Windows
Analysis Report
VoRTaSs6hl
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- VoRTaSs6hl.exe (PID: 5260 cmdline:
"C:\Users\ user\Deskt op\VoRTaSs 6hl.exe" MD5: 6E2D9824EEEBAD8B1507FA4238892439) - VoRTaSs6hl.exe (PID: 2308 cmdline:
C:\Users\u ser\Deskto p\VoRTaSs6 hl.exe MD5: 6E2D9824EEEBAD8B1507FA4238892439)
- Accyaz.exe (PID: 4684 cmdline:
"C:\Users\ Public\Lib raries\Acc yaz.exe" MD5: 6E2D9824EEEBAD8B1507FA4238892439) - Accyaz.exe (PID: 1284 cmdline:
C:\Users\P ublic\Libr aries\Accy az.exe MD5: 6E2D9824EEEBAD8B1507FA4238892439)
- Accyaz.exe (PID: 3300 cmdline:
"C:\Users\ Public\Lib raries\Acc yaz.exe" MD5: 6E2D9824EEEBAD8B1507FA4238892439) - Accyaz.exe (PID: 5968 cmdline:
C:\Users\P ublic\Libr aries\Accy az.exe MD5: 6E2D9824EEEBAD8B1507FA4238892439)
- cleanup
{"Version": null, "Host:Port:Password": "bestsuccess.ddns.net:2442:0", "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Remcos", "Hide file": "Disable", "Mutex": "Remcos-HPUD4T", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DBatLoader | Yara detected DBatLoader | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Methodology_Shortcut_HotKey | Detects possible shortcut usage for .URL persistence | @itsreallynick (Nick Carr) |
| |
Methodology_Contains_Shortcut_OtherURIhandlers | Detects possible shortcut usage for .URL persistence | @itsreallynick (Nick Carr) |
| |
JoeSecurity_DBatLoader | Yara detected DBatLoader | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
Methodology_Contains_Shortcut_OtherURIhandlers | Detects possible shortcut usage for .URL persistence | @itsreallynick (Nick Carr) |
| |
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
Click to see the 177 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
JoeSecurity_UACBypassusingComputerDefaults | Yara detected UAC Bypass using ComputerDefaults | Joe Security | ||
Click to see the 218 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Avira URL Cloud: |
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Binary or memory string: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | URLs: |
Source: | DNS query: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | ||
Source: | Memory written: | ||
Source: | Memory written: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 111 Process Injection | 1 Masquerading | 1 Input Capture | 11 Security Software Discovery | Remote Services | 1 Input Capture | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 111 Process Injection | LSASS Memory | 1 Remote System Discovery | Remote Desktop Protocol | 11 Archive Collected Data | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 DLL Side-Loading | 1 Obfuscated Files or Information | Security Account Manager | 2 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Ingress Tool Transfer | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Software Packing | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | 23 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
58% | Virustotal | Browse | ||
40% | Metadefender | Browse | ||
81% | ReversingLabs | Win32.Trojan.Remcos |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
40% | Metadefender | Browse | ||
81% | ReversingLabs | Win32.Trojan.Remcos |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
l-0003.l-dc-msedge.net | 13.107.43.12 | true | false |
| unknown |
bestsuccess.ddns.net | 87.251.79.109 | true | true | unknown | |
qkvera.am.files.1drv.com | unknown | unknown | false | high | |
onedrive.live.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.43.12 | l-0003.l-dc-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
87.251.79.109 | bestsuccess.ddns.net | Russian Federation | 20803 | RISS-ASRU | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 679178 |
Start date and time: 05/08/202211:27:07 | 2022-08-05 11:27:07 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 29s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | VoRTaSs6hl (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.expl.evad.winEXE@9/6@39/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
- TCP Packets have been reduced to 100
- Excluded IPs from analysis (whitelisted): 23.211.6.115, 13.107.42.13, 13.107.42.12, 52.152.110.14, 52.242.101.226, 20.223.24.244, 20.54.89.106
- Excluded domains from analysis (whitelisted): www.bing.com, odc-web-brs.onedrive.akadns.net, client.wns.windows.com, fs.microsoft.com, odc-web-geo.onedrive.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, l-0004.l-msedge.net, e12564.dspb.akamaiedge.net, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, rp-consumer-prod-displaycatalog-geomap.trafficmanager.net, l-0003.l-msedge.net, login.live.com, store-images.s-microsoft.com, odc-am-files-geo.onedrive.akadns.net, sls.update.microsoft.com, am-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, odc-am-files-brs.onedrive.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Execution Graph export aborted for target Accyaz.exe, PID 3300 because there are no executed function
- Execution Graph export aborted for target Accyaz.exe, PID 4684 because there are no executed function
- Execution Graph export aborted for target VoRTaSs6hl.exe, PID 5260 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
11:28:14 | API Interceptor | |
11:29:03 | Autostart | |
11:29:11 | Autostart | |
