 |
File size: | 116736 bytes |
MD5 hash: | 7DEB5DB86C0AC789123DEC286286B938 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 10:33:06 |
Start date: | 14/12/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:33:07 |
Start date: | 14/12/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdd0000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 10:33:07 |
Start date: | 14/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 10:33:07 |
Start date: | 14/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 10:33:35 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\BackgroundTransferHost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64e5e0000 |
File size: | 36864 bytes |
MD5 hash: | 02BA81746B929ECC9DB6665589B68335 |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 10:34:12 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f2bc0000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 10:34:12 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f2bc0000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 10:34:12 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f2bc0000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 10:34:15 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff617cb0000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 10:34:16 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff617cb0000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 10:34:16 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff617cb0000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:34:16 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:34:16 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:34:16 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:34:20 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f2bc0000 |
File size: | 14848 bytes |
MD5 hash: | 197FC97C6A843BEBB445C1D9C58DCBDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:34:23 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff617cb0000 |
File size: | 447488 bytes |
MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:34:23 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:34:26 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff768110000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:34:32 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62ec30000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:34:32 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff768110000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:34:32 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff768110000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:34:33 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff65b0e0000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:34:35 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff768110000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:34:35 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62ec30000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:34:36 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62ec30000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:34:37 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff768110000 |
File size: | 2739304 bytes |
MD5 hash: | B46100977911A0C9FB1C3E5F16A5017D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
General |
---|
Start time: | 10:34:37 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff65b0e0000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:34:37 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff65b0e0000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:34:38 |
Start date: | 14/12/2021 |
Path: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62ec30000 |
File size: | 47280 bytes |
MD5 hash: | 33BB8BE0B4F547324D93D5D2725CAC3D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 10:34:39 |
Start date: | 14/12/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d6300000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|