Windows
Analysis Report
steg.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- steg.exe (PID: 6544 cmdline:
"C:\Users\ user\Deskt op\steg.ex e" MD5: 30747BB37997B54D37BAE65AE590B7E8) - Windows Update.exe (PID: 7000 cmdline:
"C:\Users\ user\AppDa ta\Roaming \Windows U pdate.exe" MD5: 30747BB37997B54D37BAE65AE590B7E8) - dw20.exe (PID: 5912 cmdline:
dw20.exe - x -s 2708 MD5: 8D10DA8A3E11747E51F23C882C22BBC3)
- WindowsUpdate.exe (PID: 6424 cmdline:
"C:\Users\ user\AppDa ta\Roaming \WindowsUp date.exe" MD5: 30747BB37997B54D37BAE65AE590B7E8) - Windows Update.exe (PID: 5876 cmdline:
"C:\Users\ user\AppDa ta\Roaming \Windows U pdate.exe" MD5: 30747BB37997B54D37BAE65AE590B7E8) - dw20.exe (PID: 5528 cmdline:
dw20.exe - x -s 2676 MD5: 8D10DA8A3E11747E51F23C882C22BBC3)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
JoeSecurity_EmailPasswordDump_Tool | Yara detected EmailPasswordDump Tool by SecurityXploded | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | ||
JoeSecurity_BrowserPasswordDump_Tool | Yara detected BrowserPasswordDump Tool by SecurityXploded | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
JoeSecurity_EmailPasswordDump_Tool | Yara detected EmailPasswordDump Tool by SecurityXploded | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | ||
JoeSecurity_BrowserPasswordDump_Tool | Yara detected BrowserPasswordDump Tool by SecurityXploded | Joe Security | ||
Click to see the 5 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | ||
JoeSecurity_EmailPasswordDump_Tool | Yara detected EmailPasswordDump Tool by SecurityXploded | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | ||
JoeSecurity_BrowserPasswordDump_Tool | Yara detected BrowserPasswordDump Tool by SecurityXploded | Joe Security | ||
Click to see the 79 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
JoeSecurity_EmailPasswordDump_Tool | Yara detected EmailPasswordDump Tool by SecurityXploded | Joe Security | ||
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
JoeSecurity_BrowserPasswordDump_Tool | Yara detected BrowserPasswordDump Tool by SecurityXploded | Joe Security | ||
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
Click to see the 242 entries |
There are no malicious signatures, click here to show all signatures.
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: frack113: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: |
Source: | Author: frack113: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: | ||
Source: | Avira: |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | File opened: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Networking |
---|
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Code function: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Windows user hook set: | ||
Source: | Windows user hook set: |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Binary or memory string: |
Source: | Window created: | ||
Source: | Window created: |
Source: | Process created: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Code function: | ||
Source: | Code function: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: |
Source: | Mutant created: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | |||
Source: | File read: |
Source: | File opened: |
Source: | Static PE information: |
Source: | File opened: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | Function Chain: |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Binary or memory string: |
Source: | Process queried: | ||
Source: | Process queried: | ||
Source: | Process queried: | ||
Source: | Process queried: |
Source: | Process token adjusted: | ||
Source: | Process token adjusted: |
Source: | Code function: |
Source: | Memory allocated: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Code function: |
Source: | Key value queried: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Replication Through Removable Media | 21 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Disable or Modify Tools | 211 Input Capture | 1 Peripheral Device Discovery | 1 Replication Through Removable Media | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 4 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 2 Native API | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 11 Deobfuscate/Decode Files or Information | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | 211 Input Capture | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 12 Process Injection | 31 Obfuscated Files or Information | Security Account Manager | 23 System Information Discovery | SMB/Windows Admin Shares | 1 Clipboard Data | Automated Exfiltration | 1 Non-Standard Port | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 1 Registry Run Keys / Startup Folder | 11 Software Packing | NTDS | 141 Security Software Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Remote Access Software | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Process Discovery | SSH | Keylogging | Data Transfer Size Limits | 3 Non-Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Masquerading | Cached Domain Credentials | 41 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | 14 Application Layer Protocol | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 41 Virtualization/Sandbox Evasion | DCSync | 1 Remote System Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Access Token Manipulation | Proc Filesystem | 11 System Network Configuration Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 12 Process Injection | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | 1 Hidden Files and Directories | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
71% | Virustotal | Browse | ||
88% | ReversingLabs | ByteCode-MSIL.Trojan.Golroted | ||
100% | Avira | TR/Golroted.xous | ||
100% | Avira | TR/Spy.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Golroted.xous | ||
100% | Avira | TR/Spy.Gen | ||
100% | Avira | TR/Golroted.xous | ||
100% | Avira | TR/Spy.Gen | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
88% | ReversingLabs | ByteCode-MSIL.Trojan.Golroted | ||
88% | ReversingLabs | ByteCode-MSIL.Trojan.Golroted |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
whatismyipaddress.com | 104.16.155.36 | true | false | high | |
smtp.gmail.com | 108.177.127.109 | true | false | high | |
140.244.14.0.in-addr.arpa | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.16.155.36 | whatismyipaddress.com | United States | 13335 | CLOUDFLARENETUS | false | |
108.177.127.109 | smtp.gmail.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 593806 |
Start date and time: | 2022-03-22 02:34:19 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | steg.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@10/15@9/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- TCP Packets have been reduced to 100
- Excluded IPs from analysis (whitelisted): 52.182.143.212, 20.189.173.20
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, arc.msn.com
- Execution Graph export aborted for target Windows Update.exe, PID 7000 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
03:35:50 | API Interceptor | |
03:35:53 | API Interceptor | |
03:35:53 | Autostart | |
03:36:02 | Autostart |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_windows update.e_436621b0be9536334964869bf89e95685ea4f5_00000000_15c9a667\Report.wer
Download File
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.308745717009357 |
Encrypted: | false |
SSDEEP: | 192:Vpgu5sGzOe63aPLk9Mg5N3gFm1pzvTkyK81X+tXyXyE/u7siS274It:J5siOjayRvw06nE/u7siX4It |
MD5: | B342D04C5AE75D98E4FAEB0840B0B5F2 |
SHA1: | F8FEB8B0BA5852FED3A968B56EC0C31979DA7379 |
SHA-256: | E6FA2CC142861D08C8BE0D2BD56486245936A8FC6CB6C6DE142B774EA30CB8E9 |
SHA-512: | B82C039FBF572D8EA2CA8454988E3D8E13CA79BEDD8D30E3D3260EF408FDED28FA04636C74AC4AFD7DF2B45A99610447414E5AAC596CE716BE542EDF85172893 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_windows update.e_436621b0be9536334964869bf89e95685ea4f5_00000000_17493f51\Report.wer
Download File
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.3149700454264321 |
Encrypted: | false |
SSDEEP: | 192:VKMk/sGzNe63aKsn9fbeN9M2v1zzv9kXZKIgjIRcMbu/u7siS274It:G/siNjaEdvO1nbu/u7siX4It |
MD5: | 9DD407AF23C9BED0015D6D10A84A29D3 |
SHA1: | FD2A24B6E56730ABD196C6AE99500A58260ECD19 |
SHA-256: | CD3D2B403E849B3415E6710305A7FA1C3424C515F9F082180DFB0688324C13B2 |
SHA-512: | 388AD6A72B0103CC554E7FCE22118DBE7CE95EC4446F4478B185594468E6075BD67B2322BFD7144F73C45EE8E1ADF05C1E7E536AD20B06451F1C7CAF4AD91D4A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7638 |
Entropy (8bit): | 3.685492785123007 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNig56Pgv6YRO6+gmfZiSW+p1b61f2Jm:RrlsNiO6I6Yo6+gmf4SbbQfp |
MD5: | 866A56B5FB111E45F768C6284D40346F |
SHA1: | 95432D9402FD807511804CFF3B4D70056BC4FA89 |
SHA-256: | A4D82922BBDCE338B22C867B0652C0265B116F54DBBFA7F617DDB323A3C15377 |
SHA-512: | 0410944F05D7B4C9C864F75A4A7F6C22E30F361FD95E4D2907A355376ABF0F8DC13D0247E04822037B8983B3EE4BF78DD59E2E6A52B4DEB08CE9304D047602C2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4693 |
Entropy (8bit): | 4.449132467269561 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsfJgtWI9SMWgc8sqYji8fm8M4JFK85xFJO+q8vj5AC+dOnVQEAEd:uITfBtlgrsqYrJFKy4KdACzVQEAEd |
MD5: | 0C8D726E73F002B17F723F950C9CF9B8 |
SHA1: | ACD71058C2FD5FCDDFF9F3BF7DAC96CCB4613D50 |