11:29:14 | API Interceptor |
Process: | C:\Users\user\Desktop\VoRTaSs6hl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1011712 |
Entropy (8bit): | 6.970245087154208 |
Encrypted: | false |
SSDEEP: | 24576:NDA1mchKTwkH17WtMBhiUDxvHiMYSt8tVSn52pAf2rDNtl2aCHXb:NDhc8ZPbVI9Sn52KNb |
MD5: | 6E2D9824EEEBAD8B1507FA4238892439 |
SHA1: | 03A6497741B9697F9234F85644CD35AA5BF0E42E |
SHA-256: | F10C2BBC2319E72BC4DEE452A2DE176573D88EAFECC30E97748B5DD087F4EA1F |
SHA-512: | 17DBF165300BD6E97C16C1D595A46FA035B0FA3E414E7707EF072404408AE20D48046D59BC651358F45B2DE50A9E9ADF9E52C4DB6DF211F2AE037A8B285B23AB |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\VoRTaSs6hl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\VoRTaSs6hl.exe |
File Type: | |
Category: | modified |
Size (bytes): | 97 |
Entropy (8bit): | 4.9671520540949095 |
Encrypted: | false |
SSDEEP: | 3:HRAbABGQYmTWAX+rSF55i0XMeL4AIvsGKd5sPKv:HRYFVmTWDyzBmvsb54Kv |
MD5: | 3C9A5A6C482B7C7255FDB1B14B3A52C2 |
SHA1: | 9525DFA127BB3F55C3614E05CC1E555212B4384F |
SHA-256: | 13303C584783D3060D79EF79C04B0314446D0260209C5FB3F2F7E2E7FBC6EEAE |
SHA-512: | 9EBFF94EA844790431EAEE2175F504179EB62B3D7D5EE653DA6828A50C1D78404FD86A82FDD50C6EF106B2BF982E4B82318219E20B724378D694A91D77D325AB |
Malicious: | false |
Yara Hits: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Accyazbvbxqszzrfjnimerlsovywpte[1]
Download File
Process: | C:\Users\user\Desktop\VoRTaSs6hl.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 651776 |
Entropy (8bit): | 7.551975307172377 |
Encrypted: | false |
SSDEEP: | 12288:XfzO0z7ygcMwvZ4lIzZowpi3C/o9njndDckACxjL6NYjj:vaceOwvZYIWV8indDc3Yn |
MD5: | ECD16DEF98C8314CBBFF01DC87DF9471 |
SHA1: | 6986577AA36365136AD7A1C9E9CF565143520630 |
SHA-256: | 28ED385B048DF555C5FEB080262F490DD31A95B787675BBA145B365C92015E30 |
SHA-512: | 4784F9EED12F8B0B592F41C5ADCC63A642E8213CAA01A0D706F79FB1A6BD257F91711EED8059030203384B1C2BC78CBE7F1493048A2794965B04D881A0A73183 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Accyazbvbxqszzrfjnimerlsovywpte[2]
Download File
Process: | C:\Users\Public\Libraries\Accyaz.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 651776 |
Entropy (8bit): | 7.551975307172377 |
Encrypted: | false |
SSDEEP: | 12288:XfzO0z7ygcMwvZ4lIzZowpi3C/o9njndDckACxjL6NYjj:vaceOwvZYIWV8indDc3Yn |
MD5: | ECD16DEF98C8314CBBFF01DC87DF9471 |
SHA1: | 6986577AA36365136AD7A1C9E9CF565143520630 |
SHA-256: | 28ED385B048DF555C5FEB080262F490DD31A95B787675BBA145B365C92015E30 |
SHA-512: | 4784F9EED12F8B0B592F41C5ADCC63A642E8213CAA01A0D706F79FB1A6BD257F91711EED8059030203384B1C2BC78CBE7F1493048A2794965B04D881A0A73183 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\Accyazbvbxqszzrfjnimerlsovywpte[2]
Download File
Process: | C:\Users\Public\Libraries\Accyaz.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 651776 |
Entropy (8bit): | 7.551975307172377 |
Encrypted: | false |
SSDEEP: | 12288:XfzO0z7ygcMwvZ4lIzZowpi3C/o9njndDckACxjL6NYjj:vaceOwvZYIWV8indDc3Yn |
MD5: | ECD16DEF98C8314CBBFF01DC87DF9471 |
SHA1: | 6986577AA36365136AD7A1C9E9CF565143520630 |
SHA-256: | 28ED385B048DF555C5FEB080262F490DD31A95B787675BBA145B365C92015E30 |
SHA-512: | 4784F9EED12F8B0B592F41C5ADCC63A642E8213CAA01A0D706F79FB1A6BD257F91711EED8059030203384B1C2BC78CBE7F1493048A2794965B04D881A0A73183 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.970245087154208 |
TrID: |
|
File name: | VoRTaSs6hl.exe |
File size: | 1011712 |
MD5: | 6e2d9824eeebad8b1507fa4238892439 |
SHA1: | 03a6497741b9697f9234f85644cd35aa5bf0e42e |
SHA256: | f10c2bbc2319e72bc4dee452a2de176573d88eafecc30e97748b5dd087f4ea1f |
SHA512: | 17dbf165300bd6e97c16c1d595a46fa035b0fa3e414e7707ef072404408ae20d48046d59bc651358f45b2de50a9e9adf9e52c4db6df211f2ae037a8b285b23ab |
SSDEEP: | 24576:NDA1mchKTwkH17WtMBhiUDxvHiMYSt8tVSn52pAf2rDNtl2aCHXb:NDhc8ZPbVI9Sn52KNb |
TLSH: | EA259E35E7D28433D4732B3D4D1B46A55836BE112E68D88A2BED2D881FF968239353C7 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | c49af2e8ece0e6c8 |
Entrypoint: | 0x4a3b74 |
Entrypoint Section: | CODE |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 205f6434858f3f8cc9e8b96d094507a2 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
mov eax, 004A38D4h |
call 00007FD18CB06DF1h |
mov eax, dword ptr [004A587Ch] |
mov eax, dword ptr [eax] |
call 00007FD18CB67B31h |
mov ecx, dword ptr [004A59E0h] |
mov eax, dword ptr [004A587Ch] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [004A0C1Ch] |
call 00007FD18CB67B31h |
mov eax, dword ptr [004A59E0h] |
mov eax, dword ptr [eax] |
call 00007FD18CB645A5h |
mov eax, dword ptr [004A587Ch] |
mov eax, dword ptr [eax] |
call 00007FD18CB67B99h |
call 00007FD18CB04854h |
lea eax, dword ptr [eax+00h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa7000 | 0x27a4 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xb9000 | 0x4375c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xac000 | 0xc1ec | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xab000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0xa2bc8 | 0xa2c00 | False | 0.5100101406490015 | data | 6.535344306379752 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
DATA | 0xa4000 | 0x1aa4 | 0x1c00 | False | 0.42703683035714285 | data | 4.101220909917565 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
BSS | 0xa6000 | 0xef5 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0xa7000 | 0x27a4 | 0x2800 | False | 0.3671875 | data | 5.001062777293974 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0xaa000 | 0x40 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xab000 | 0x18 | 0x200 | False | 0.05078125 | data | 0.2005819074398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.reloc | 0xac000 | 0xc1ec | 0xc200 | False | 0.5179606958762887 | data | 6.616954325025841 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0xb9000 | 0x4375c | 0x43800 | False | 0.5486762152777778 | data | 7.261354981454627 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
AUDIOES | 0xb9da0 | 0x3697c | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz | English | United States |
RT_CURSOR | 0xf071c | 0x134 | data | ||
RT_CURSOR | 0xf0850 | 0x134 | data | ||
RT_CURSOR | 0xf0984 | 0x134 | data | ||
RT_CURSOR | 0xf0ab8 | 0x134 | data | ||
RT_CURSOR | 0xf0bec | 0x134 | data | ||
RT_CURSOR | 0xf0d20 | 0x134 | data | ||
RT_CURSOR | 0xf0e54 | 0x134 | data | ||
RT_BITMAP | 0xf0f88 | 0x1d0 | data | ||
RT_BITMAP | 0xf1158 | 0x1e4 | data | ||
RT_BITMAP | 0xf133c | 0x1d0 | data | ||
RT_BITMAP | 0xf150c | 0x1d0 | data | ||
RT_BITMAP | 0xf16dc | 0x1d0 | data | ||
RT_BITMAP | 0xf18ac | 0x1d0 | data | ||
RT_BITMAP | 0xf1a7c | 0x1d0 | data | ||
RT_BITMAP | 0xf1c4c | 0x1d0 | data | ||
RT_BITMAP | 0xf1e1c | 0x1d0 | data | ||
RT_BITMAP | 0xf1fec | 0x1d0 | data | ||
RT_BITMAP | 0xf21bc | 0xe8 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf22a4 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xf484c | 0x988 | data | ||
RT_ICON | 0xf51d4 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_DIALOG | 0xf563c | 0x52 | data | ||
RT_STRING | 0xf5690 | 0x114 | data | ||
RT_STRING | 0xf57a4 | 0x3d0 | data | ||
RT_STRING | 0xf5b74 | 0x554 | data | ||
RT_STRING | 0xf60c8 | 0x3cc | data | ||
RT_STRING | 0xf6494 | 0x1d4 | data | ||
RT_STRING | 0xf6668 | 0x180 | data | ||
RT_STRING | 0xf67e8 | 0x314 | COM executable for DOS | ||
RT_STRING | 0xf6afc | 0x4f4 | data | ||
RT_STRING | 0xf6ff0 | 0x1c0 | data | ||
RT_STRING | 0xf71b0 | 0xec | data | ||
RT_STRING | 0xf729c | 0x134 | data | ||
RT_STRING | 0xf73d0 | 0x314 | data | ||
RT_STRING | 0xf76e4 | 0x40c | data | ||
RT_STRING | 0xf7af0 | 0x380 | data | ||
RT_STRING | 0xf7e70 | 0x3d4 | data | ||
RT_STRING | 0xf8244 | 0x250 | data | ||
RT_STRING | 0xf8494 | 0xec | data | ||
RT_STRING | 0xf8580 | 0x1dc | data | ||
RT_STRING | 0xf875c | 0x3ec | data | ||
RT_STRING | 0xf8b48 | 0x3f4 | data | ||
RT_STRING | 0xf8f3c | 0x30c | data | ||
RT_STRING | 0xf9248 | 0x328 | data | ||
RT_RCDATA | 0xf9570 | 0x10 | data | ||
RT_RCDATA | 0xf9580 | 0x370 | data | ||
RT_RCDATA | 0xf98f0 | 0x16ad | Delphi compiled form 'TForm1' | ||
RT_RCDATA | 0xfafa0 | 0x2c3 | Delphi compiled form 'TForm2' | ||
RT_RCDATA | 0xfb264 | 0x39e | Delphi compiled form 'TForm3' | ||
RT_RCDATA | 0xfb604 | 0x2d0 | Delphi compiled form 'TForm4' | ||
RT_GROUP_CURSOR | 0xfb8d4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb8e8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb8fc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb910 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb924 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb938 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xfb94c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_ICON | 0xfb960 | 0x30 | data | ||
RT_VERSION | 0xfb990 | 0x934 | data | ||
RT_VERSION | 0xfc2c4 | 0x498 | data | German | Germany |
DLL | Import |
---|---|
kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle |
user32.dll | GetKeyboardType, LoadStringA, MessageBoxA, CharNextA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
kernel32.dll | lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProfileStringA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushInstructionCache, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle |
version.dll | VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA |
gdi32.dll | UnrealizeObject, StretchBlt, StartPage, StartDocA, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExcludeClipRect, EndPage, EndDoc, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, BitBlt |
user32.dll | CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, ShowCaret, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawStateA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
ole32.dll | CoTaskMemFree, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID |
oleaut32.dll | GetErrorInfo, GetActiveObject, SysFreeString |
comctl32.dll | ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls |
winspool.drv | OpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter |
shell32.dll | ShellExecuteA |
comdlg32.dll | GetSaveFileNameA, GetOpenFileNameA |
winmm.dll | sndPlaySoundA |
kernel32 | VirtualProtect, GetProcAddress |
URL | AddMIMEFileTypesPS |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
German | Germany |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 5, 2022 11:29:02.215034008 CEST | 49784 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:02.310251951 CEST | 2442 | 49784 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:02.848417044 CEST | 49784 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:02.943662882 CEST | 2442 | 49784 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:03.448482990 CEST | 49784 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:03.543705940 CEST | 2442 | 49784 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:04.573559046 CEST | 49785 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:04.671610117 CEST | 2442 | 49785 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:05.190604925 CEST | 49785 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:05.288259983 CEST | 2442 | 49785 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:05.892695904 CEST | 49785 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:05.990417957 CEST | 2442 | 49785 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:07.038170099 CEST | 49787 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:07.132850885 CEST | 2442 | 49787 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:07.763283014 CEST | 49787 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:07.857615948 CEST | 2442 | 49787 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:08.450799942 CEST | 49787 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:08.544441938 CEST | 2442 | 49787 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:09.677699089 CEST | 49788 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:09.771477938 CEST | 2442 | 49788 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:10.450978994 CEST | 49788 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:10.545030117 CEST | 2442 | 49788 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:11.060378075 CEST | 49788 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:11.154350996 CEST | 2442 | 49788 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:12.200670004 CEST | 49789 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:12.295372963 CEST | 2442 | 49789 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:12.904258966 CEST | 49789 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:12.998805046 CEST | 2442 | 49789 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:13.513674021 CEST | 49789 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:13.607850075 CEST | 2442 | 49789 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:14.636627913 CEST | 49792 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:14.730544090 CEST | 2442 | 49792 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:15.294990063 CEST | 49792 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:15.388828039 CEST | 2442 | 49792 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:15.893026114 CEST | 49792 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:15.987512112 CEST | 2442 | 49792 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:17.066796064 CEST | 49798 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:17.162373066 CEST | 2442 | 49798 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:17.750139952 CEST | 49798 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:17.845583916 CEST | 2442 | 49798 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:18.350229979 CEST | 49798 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:18.447462082 CEST | 2442 | 49798 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:19.492218018 CEST | 49804 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:19.589941025 CEST | 2442 | 49804 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:20.101403952 CEST | 49804 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:20.198950052 CEST | 2442 | 49804 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:20.901417017 CEST | 49804 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:20.999027014 CEST | 2442 | 49804 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:22.129579067 CEST | 49805 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:22.226104021 CEST | 2442 | 49805 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:22.750619888 CEST | 49805 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:22.847090006 CEST | 2442 | 49805 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:23.350569963 CEST | 49805 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:23.447024107 CEST | 2442 | 49805 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:24.478112936 CEST | 49807 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:24.574439049 CEST | 2442 | 49807 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:24.738317013 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.738347054 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:24.738432884 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.738967896 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.738979101 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:24.858933926 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:24.859107971 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.860426903 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:24.860555887 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.943790913 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.943818092 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:24.944324970 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:24.944384098 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.945410013 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:24.987375021 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.107742071 CEST | 49807 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:25.141964912 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.142021894 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.142066002 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.142119884 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.142148972 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.142158985 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.142172098 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.142256975 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.142273903 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.148289919 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.148797989 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.148832083 CEST | 443 | 49808 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:25.148901939 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.148941040 CEST | 49808 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:25.202805996 CEST | 2442 | 49807 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:25.795777082 CEST | 49807 | 2442 | 192.168.2.6 | 87.251.79.109 |
Aug 5, 2022 11:29:25.890801907 CEST | 2442 | 49807 | 87.251.79.109 | 192.168.2.6 |
Aug 5, 2022 11:29:26.681442022 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.681490898 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.681591988 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.682666063 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.682687044 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.776566982 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.777185917 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.780611038 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.780649900 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Aug 5, 2022 11:29:26.787744045 CEST | 49811 | 443 | 192.168.2.6 | 13.107.43.12 |
Aug 5, 2022 11:29:26.787785053 CEST | 443 | 49811 | 13.107.43.12 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 5, 2022 11:28:14.245707989 CEST | 55201 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:28:15.658751011 CEST | 59293 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:02.184688091 CEST | 52858 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:02.204082012 CEST | 53 | 52858 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:04.549520969 CEST | 50029 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:04.571603060 CEST | 53 | 50029 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:07.006860018 CEST | 51194 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:07.036387920 CEST | 53 | 51194 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:09.657099962 CEST | 51666 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:09.675156116 CEST | 53 | 51666 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:12.175276995 CEST | 57037 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:12.195884943 CEST | 53 | 57037 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:14.485907078 CEST | 54529 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:14.615339994 CEST | 62643 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:14.634816885 CEST | 53 | 62643 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:15.163304090 CEST | 54015 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:17.043893099 CEST | 52089 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:17.064167023 CEST | 53 | 52089 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:19.464258909 CEST | 52698 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:19.483652115 CEST | 53 | 52698 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:22.043886900 CEST | 53829 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:22.063394070 CEST | 53 | 53829 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:23.417946100 CEST | 61901 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:24.456671953 CEST | 58689 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:24.473798990 CEST | 53 | 58689 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:24.677567959 CEST | 50081 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:26.964517117 CEST | 65526 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:26.983617067 CEST | 53 | 65526 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:30.382174015 CEST | 53049 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:30.401618958 CEST | 53 | 53049 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:32.910898924 CEST | 52125 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:32.931596041 CEST | 53 | 52125 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:35.394706011 CEST | 63104 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:35.411910057 CEST | 53 | 63104 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:37.767740011 CEST | 55083 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:37.785396099 CEST | 53 | 55083 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:40.154763937 CEST | 58360 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:40.174287081 CEST | 53 | 58360 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:42.614136934 CEST | 59724 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:42.633620977 CEST | 53 | 59724 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:45.355396032 CEST | 56071 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:45.374742985 CEST | 53 | 56071 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:51.785748005 CEST | 59106 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:51.805361986 CEST | 53 | 59106 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:54.478871107 CEST | 60658 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:54.498269081 CEST | 53 | 60658 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:56.859287977 CEST | 53170 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:56.877358913 CEST | 53 | 53170 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:29:59.211819887 CEST | 65367 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:29:59.229491949 CEST | 53 | 65367 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:01.560338020 CEST | 64544 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:01.579909086 CEST | 53 | 64544 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:03.899482965 CEST | 49679 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:03.917027950 CEST | 53 | 49679 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:06.336374044 CEST | 60361 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:06.355673075 CEST | 53 | 60361 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:09.932691097 CEST | 63771 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:09.954303026 CEST | 53 | 63771 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:12.483689070 CEST | 64579 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:12.504652977 CEST | 53 | 64579 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:15.014569044 CEST | 58801 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:15.035667896 CEST | 53 | 58801 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:17.395205021 CEST | 59028 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:17.416325092 CEST | 53 | 59028 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:19.745235920 CEST | 61571 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:19.772651911 CEST | 53 | 61571 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:22.058725119 CEST | 49463 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:22.076283932 CEST | 53 | 49463 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:24.401899099 CEST | 64597 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:24.421556950 CEST | 53 | 64597 | 8.8.8.8 | 192.168.2.6 |
Aug 5, 2022 11:30:26.868767023 CEST | 57178 | 53 | 192.168.2.6 | 8.8.8.8 |
Aug 5, 2022 11:30:26.888618946 CEST | 53 | 57178 | 8.8.8.8 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 5, 2022 11:28:14.245707989 CEST | 192.168.2.6 | 8.8.8.8 | 0xecb5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:28:15.658751011 CEST | 192.168.2.6 | 8.8.8.8 | 0x35da | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:02.184688091 CEST | 192.168.2.6 | 8.8.8.8 | 0x28e6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:04.549520969 CEST | 192.168.2.6 | 8.8.8.8 | 0x570 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:07.006860018 CEST | 192.168.2.6 | 8.8.8.8 | 0x4377 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:09.657099962 CEST | 192.168.2.6 | 8.8.8.8 | 0xc21e | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:12.175276995 CEST | 192.168.2.6 | 8.8.8.8 | 0xd995 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:14.485907078 CEST | 192.168.2.6 | 8.8.8.8 | 0x472d | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:14.615339994 CEST | 192.168.2.6 | 8.8.8.8 | 0xc72c | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:15.163304090 CEST | 192.168.2.6 | 8.8.8.8 | 0x6a2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:17.043893099 CEST | 192.168.2.6 | 8.8.8.8 | 0x5cda | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:19.464258909 CEST | 192.168.2.6 | 8.8.8.8 | 0x54ff | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:22.043886900 CEST | 192.168.2.6 | 8.8.8.8 | 0x7ba2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:23.417946100 CEST | 192.168.2.6 | 8.8.8.8 | 0xde98 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:24.456671953 CEST | 192.168.2.6 | 8.8.8.8 | 0x8eb5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:24.677567959 CEST | 192.168.2.6 | 8.8.8.8 | 0x1f50 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:26.964517117 CEST | 192.168.2.6 | 8.8.8.8 | 0x9f83 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:30.382174015 CEST | 192.168.2.6 | 8.8.8.8 | 0x1107 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:32.910898924 CEST | 192.168.2.6 | 8.8.8.8 | 0x9a8d | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:35.394706011 CEST | 192.168.2.6 | 8.8.8.8 | 0x417d | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:37.767740011 CEST | 192.168.2.6 | 8.8.8.8 | 0x7294 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:40.154763937 CEST | 192.168.2.6 | 8.8.8.8 | 0x321e | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:42.614136934 CEST | 192.168.2.6 | 8.8.8.8 | 0xf920 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:45.355396032 CEST | 192.168.2.6 | 8.8.8.8 | 0x238f | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:51.785748005 CEST | 192.168.2.6 | 8.8.8.8 | 0x6ea1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:54.478871107 CEST | 192.168.2.6 | 8.8.8.8 | 0xc238 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:56.859287977 CEST | 192.168.2.6 | 8.8.8.8 | 0x570e | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:29:59.211819887 CEST | 192.168.2.6 | 8.8.8.8 | 0x7c76 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:01.560338020 CEST | 192.168.2.6 | 8.8.8.8 | 0xa1fa | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:03.899482965 CEST | 192.168.2.6 | 8.8.8.8 | 0x8273 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:06.336374044 CEST | 192.168.2.6 | 8.8.8.8 | 0xd8f7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:09.932691097 CEST | 192.168.2.6 | 8.8.8.8 | 0xda79 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:12.483689070 CEST | 192.168.2.6 | 8.8.8.8 | 0x210 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:15.014569044 CEST | 192.168.2.6 | 8.8.8.8 | 0xe251 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:17.395205021 CEST | 192.168.2.6 | 8.8.8.8 | 0xfe71 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:19.745235920 CEST | 192.168.2.6 | 8.8.8.8 | 0xad3f | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:22.058725119 CEST | 192.168.2.6 | 8.8.8.8 | 0xfeb5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:24.401899099 CEST | 192.168.2.6 | 8.8.8.8 | 0x844b | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 5, 2022 11:30:26.868767023 CEST | 192.168.2.6 | 8.8.8.8 | 0x84e7 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 5, 2022 11:28:14.287856102 CEST | 8.8.8.8 | 192.168.2.6 | 0xecb5 | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:28:15.716984034 CEST | 8.8.8.8 | 192.168.2.6 | 0x35da | No error (0) | am-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:28:15.716984034 CEST | 8.8.8.8 | 192.168.2.6 | 0x35da | No error (0) | odc-am-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:02.204082012 CEST | 8.8.8.8 | 192.168.2.6 | 0x28e6 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:04.571603060 CEST | 8.8.8.8 | 192.168.2.6 | 0x570 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:07.036387920 CEST | 8.8.8.8 | 192.168.2.6 | 0x4377 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:09.675156116 CEST | 8.8.8.8 | 192.168.2.6 | 0xc21e | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:12.195884943 CEST | 8.8.8.8 | 192.168.2.6 | 0xd995 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:14.528187990 CEST | 8.8.8.8 | 192.168.2.6 | 0x472d | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:14.634816885 CEST | 8.8.8.8 | 192.168.2.6 | 0xc72c | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:15.223334074 CEST | 8.8.8.8 | 192.168.2.6 | 0x6a2 | No error (0) | am-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:15.223334074 CEST | 8.8.8.8 | 192.168.2.6 | 0x6a2 | No error (0) | odc-am-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:17.064167023 CEST | 8.8.8.8 | 192.168.2.6 | 0x5cda | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:19.483652115 CEST | 8.8.8.8 | 192.168.2.6 | 0x54ff | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:22.063394070 CEST | 8.8.8.8 | 192.168.2.6 | 0x7ba2 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:23.590820074 CEST | 8.8.8.8 | 192.168.2.6 | 0xde98 | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:24.473798990 CEST | 8.8.8.8 | 192.168.2.6 | 0x8eb5 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:24.736212015 CEST | 8.8.8.8 | 192.168.2.6 | 0x1f50 | No error (0) | am-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:24.736212015 CEST | 8.8.8.8 | 192.168.2.6 | 0x1f50 | No error (0) | odc-am-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Aug 5, 2022 11:29:24.736212015 CEST | 8.8.8.8 | 192.168.2.6 | 0x1f50 | No error (0) | 13.107.43.12 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:26.983617067 CEST | 8.8.8.8 | 192.168.2.6 | 0x9f83 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:30.401618958 CEST | 8.8.8.8 | 192.168.2.6 | 0x1107 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:32.931596041 CEST | 8.8.8.8 | 192.168.2.6 | 0x9a8d | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:35.411910057 CEST | 8.8.8.8 | 192.168.2.6 | 0x417d | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:37.785396099 CEST | 8.8.8.8 | 192.168.2.6 | 0x7294 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:40.174287081 CEST | 8.8.8.8 | 192.168.2.6 | 0x321e | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:42.633620977 CEST | 8.8.8.8 | 192.168.2.6 | 0xf920 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:45.374742985 CEST | 8.8.8.8 | 192.168.2.6 | 0x238f | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:51.805361986 CEST | 8.8.8.8 | 192.168.2.6 | 0x6ea1 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:54.498269081 CEST | 8.8.8.8 | 192.168.2.6 | 0xc238 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:56.877358913 CEST | 8.8.8.8 | 192.168.2.6 | 0x570e | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:29:59.229491949 CEST | 8.8.8.8 | 192.168.2.6 | 0x7c76 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:01.579909086 CEST | 8.8.8.8 | 192.168.2.6 | 0xa1fa | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:03.917027950 CEST | 8.8.8.8 | 192.168.2.6 | 0x8273 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:06.355673075 CEST | 8.8.8.8 | 192.168.2.6 | 0xd8f7 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:09.954303026 CEST | 8.8.8.8 | 192.168.2.6 | 0xda79 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:12.504652977 CEST | 8.8.8.8 | 192.168.2.6 | 0x210 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:15.035667896 CEST | 8.8.8.8 | 192.168.2.6 | 0xe251 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:17.416325092 CEST | 8.8.8.8 | 192.168.2.6 | 0xfe71 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:19.772651911 CEST | 8.8.8.8 | 192.168.2.6 | 0xad3f | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:22.076283932 CEST | 8.8.8.8 | 192.168.2.6 | 0xfeb5 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:24.421556950 CEST | 8.8.8.8 | 192.168.2.6 | 0x844b | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) | ||
Aug 5, 2022 11:30:26.888618946 CEST | 8.8.8.8 | 192.168.2.6 | 0x84e7 | No error (0) | 87.251.79.109 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49808 | 13.107.43.12 | 443 | C:\Users\Public\Libraries\Accyaz.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 09:29:24 UTC | 0 | OUT | |
2022-08-05 09:29:25 UTC | 0 | IN | |
2022-08-05 09:29:25 UTC | 1 | IN | |
2022-08-05 09:29:25 UTC | 1 | IN | |
2022-08-05 09:29:25 UTC | 9 | IN | |
2022-08-05 09:29:25 UTC | 17 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.6 | 49811 | 13.107.43.12 | 443 | C:\Users\Public\Libraries\Accyaz.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-08-05 09:29:26 UTC | 25 | OUT | |
2022-08-05 09:29:26 UTC | 25 | IN | |
2022-08-05 09:29:26 UTC | 27 | IN | |
2022-08-05 09:29:26 UTC | 30 | IN | |
2022-08-05 09:29:26 UTC | 38 | IN | |
2022-08-05 09:29:26 UTC | 46 | IN | |
2022-08-05 09:29:26 UTC | 54 | IN | |
2022-08-05 09:29:26 UTC | 62 | IN | |
2022-08-05 09:29:26 UTC | 70 | IN | |
2022-08-05 09:29:26 UTC | 78 | IN | |
2022-08-05 09:29:26 UTC | 86 | IN | |
2022-08-05 09:29:26 UTC | 94 | IN | |
2022-08-05 09:29:26 UTC | 102 | IN | |
2022-08-05 09:29:26 UTC | 110 | IN | |
2022-08-05 09:29:26 UTC | 118 | IN | |
2022-08-05 09:29:26 UTC | 126 | IN | |
2022-08-05 09:29:26 UTC | 134 | IN | |
2022-08-05 09:29:26 UTC | 142 | IN | |
2022-08-05 09:29:26 UTC | 150 | IN | |
2022-08-05 09:29:26 UTC | 158 | IN | |
2022-08-05 09:29:26 UTC | 166 | IN | |
2022-08-05 09:29:27 UTC | 182 | IN | |
2022-08-05 09:29:27 UTC | 198 | IN | |
2022-08-05 09:29:27 UTC | 214 | IN | |
2022-08-05 09:29:27 UTC | 230 | IN | |
2022-08-05 09:29:27 UTC | 246 | IN | |
2022-08-05 09:29:27 UTC | 262 | IN | |
2022-08-05 09:29:27 UTC | 278 | IN | |
2022-08-05 09:29:27 UTC | 294 | IN | |
2022-08-05 09:29:27 UTC | 310 | IN | |
2022-08-05 09:29:27 UTC | 326 | IN | |
2022-08-05 09:29:27 UTC | 342 | IN | |
2022-08-05 09:29:27 UTC | 358 | IN | |
2022-08-05 09:29:27 UTC | 374 | IN | |
2022-08-05 09:29:27 UTC | 390 | IN | |
2022-08-05 09:29:27 UTC | 406 | IN | |
2022-08-05 09:29:27 UTC | 422 | IN | |
2022-08-05 09:29:27 UTC | 438 | IN | |
2022-08-05 09:29:27 UTC | 454 | IN | |
2022-08-05 09:29:27 UTC | 470 | IN | |
2022-08-05 09:29:27 UTC | 486 | IN | |
2022-08-05 09:29:27 UTC | 502 | IN | |
2022-08-05 09:29:27 UTC | 518 | IN | |
2022-08-05 09:29:27 UTC | 534 | IN | |
2022-08-05 09:29:27 UTC | 550 | IN | |
2022-08-05 09:29:27 UTC | 566 | IN | |
2022-08-05 09:29:27 UTC | 582 | IN | |
2022-08-05 09:29:27 UTC | 598 | IN | |
2022-08-05 09:29:27 UTC | 614 | IN | |
2022-08-05 09:29:27 UTC | 630 | IN | |
2022-08-05 09:29:27 UTC | 646 | IN | |
2022-08-05 09:29:27 UTC | 662 | IN |
Click to jump to process
Target ID: | 0 |
Start time: | 11:28:12 |
Start date: | 05/08/2022 |
Path: | C:\Users\user\Desktop\VoRTaSs6hl.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1011712 bytes |
MD5 hash: | 6E2D9824EEEBAD8B1507FA4238892439 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Target ID: | 8 |
Start time: | 11:29:00 |
Start date: | 05/08/2022 |
Path: | C:\Users\user\Desktop\VoRTaSs6hl.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1011712 bytes |
MD5 hash: | 6E2D9824EEEBAD8B1507FA4238892439 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 10 |
Start time: | 11:29:11 |
Start date: | 05/08/2022 |
Path: | C:\Users\Public\Libraries\Accyaz.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1011712 bytes |
MD5 hash: | 6E2D9824EEEBAD8B1507FA4238892439 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 12 |
Start time: | 11:29:20 |
Start date: | 05/08/2022 |
Path: | C:\Users\Public\Libraries\Accyaz.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1011712 bytes |
MD5 hash: | 6E2D9824EEEBAD8B1507FA4238892439 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Target ID: | 16 |
Start time: | 11:29:42 |
Start date: | 05/08/2022 |
Path: | C:\Users\Public\Libraries\Accyaz.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1011712 bytes |
MD5 hash: | 6E2D9824EEEBAD8B1507FA4238892439 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 20 |
Start time: | 11:30:02 |
Start date: | 05/08/2022 |
Path: | C:\Users\Public\Libraries\Accyaz.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1011712 bytes |
MD5 hash: | 6E2D9824EEEBAD8B1507FA4238892439 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |