Edit tour
Windows
Analysis Report
SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe
Overview
General Information
Detection
AgentTesla, GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Antivirus detection for URL or domain
Yara detected GuLoader
Tries to steal Mail credentials (via file / registry access)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Contains functionality to detect virtual machines (SLDT)
PE file contains more sections than normal
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
- SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe (PID: 8616 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Gen.Varian t.Nemesis. 7222.26141 .exe" MD5: 77436B29832DED92B60491EA36018196) - CasPol.exe (PID: 8876 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Gen.Varian t.Nemesis. 7222.26141 .exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B) - CasPol.exe (PID: 8884 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Gen.Varian t.Nemesis. 7222.26141 .exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B) - conhost.exe (PID: 8892 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
{"Payload URL": "http://donaldtrumpverse.com/kO4_tiMHM116.bin"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 1 entries |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira URL Cloud: |
Source: | Code function: | 4_2_20409678 | |
Source: | Code function: | 4_2_20409D60 |
Source: | Static PE information: |
Source: | Registry value created: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00405C49 | |
Source: | Code function: | 0_2_00406873 | |
Source: | Code function: | 0_2_0040290B |
Networking |
---|
Source: | URLs: |
Source: | ASN Name: |
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Code function: | 0_2_004056DE |
Source: | Static PE information: |
Source: | Code function: | 0_2_0040352D |
Source: | Code function: | 0_2_0040755C | |
Source: | Code function: | 0_2_00406D85 | |
Source: | Code function: | 0_2_71081BFF | |
Source: | Code function: | 4_2_00EDC1E0 | |
Source: | Code function: | 4_2_00EDDAB0 | |
Source: | Code function: | 4_2_00ED7B58 | |
Source: | Code function: | 4_2_00EDF446 | |
Source: | Code function: | 4_2_00ED37C8 | |
Source: | Code function: | 4_2_1D2DA160 | |
Source: | Code function: | 4_2_1D2D9890 | |
Source: | Code function: | 4_2_1D2D9548 | |
Source: | Code function: | 4_2_203E2820 | |
Source: | Code function: | 4_2_203E2C60 | |
Source: | Code function: | 4_2_203E8A50 | |
Source: | Code function: | 4_2_203EB698 | |
Source: | Code function: | 4_2_203ED7F1 | |
Source: | Code function: | 4_2_203E79B0 | |
Source: | Code function: | 4_2_2040F478 | |
Source: | Code function: | 4_2_2040047B | |
Source: | Code function: | 4_2_2040E0E0 | |
Source: | Code function: | 4_2_20403080 | |
Source: | Code function: | 4_2_20407290 | |
Source: | Code function: | 4_2_20405EA8 | |
Source: | Code function: | 4_2_2040B8F8 |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_0040352D |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_004021AA |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_0040498A |
Source: | Section loaded: | Jump to behavior |
Source: | Base64 encoded string: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Registry value created: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_710830EE | |
Source: | Code function: | 4_2_00ED84A1 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_71081BFF |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Code function: | 4_2_1D2D0C40 |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00405C49 | |
Source: | Code function: | 0_2_00406873 | |
Source: | Code function: | 0_2_0040290B |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | API call chain: | graph_0-4365 | ||
Source: | API call chain: | graph_0-4517 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_71081BFF |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 4_2_203E6250 |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_0040352D |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 211 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 2 File and Directory Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 1 Native API | 1 Windows Service | 1 Access Token Manipulation | 21 Obfuscated Files or Information | 1 Credentials in Registry | 117 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 Windows Service | 1 Software Packing | Security Account Manager | 321 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 11 Process Injection | 1 Timestomp | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Clipboard Data | Scheduled Transfer | 112 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 251 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 251 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 11 Process Injection | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
43% | Virustotal | Browse | ||
22% | ReversingLabs | Win32.Trojan.Nemesis |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
3% | Metadefender | Browse | ||
0% | ReversingLabs |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
dual-a-0001.a-msedge.net | 13.107.21.200 | true | false |
| unknown |
e-0009.e-msedge.net | 13.107.5.88 | true | false |
| unknown |
solucionest.com.ar | 192.185.112.181 | true | false |
| unknown |
donaldtrumpverse.com | 103.211.219.10 | true | true |
| unknown |
ftp.solucionest.com.ar | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
103.211.219.10 | donaldtrumpverse.com | Seychelles | 394695 | PUBLIC-DOMAIN-REGISTRYUS | true |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 635390 |
Start date and time: 27/05/202221:08:54 | 2022-05-27 21:08:54 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 14m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 38 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@6/12@3/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): taskhostw.exe, MusNotification.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, MusNotificationUx.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 51.105.236.244, 40.117.96.136
- Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, settings-win.data.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, wdcpalt.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, login.live.com, apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net, evoke-windowsservices-tas.msedge.net, wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com, apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net, img-prod-cms-rt-microsoft-com.akamaized.net, nexusrules.officeapps.live.com, manage.devcenter.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Time | Type | Description |
---|---|---|
21:11:38 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
103.211.219.10 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
e-0009.e-msedge.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
dual-a-0001.a-msedge.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
PUBLIC-DOMAIN-REGISTRYUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\gspawn-win64-helper.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
C:\Users\user\AppData\Local\Temp\CDMDataEventHandler.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86544 |
Entropy (8bit): | 6.4808399473205744 |
Encrypted: | false |
SSDEEP: | 1536:Mw52UwgdVS3ArQSv1fMZxfVtoVwBTqLJiP8JDi:B4Uw8SQrJvaZlVtoVwaBu |
MD5: | B884606DE1CB711FA0FABBA8384FA60C |
SHA1: | 2ECD66DE4565AF1C7F8A7016BEAB49B7A7F1CDEA |
SHA-256: | 246459B881CCE72B63AD541D0E8B29A3CB4A14ED193D08BDB68159A32F786539 |
SHA-512: | 173EED4AD24B62203D87BE29721F46C6A2B24A4CDAB888ADC55ADE4154166F06C36A7358EBE2588E13E5790FFF095C90353BAD007D9A30DE26EEBC688C56EAC8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 43566 |
Entropy (8bit): | 7.382704049850724 |
Encrypted: | false |
SSDEEP: | 768:7gyaYEUz32Q+MLPybLI1GPlnL7ZsruV+P/34RE+OUuiozjd/6W4:7gvFUz32ftIsMuV+PYSU9o3d/94 |
MD5: | 27729CF331D3767DF077F52B262D88F3 |
SHA1: | EF4B6F74A0608B5A4DC6E3CA465A96137C1CAD74 |
SHA-256: | CA601E57DD2C1E6E92145A8A19083599261B626A4D26B04D8C3FD5BDDDB2CB0D |
SHA-512: | AC7B8D61462538011D20BEC2D2BEAE62AB7DAA16866FC9B1CDBBDCEDF47796D93507E2E706CA9DECF0C26D0F1031285B9268A747755ABCB1E4A161B9D9CF98F2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 101480 |
Entropy (8bit): | 5.754479856662274 |
Encrypted: | false |
SSDEEP: | 1536:HMrDKbA8xl6y9Oj2FqnawHzDYwVY4quXoYbggnC:HM6dMy9MHBVY4qAolOC |
MD5: | 25F3ECFD195030F6B1BAD60E5EF97163 |
SHA1: | 749B7E267CDBBC83783DFA4C7BF45134556C13D7 |
SHA-256: | FCD740746D2B3E01945E6A099AB4CDD06ECE05818E25D08C5DDAFBD333B0DC84 |
SHA-512: | D91803A022DD9A6EF0E77CB231A5FB5DD1BC275F4CC38D886FD365B7EEAD094712ADC4FA3AAFFB8354DC193BAC3B8697F685631AE3B4D23924387706DB3C0DD9 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40792 |
Entropy (8bit): | 3.999599228878197 |
Encrypted: | false |
SSDEEP: | 768:mjZY5hx4iG8s1aNb/ibV5bVWsrUIDCf7+WFIUf4ndUpPacYQoxalE:n5huie1wrGDb8yUkCf7ZLRblE |
MD5: | B62B20F6B03B0C3A561EA7B0AEB0E812 |
SHA1: | 72B3F32CE0DB4909D7CF0C4385718188C61CA2C6 |
SHA-256: | 12C49D1622818D8454A1E4BB2EFBF21459CCE0C284A31D53E775B0B24EC849CF |
SHA-512: | CF0942474012DE7A28F26834DCBDFD2BCFF66EFB7DC29E4FE247284C3BF3B03B3BF16A43692D9CCF792B5CA1123298EE10678FF4BA0889587935F086B78759AB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 22479 |
Entropy (8bit): | 5.08095074751023 |
Encrypted: | false |
SSDEEP: | 384:PxozhVwKBMySMIKoE/pJf2OG3mcJ7t/CWP9At/H:P6Vf2yS0r/pJf6BEWP9At/H |
MD5: | 8154B723020AEE70829FFC138C9D1C4C |
SHA1: | 6F7AF3827B37845F071625458DF1DB8BA9056FD6 |
SHA-256: | 902F9D2A239CCAEBA677DB5838654FB6CE7CF3D21243B8EF122E9D970714B0D3 |
SHA-512: | D3F59F778AA72D26896AA2C81972F144DAB716DFA8E45E7B3C59F528B2752FE9E8971C86CF927C62E7501D9910E9D1212EFA1A58C29796A92E2D433116E76931 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 602739 |
Entropy (8bit): | 6.344393812734055 |
Encrypted: | false |
SSDEEP: | 12288:PCaPBchMCFjXEbIaM43VV1oSIG5BY5IikQH/oNguISjFovd:KaaMCeVV1oSIG5BY3/oNuSjFovd |
MD5: | 58BFEB91921D4882F7EDABAB9C0C1C17 |
SHA1: | 596DB0512A25089EF7CDE48CA3393E4F6878FF90 |
SHA-256: | 5C9DB6D64BAF0250735368825CEC3032EC39999F266125D132157ECC0403EE12 |
SHA-512: | A86C5F00109267532531366DF07A0187D2FBB80E1628A6E30508AA74098CAB4CDF5CAD54468929604F89CAA656BDBEF6B2F25C462AA1B72898B66F3B8D227AA2 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49851 |
Entropy (8bit): | 5.71925712297816 |
Encrypted: | false |
SSDEEP: | 768:59P9Y+clVaXLNcGRmDRC31lRrox5iJXx/gn9VFuKVcXGJMRv7hb8u+DwbMORdiPF:HPe+IkBcAEC31luGCQKKWJa8atRIPNQa |
MD5: | 6A9928C42EB4375CCEF3A025F3535795 |
SHA1: | 395703F4970B42F55C2BCB2B8CF3F0D12E192CEB |
SHA-256: | CAA457EF4BD84476790D215FFFF048DEB162CABC14DB3FF679795CCEA8972411 |
SHA-512: | 27F1E2E3DDF052A05D9F0C48E0936E0D4A7E850E4E835EAED96495E6241167915FCDAD371EA206C5B741846D70FF3AFCBA83269B01ED90B22B3F7F42572F03DB |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 773968 |
Entropy (8bit): | 6.901559811406837 |
Encrypted: | false |
SSDEEP: | 12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z |
MD5: | 0E37FBFA79D349D672456923EC5FBBE3 |
SHA1: | 4E880FC7625CCF8D9CA799D5B94CE2B1E7597335 |
SHA-256: | 8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18 |
SHA-512: | 2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 5.814115788739565 |
Encrypted: | false |
SSDEEP: | 192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr |
MD5: | CFF85C549D536F651D4FB8387F1976F2 |
SHA1: | D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E |
SHA-256: | 8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8 |
SHA-512: | 531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 429 |
Entropy (8bit): | 7.2660585571428715 |
Encrypted: | false |
SSDEEP: | 12:6v/723xn6PprukRVpsTWuFTEmRpnJGoQ6:9n6P7RvsTWuFTXpnNQ6 |
MD5: | 84D033B14C06568FA57352CCF18D8D35 |
SHA1: | 1D75B42F61842E8B0FA8D811DAC72B313CDDCA74 |
SHA-256: | 3989B93626DC3ED6EF03430AD0B1FF5C6E358DAC76E34ED7C8086579B68E660F |
SHA-512: | EAFE07814DF75D019EB39D999325818CE8F2D164A621E713709EE5E1F3D260EB6BCAA726A17588D034F6A6E7733B71A5141CE5B4CFCE267CBFA22B82D6227783 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335 |
Entropy (8bit): | 4.737555359684875 |
Encrypted: | false |
SSDEEP: | 6:TMVBd/6o8GUYl/n7S3mc4slZRI2rjFvRbWHFHUHFvCpifW1IUHFBLJZtSKlNK+:TMHdPnnl/nu3i2FZ484sIBLjdlj |
MD5: | C05C42CB3D95BF3BC7F49CCD8DCCA510 |
SHA1: | 20442E344E95508586B1B2A7B4C6272C3F5C86F8 |
SHA-256: | 695554CE5F23A275D3C25C27410D0CFBF8A83156807DAA3A601635E4E5D8AED0 |
SHA-512: | 0EC19BBA7B5032670524965A8C55D8C6401F833000880DE1C0F74A5EAA4E302B0CE3E60218F3DDB95CB3E1EA7374A197CB71682526DFF910D9A6CF35FF971BB6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.766288797716623 |
TrID: |
|
File name: | SecuriteInfo.com.Gen.Variant.Nemesis.7222.26141.exe |
File size: | 1007819 |
MD5: | 77436b29832ded92b60491ea36018196 |
SHA1: | 0314eca204964e3e189b0c0aed7f449e487dc98e |
SHA256: | b19c8495104c354de9aa1b3403bff2d1211a89fe8892e866d2d8dfd7bb0ba5da |
SHA512: | 799337dba429abed98ace7b229214f33706e0f00629992617327706694ec67c45ef9fdb878567eeec27a0e84c8b3a2bae37f572d37a1491bf934571160fd3c7f |
SSDEEP: | 24576:bbHw3bPzBxU7lXzd2+gIsofFiXKU74yNC/:fHUnWxlMo9i6/ |
TLSH: | A52512216654F813E3900A71C5F6F3BD49B4FE382E61CA03A6687F2D363E75C9929312 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j......... |
Icon Hash: | 7cbc7e6e78b0e010 |
Entrypoint: | 0x40352d |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 56a78d55f3f7af51443e58e0ce2fb5f6 |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 000003F4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [ebp-14h], ebx |
mov dword ptr [ebp-04h], 0040A2E0h |
mov dword ptr [ebp-10h], ebx |
call dword ptr [004080CCh] |
mov esi, dword ptr [004080D0h] |
lea eax, dword ptr [ebp-00000140h] |
push eax |
mov dword ptr [ebp-0000012Ch], ebx |
mov dword ptr [ebp-2Ch], ebx |
mov dword ptr [ebp-28h], ebx |
mov dword ptr [ebp-00000140h], 0000011Ch |
call esi |
test eax, eax |
jne 00007F716086261Ah |
lea eax, dword ptr [ebp-00000140h] |
mov dword ptr [ebp-00000140h], 00000114h |
push eax |
call esi |
mov ax, word ptr [ebp-0000012Ch] |
mov ecx, dword ptr [ebp-00000112h] |
sub ax, 00000053h |
add ecx, FFFFFFD0h |
neg ax |
sbb eax, eax |
mov byte ptr [ebp-26h], 00000004h |
not eax |
and eax, ecx |
mov word ptr [ebp-2Ch], ax |
cmp dword ptr [ebp-0000013Ch], 0Ah |
jnc 00007F71608625EAh |
and word ptr [ebp-00000132h], 0000h |
mov eax, dword ptr [ebp-00000134h] |
movzx ecx, byte ptr [ebp-00000138h] |
mov dword ptr [00434FB8h], eax |
xor eax, eax |
mov ah, byte ptr [ebp-0000013Ch] |
movzx eax, ax |
or eax, ecx |
xor ecx, ecx |
mov ch, byte ptr [ebp-2Ch] |
movzx ecx, cx |
shl eax, 10h |
or eax, ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8610 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6c000 | 0x28498 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6897 | 0x6a00 | False | 0.666126179245 | data | 6.45839821493 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x14a6 | 0x1600 | False | 0.439275568182 | data | 5.02410928126 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x2b018 | 0x600 | False | 0.521484375 | data | 4.15458210409 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x36000 | 0x36000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x6c000 | 0x28498 | 0x28600 | False | 0.447235390867 | data | 5.43623310188 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x6c358 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x7cb80 | 0x94a8 | data | English | United States |
RT_ICON | 0x86028 | 0x5488 | data | English | United States |
RT_ICON | 0x8b4b0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 65279, next used block 4294967040 | English | United States |
RT_ICON | 0x8f6d8 | 0x25a8 | data | English | United States |
RT_ICON | 0x91c80 | 0x10a8 | data | English | United States |
RT_ICON | 0x92d28 | 0x988 | data | English | United States |
RT_ICON | 0x936b0 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x93b18 | 0x100 | data | English | United States |
RT_DIALOG | 0x93c18 | 0x11c | data | English | United States |
RT_DIALOG | 0x93d38 | 0xc4 | data | English | United States |
RT_DIALOG | 0x93e00 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x93e60 | 0x76 | data | English | United States |
RT_VERSION | 0x93ed8 | 0x27c | data | English | United States |
RT_MANIFEST | 0x94158 | 0x33e | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
Description | Data |
---|---|
LegalCopyright | Euthanasiachromo202 |
FileVersion | 24.24.17 |
CompanyName | Conciliato |
LegalTrademarks | LASHINGPREEXPOU |
Comments | Subconceptflovse2 |
ProductName | Ritha |
FileDescription | andenk |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 27, 2022 21:11:34.457545042 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.581590891 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.581911087 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.582463026 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.706456900 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.707243919 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.707329035 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.707391977 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.707426071 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.707488060 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.707515001 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.707585096 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.707587957 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.707657099 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.707676888 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.707755089 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.707817078 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.707865000 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.707885981 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.707918882 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.707982063 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.708022118 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.708080053 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.708204031 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.831994057 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.832139969 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.832201958 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.832287073 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.832357883 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.832412958 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.832459927 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.832510948 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.832515001 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.832598925 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.832601070 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.832675934 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.832695961 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.832747936 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.832801104 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.832801104 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.832850933 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.832869053 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.832917929 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.832933903 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.832989931 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.832997084 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.833055973 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.833106041 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.833113909 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.833167076 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.833170891 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.833229065 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.833283901 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.833286047 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.833333969 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.833348036 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.833404064 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.833447933 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.833499908 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.833571911 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.957458019 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.957545042 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.957684994 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.957781076 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.957817078 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.957885027 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.957921982 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958045006 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958084106 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.958137989 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958192110 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.958194971 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958259106 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958307981 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.958312035 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958354950 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.958378077 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958436966 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958479881 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.958523989 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.958539963 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958607912 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.958620071 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958683014 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.958683968 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958745003 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958791018 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.958796978 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958844900 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.958858013 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958908081 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.958918095 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.958995104 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959007978 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.959064960 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959115028 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.959120989 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959178925 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959187984 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.959240913 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.959243059 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959301949 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959353924 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.959358931 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959415913 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959465981 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959465981 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.959513903 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.959527969 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959573984 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.959587097 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959642887 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959671974 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.959714890 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959775925 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959800005 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.959839106 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959847927 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.959903002 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959924936 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.959968090 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.959996939 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.960027933 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.960078955 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.960123062 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.960129976 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.960186005 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.960196018 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:34.960239887 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.960323095 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:34.960483074 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.084196091 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.084306002 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.084367037 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.084417105 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.084455013 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.084537029 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.084589958 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.084650040 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.084686995 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.084738016 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.084790945 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.084795952 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.084944010 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.084956884 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.085005999 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.085022926 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.085100889 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.085131884 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.085170984 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.085216045 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.085268021 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.085333109 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.085345030 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.085349083 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.085428953 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.085463047 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.085494041 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.085582018 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.085637093 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.085730076 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.085747004 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.085812092 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.085918903 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086010933 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.086044073 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086061001 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.086163998 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086206913 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.086287975 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086340904 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086385965 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.086395979 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086432934 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.086457968 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086512089 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.086555958 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086607933 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086653948 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086683035 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.086714029 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086746931 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.086795092 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086818933 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.086865902 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086913109 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.086920977 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.086982012 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087038994 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087079048 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.087093115 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087126017 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.087155104 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087207079 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087232113 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.087268114 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087285995 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.087333918 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087393045 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087456942 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087488890 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.087511063 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.087515116 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087577105 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087600946 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.087641001 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087672949 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.087701082 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087752104 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087811947 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087831974 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.087878942 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087879896 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.087939024 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.087970018 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.087997913 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088027000 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.088059902 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088119030 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088179111 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088191986 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.088237047 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.088252068 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088332891 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088346004 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.088386059 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.088407040 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088463068 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088515043 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088536978 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.088577032 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088584900 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.088639975 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088671923 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.088700056 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088757038 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088772058 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.088824034 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088881016 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088917017 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.088936090 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.088943005 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.088999987 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089047909 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089097977 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089101076 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.089159966 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089209080 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089255095 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089284897 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.089303970 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.089308023 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089333057 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.089375019 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089431047 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089432001 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.089489937 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.089492083 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089550018 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089603901 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089658022 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089679003 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.089695930 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.089721918 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089777946 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089777946 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.089854956 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.089958906 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.090008974 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.213839054 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.213963032 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.214029074 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.214082003 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.214085102 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.214143991 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.214190960 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.214214087 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.214272976 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.214291096 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.214342117 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.214390993 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.214438915 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.214456081 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.214478970 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.214545965 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.214553118 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.214607000 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:35.214641094 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:35.214808941 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:11:39.963301897 CEST | 80 | 49727 | 103.211.219.10 | 192.168.11.20 |
May 27, 2022 21:11:39.963530064 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:13:24.390722036 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:13:24.703001022 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:13:25.312419891 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:13:26.530725956 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:13:28.967642069 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:13:33.826033115 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
May 27, 2022 21:13:43.526869059 CEST | 49727 | 80 | 192.168.11.20 | 103.211.219.10 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 27, 2022 21:11:34.431529999 CEST | 58545 | 53 | 192.168.11.20 | 1.1.1.1 |
May 27, 2022 21:11:34.445573092 CEST | 53 | 58545 | 1.1.1.1 | 192.168.11.20 |
May 27, 2022 21:11:47.486834049 CEST | 59048 | 53 | 192.168.11.20 | 1.1.1.1 |
May 27, 2022 21:11:48.490408897 CEST | 59048 | 53 | 192.168.11.20 | 9.9.9.9 |
May 27, 2022 21:11:48.493509054 CEST | 53 | 59048 | 9.9.9.9 | 192.168.11.20 |
May 27, 2022 21:11:48.605619907 CEST | 53 | 59048 | 1.1.1.1 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 27, 2022 21:11:34.431529999 CEST | 192.168.11.20 | 1.1.1.1 | 0x7fd | Standard query (0) | A (IP address) | IN (0x0001) | |
May 27, 2022 21:11:47.486834049 CEST | 192.168.11.20 | 1.1.1.1 | 0xaac | Standard query (0) | A (IP address) | IN (0x0001) | |
May 27, 2022 21:11:48.490408897 CEST | 192.168.11.20 | 9.9.9.9 | 0xaac | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 27, 2022 21:11:02.352399111 CEST | 1.1.1.1 | 192.168.11.20 | 0xd8c5 | No error (0) | dual-a-0001.a-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
May 27, 2022 21:11:02.352399111 CEST | 1.1.1.1 | 192.168.11.20 | 0xd8c5 | No error (0) | 13.107.21.200 | A (IP address) | IN (0x0001) | ||
May 27, 2022 21:11:02.352399111 CEST | 1.1.1.1 | 192.168.11.20 | 0xd8c5 | No error (0) | 204.79.197.200 | A (IP address) | IN (0x0001) | ||
May 27, 2022 21:11:02.671204090 CEST | 1.1.1.1 | 192.168.11.20 | 0x5fd3 | No error (0) | apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | ||
May 27, 2022 21:11:02.671204090 CEST | 1.1.1.1 | 192.168.11.20 | 0x5fd3 | No error (0) | apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net | CNAME (Canonical name) | IN (0x0001) | ||
May 27, 2022 21:11:03.301928043 CEST | 1.1.1.1 | 192.168.11.20 | 0xb5ce | No error (0) | e-0009.e-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
May 27, 2022 21:11:03.301928043 CEST | 1.1.1.1 | 192.168.11.20 | 0xb5ce | No error (0) | 13.107.5.88 | A (IP address) | IN (0x0001) | ||
May 27, 2022 21:11:34.445573092 CEST | 1.1.1.1 | 192.168.11.20 | 0x7fd | No error (0) | 103.211.219.10 | A (IP address) | IN (0x0001) | ||
May 27, 2022 21:11:48.493509054 CEST | 9.9.9.9 | 192.168.11.20 | 0xaac | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
May 27, 2022 21:11:48.605619907 CEST | 1.1.1.1 | 192.168.11.20 | 0xaac | No error (0) | solucionest.com.ar | CNAME (Canonical name) | IN (0x0001) | ||
May 27, 2022 21:11:48.605619907 CEST | 1.1.1.1 | 192.168.11.20 | 0xaac | No error (0) | 192.185.112.181 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49727 | 103.211.219.10 | 80 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 27, 2022 21:11:34.582463026 CEST | 343 | OUT | |
May 27, 2022 21:11:34.707243919 CEST | 344 | IN |