SHA-256: | 4467028406D5764C380B8E97DADFEA283CCE0105759D3A93623477BE88868E2A |
SHA-512: | 4CA85B157BF51EAEA19259E34CAF163939F338C4E493A8F0057AE75629A754CF6245AAA310E9F257A137402138465B7E3C38BBD4B8CC121B5E8C8F54F3E328B9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7642 |
Entropy (8bit): | 3.684063614647202 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi7g6I6YO+6ZgmfZiSW+p1Ny1f8Pm:RrlsNi86I6Yf6Zgmf4SbNofJ |
MD5: | D115B32576A0D5FFD2448BFB47AF4C9A |
SHA1: | 574BC5FF44E734B18CB42E6ACB97F441CCAD1360 |
SHA-256: | BBF66801682AE643BF8CDDAFF2225C5C529E6FB40694306B8FF0FACB75664EEC |
SHA-512: | 5E781A249369F6D2255717BAFD44F0C0BEF88AEE7697077FB469F594DC2AC8D33D5AC8F3E3C4C0DFE4551CE4ECCD3BC0303BD1071C89B87EAECAC16C717C79F9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4693 |
Entropy (8bit): | 4.450845819338463 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsfJgtWI9SMWgc8sqYjsz8fm8M4JFK85xFg+q8vj52z6+dOnVQEREd:uITfBtlgrsqYPJFKyMKdq6zVQEREd |
MD5: | 9AA1F9B81F8152D17378B8C185247354 |
SHA1: | B7A2AD40F56ED159255C18CA4BF67D2DD99F64FB |
SHA-256: | 407DC00DC0733E4EC0225CC6FB9A89868954CD408ECC08AE5D76AB0C5DB47102 |
SHA-512: | 934F4FC98C318712844166E7CB5E8BA8B0320DB7F50F306BB50DF8D4AE434F9AAC69F03EBCDDB8FD87EB5DB5792AE07F9D3CEFB4C0626213C08296A8B94C08A9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 664 |
Entropy (8bit): | 5.288448637977022 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9 |
MD5: | B1DB55991C3DA14E35249AEA1BC357CA |
SHA1: | 0DD2D91198FDEF296441B12F1A906669B279700C |
SHA-256: | 34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC |
SHA-512: | BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801 |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\steg.exe |
File Type: | |
Category: | modified |
Size (bytes): | 664 |
Entropy (8bit): | 5.288448637977022 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9 |
MD5: | B1DB55991C3DA14E35249AEA1BC357CA |
SHA1: | 0DD2D91198FDEF296441B12F1A906669B279700C |
SHA-256: | 34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC |
SHA-512: | BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801 |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\steg.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48 |
Entropy (8bit): | 4.304047012067739 |
Encrypted: | false |
SSDEEP: | 3:oNt+kiEaKC59KuCa:oNwknaZ5v |
MD5: | 7C20EC9581869DA3A05E18186353A4B2 |
SHA1: | 210CC52C845FF85B36F422F4C36CA29DB3666482 |
SHA-256: | 23B52B6D0ABD0A0D20690B742429AD1B465D7050535E8FDDB85BF45A8498A4B0 |
SHA-512: | 4CED524729759783EA4783EE98650E6D912D8DAC53386E2DA3C812FE83F40FB1EB97C71521DF380191D399E284D0D94126BD5FC2CBD18B76142EC3A9E97FADA0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\steg.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1167872 |
Entropy (8bit): | 6.562432865407771 |
Encrypted: | false |
SSDEEP: | 24576:IoLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Nx6 |
MD5: | 30747BB37997B54D37BAE65AE590B7E8 |
SHA1: | D702FFAAC8BF35F3372EF2C310B21EEF8A91F6EA |
SHA-256: | A39F2E3D1A27BD091C689A09499B374E5F6743DE23B42BFD9C7A17C1D49DFAD7 |
SHA-512: | CBC7864F127574F1BCB20A442B83D394320BF325F73E75BC6FA8A2EDBBC568EF79973820A672F2340BA5379B9E6EA12C3BB518346B4D702280E9F595D2722322 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\steg.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Windows Update.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1167872 |
Entropy (8bit): | 6.562432865407771 |
Encrypted: | false |
SSDEEP: | 24576:IoLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Nx6 |
MD5: | 30747BB37997B54D37BAE65AE590B7E8 |
SHA1: | D702FFAAC8BF35F3372EF2C310B21EEF8A91F6EA |
SHA-256: | A39F2E3D1A27BD091C689A09499B374E5F6743DE23B42BFD9C7A17C1D49DFAD7 |
SHA-512: | CBC7864F127574F1BCB20A442B83D394320BF325F73E75BC6FA8A2EDBBC568EF79973820A672F2340BA5379B9E6EA12C3BB518346B4D702280E9F595D2722322 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Windows Update.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Windows Update.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 2.0 |
Encrypted: | false |
SSDEEP: | 3:Ign:Ig |
MD5: | FDC0EB412A84FA549AFE68373D9087E9 |
SHA1: | 6E56295615BE063470CE266ABB0F949F84090CCD |
SHA-256: | E5FCF24812E6585EAC0EA6F1A5E3AB5A16B8C2B9568C10B4175EA088AAEAE014 |
SHA-512: | 6CE827A2F598C3C3E56D4BBE94632663848E24AAAB476302E905624EAD8047CB03119CA5655009ABD71FCE493089A7E654298CD9D93FAE2A99101E5E637B29DC |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Windows Update.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49 |
Entropy (8bit): | 4.359935487883289 |
Encrypted: | false |
SSDEEP: | 3:oNt+kiEaKC59KYr4a:oNwknaZ534a |
MD5: | EAB5D702695BC09B3A1E675917747986 |
SHA1: | CCB1F880801A3826B484428802F66BDCCEDFF0B6 |
SHA-256: | 9E90C44A450FAD02151EC509448B88382B55A7CDC65D32EA970B9AE13C909709 |
SHA-512: | 7328E450F4E3AE277F5F30BAFC0D7D73835AEC39544A999A2A6D08DC6A20BF83874D7D3C5D8B24764F0C432D9A4F0A697377E27E89A5A4FC260E9041D7CF2EA6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 6.562432865407771 |
TrID: |
|
File name: | steg.exe |
File size: | 1167872 |
MD5: | 30747bb37997b54d37bae65ae590b7e8 |
SHA1: | d702ffaac8bf35f3372ef2c310b21eef8a91f6ea |
SHA256: | a39f2e3d1a27bd091c689a09499b374e5f6743de23b42bfd9c7a17c1d49dfad7 |
SHA512: | cbc7864f127574f1bcb20a442b83d394320bf325f73e75bc6fa8a2edbbc568ef79973820a672f2340ba5379b9e6ea12c3bb518346b4d702280e9f595d2722322 |
SSDEEP: | 24576:IoLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Nx6 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&U.....................4........... ........@.. ....................... ............@................................ |
Icon Hash: | 41455554545445a2 |
Entrypoint: | 0x51bb1e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x55260706 [Thu Apr 9 04:58:46 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v2.0.50727 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x11bacc | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x11c000 | 0x3200 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x120000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x119b24 | 0x119c00 | False | 0.521700137256 | data | 6.57631984878 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x11c000 | 0x3200 | 0x3200 | False | 0.105546875 | data | 3.584800479 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x120000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x11c4e0 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2004318071, next used block 4286019447 | ||
RT_ICON | 0x11c7c8 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x11c8f0 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0x11d198 | 0x568 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x11d700 | 0x353 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x11da58 | 0x10a8 | data | ||
RT_ICON | 0x11eb00 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x11ef68 | 0x68 | data | ||
RT_VERSION | 0x11c250 | 0x290 | MS Windows COFF PA-RISC object file | ||
RT_MANIFEST | 0x11efd0 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2014 |
Assembly Version | 1.0.0.0 |
InternalName | Stub.exe |
FileVersion | 1.0.0.0 |
ProductName | Stub |
ProductVersion | 1.0.0.0 |
FileDescription | Stub |
OriginalFilename | Stub.exe |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 22, 2022 03:35:49.548432112 CET | 49769 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.564968109 CET | 80 | 49769 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.565078020 CET | 49769 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.565628052 CET | 49769 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.581891060 CET | 80 | 49769 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.603715897 CET | 80 | 49769 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.648091078 CET | 49769 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.651738882 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.651789904 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.651904106 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.919837952 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.919884920 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.970504045 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.970649958 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.973957062 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.973985910 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.974384069 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.138685942 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.471261024 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.502497911 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502588987 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502660990 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502712011 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.502718925 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502758026 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502784014 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.502826929 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502887964 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502948046 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.502959967 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.503032923 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.503056049 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.503070116 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.503156900 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.503276110 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.503299952 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.503324986 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.503488064 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.503504992 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.510982990 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:51.510516882 CET | 49769 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:51.527602911 CET | 80 | 49769 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:51.527678967 CET | 49769 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:51.615544081 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:51.642159939 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:51.642265081 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.781536102 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.781826973 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.808290005 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.813298941 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.813864946 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.840512037 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.841029882 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.867722034 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.867769957 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.867809057 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.867837906 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.867841959 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.867891073 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.874455929 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.901079893 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.913222075 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.939934015 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.941560984 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.968317986 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.969223022 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:53.000490904 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:53.186350107 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:53.187505007 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:53.213756084 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:53.214073896 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:53.420264959 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:53.446252108 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:53.448362112 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:57.867176056 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:14.397748947 CET | 49778 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:14.414284945 CET | 80 | 49778 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:14.414541006 CET | 49778 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:14.415174961 CET | 49778 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:14.432487011 CET | 80 | 49778 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:14.441380978 CET | 80 | 49778 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:14.476999998 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:14.477051020 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:14.477332115 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:14.641254902 CET | 49778 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:15.152592897 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:15.152631998 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:15.192732096 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:15.192898035 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:15.232606888 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:15.232662916 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:15.233402014 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:15.438199997 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:15.441008091 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:16.405088902 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:16.430988073 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431046009 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431090117 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431113958 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:16.431128025 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 22, 2022 03:35:49.153886080 CET | 57747 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:35:49.172836065 CET | 53 | 57747 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:35:49.480837107 CET | 58171 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:35:49.502553940 CET | 53 | 58171 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:35:49.614589930 CET | 57594 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:35:49.636188030 CET | 53 | 57594 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:35:51.556113005 CET | 60512 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:35:51.583343983 CET | 53 | 60512 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:36:12.834089994 CET | 52472 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:36:13.878803968 CET | 52472 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:36:13.895982027 CET | 53 | 52472 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:36:14.321674109 CET | 62354 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:36:14.345383883 CET | 53 | 62354 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:36:14.452385902 CET | 50061 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:36:14.475357056 CET | 53 | 50061 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:36:18.751650095 CET | 60612 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:36:18.791414976 CET | 53 | 60612 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Mar 22, 2022 03:35:49.153886080 CET | 192.168.2.4 | 8.8.8.8 | 0x88e5 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Mar 22, 2022 03:35:49.480837107 CET | 192.168.2.4 | 8.8.8.8 | 0x74aa | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 03:35:49.614589930 CET | 192.168.2.4 | 8.8.8.8 | 0xa390 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 03:35:51.556113005 CET | 192.168.2.4 | 8.8.8.8 | 0x6013 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 03:36:12.834089994 CET | 192.168.2.4 | 8.8.8.8 | 0xfeaa | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Mar 22, 2022 03:36:13.878803968 CET | 192.168.2.4 | 8.8.8.8 | 0xfeaa | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Mar 22, 2022 03:36:14.321674109 CET | 192.168.2.4 | 8.8.8.8 | 0xadcc | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 03:36:14.452385902 CET | 192.168.2.4 | 8.8.8.8 | 0x107a | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 03:36:18.751650095 CET | 192.168.2.4 | 8.8.8.8 | 0xbc04 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Mar 22, 2022 03:35:49.172836065 CET | 8.8.8.8 | 192.168.2.4 | 0x88e5 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | |
Mar 22, 2022 03:35:49.502553940 CET | 8.8.8.8 | 192.168.2.4 | 0x74aa | No error (0) | 104.16.155.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:35:49.502553940 CET | 8.8.8.8 | 192.168.2.4 | 0x74aa | No error (0) | 104.16.154.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:35:49.636188030 CET | 8.8.8.8 | 192.168.2.4 | 0xa390 | No error (0) | 104.16.155.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:35:49.636188030 CET | 8.8.8.8 | 192.168.2.4 | 0xa390 | No error (0) | 104.16.154.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:35:51.583343983 CET | 8.8.8.8 | 192.168.2.4 | 0x6013 | No error (0) | 108.177.127.109 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:36:13.895982027 CET | 8.8.8.8 | 192.168.2.4 | 0xfeaa | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | |
Mar 22, 2022 03:36:14.345383883 CET | 8.8.8.8 | 192.168.2.4 | 0xadcc | No error (0) | 104.16.155.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:36:14.345383883 CET | 8.8.8.8 | 192.168.2.4 | 0xadcc | No error (0) | 104.16.154.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:36:14.475357056 CET | 8.8.8.8 | 192.168.2.4 | 0x107a | No error (0) | 104.16.155.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:36:14.475357056 CET | 8.8.8.8 | 192.168.2.4 | 0x107a | No error (0) | 104.16.154.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:36:18.791414976 CET | 8.8.8.8 | 192.168.2.4 | 0xbc04 | No error (0) | 108.177.127.109 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49770 | 104.16.155.36 | 443 | C:\Users\user\AppData\Roaming\Windows Update.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49779 | 104.16.155.36 | 443 | C:\Users\user\AppData\Roaming\Windows Update.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.4 | 49769 | 104.16.155.36 | 80 | C:\Users\user\AppData\Roaming\Windows Update.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 22, 2022 03:35:49.565628052 CET | 1104 | OUT | |
Mar 22, 2022 03:35:49.603715897 CET | 1105 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.4 | 49778 | 104.16.155.36 | 80 | C:\Users\user\AppData\Roaming\Windows Update.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 22, 2022 03:36:14.415174961 CET | 1174 | OUT | |
Mar 22, 2022 03:36:14.441380978 CET | 1175 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49770 | 104.16.155.36 | 443 | C:\Users\user\AppData\Roaming\Windows Update.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-03-22 02:35:50 UTC | 0 | OUT | |
2022-03-22 02:35:50 UTC | 0 | IN | |
2022-03-22 02:35:50 UTC | 1 | IN | |
2022-03-22 02:35:50 UTC | 1 | IN | |
2022-03-22 02:35:50 UTC | 2 | IN | |
2022-03-22 02:35:50 UTC | 4 | IN | |
2022-03-22 02:35:50 UTC | 5 | IN | |
2022-03-22 02:35:50 UTC | 6 | IN | |
2022-03-22 02:35:50 UTC | 8 | IN | |
2022-03-22 02:35:50 UTC | 9 | IN | |
2022-03-22 02:35:50 UTC | 10 | IN | |
2022-03-22 02:35:50 UTC | 12 | IN | |
2022-03-22 02:35:50 UTC | 13 | IN | |
2022-03-22 02:35:50 UTC | 14 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49779 | 104.16.155.36 | 443 | C:\Users\user\AppData\Roaming\Windows Update.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-03-22 02:36:16 UTC | 14 | OUT | |
2022-03-22 02:36:16 UTC | 14 | IN | |
2022-03-22 02:36:16 UTC | 15 | IN | |
2022-03-22 02:36:16 UTC | 15 | IN | |
2022-03-22 02:36:16 UTC | 16 | IN | |
2022-03-22 02:36:16 UTC | 18 | IN | |
2022-03-22 02:36:16 UTC | 19 | IN | |
2022-03-22 02:36:16 UTC | 20 | IN | |
2022-03-22 02:36:16 UTC | 22 | IN | |
2022-03-22 02:36:16 UTC | 23 | IN | |
2022-03-22 02:36:16 UTC | 24 | IN | |
2022-03-22 02:36:16 UTC | 26 | IN | |
2022-03-22 02:36:16 UTC | 27 | IN | |
2022-03-22 02:36:16 UTC | 28 | IN |
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Mar 22, 2022 03:35:52.781536102 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 | 220 smtp.gmail.com ESMTP e5-20020a170906374500b006d5825520a7sm7639105ejc.71 - gsmtp |
Mar 22, 2022 03:35:52.781826973 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 | EHLO 980108 |
Mar 22, 2022 03:35:52.813298941 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 | 250-smtp.gmail.com at your service, [102.129.143.93] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 |
Mar 22, 2022 03:35:52.813864946 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 | STARTTLS |
Mar 22, 2022 03:35:52.840512037 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
Mar 22, 2022 03:36:18.859519005 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 | 220 smtp.gmail.com ESMTP f17-20020a056402355100b0041925e80963sm3788897edd.41 - gsmtp |
Mar 22, 2022 03:36:18.859970093 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 | EHLO 980108 |
Mar 22, 2022 03:36:18.890105009 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 | 250-smtp.gmail.com at your service, [102.129.143.93] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 |
Mar 22, 2022 03:36:18.890435934 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 | STARTTLS |
Mar 22, 2022 03:36:18.917603970 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
Click to jump to process
Target ID: | 0 |
Start time: | 03:35:23 |
Start date: | 22/03/2022 |
Path: | C:\Users\user\Desktop\steg.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf80000 |
File size: | 1167872 bytes |
MD5 hash: | 30747BB37997B54D37BAE65AE590B7E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 4 |
Start time: | 03:35:42 |
Start date: | 22/03/2022 |
Path: | C:\Users\user\AppData\Roaming\Windows Update.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10000 |
File size: | 1167872 bytes |
MD5 hash: | 30747BB37997B54D37BAE65AE590B7E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 11 |
Start time: | 03:35:51 |
Start date: | 22/03/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10000000 |
File size: | 33936 bytes |
MD5 hash: | 8D10DA8A3E11747E51F23C882C22BBC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 12 |
Start time: | 03:36:02 |
Start date: | 22/03/2022 |
Path: | C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2c0000 |
File size: | 1167872 bytes |
MD5 hash: | 30747BB37997B54D37BAE65AE590B7E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 14 |
Start time: | 03:36:07 |
Start date: | 22/03/2022 |
Path: | C:\Users\user\AppData\Roaming\Windows Update.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xac0000 |
File size: | 1167872 bytes |
MD5 hash: | 30747BB37997B54D37BAE65AE590B7E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 15 |
Start time: | 03:36:17 |
Start date: | 22/03/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10000000 |
File size: | 33936 bytes |
MD5 hash: | 8D10DA8A3E11747E51F23C882C22BBC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |