Windows
Analysis Report
SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe (PID: 5156 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Gen ericKD.726 07091.3271 6.31681.ex e" MD5: 2B9166E260CDDBC58DB20A0C54A6D145)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "plaintediousidowsko.shop"], "Build id": "Z9OOR4--"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 121 Security Software Discovery | Remote Services | 1 Credential API Hooking | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Deobfuscate/Decode Files or Information | 1 Credential API Hooking | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 31 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
40% | Virustotal | Browse | ||
29% | ReversingLabs | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
10% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
3% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
10% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false |
| unknown |
plaintediousidowsko.shop | 104.21.53.146 | true | true |
| unknown |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.53.146 | plaintediousidowsko.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1435768 |
Start date and time: | 2024-05-03 05:27:23 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 3 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@1/0@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ocsp.edge.digicert.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
05:28:20 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.53.146 | Get hash | malicious | Lokibot | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
fp2e7a.wpc.phicdn.net | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
|
File type: | |
Entropy (8bit): | 7.8860822175084575 |
TrID: |
|
File name: | SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe |
File size: | 8'162'448 bytes |
MD5: | 2b9166e260cddbc58db20a0c54a6d145 |
SHA1: | 1724225b1b9bbd1bd4c3f4a57b6479774dbb1a23 |
SHA256: | ab1686a078433d515b501f5423b3046d6d1f70b2c9be21d2d3bf71b5d8465107 |
SHA512: | cd93cc8366026919725c4a62c1df8fee907be23df54a2d2c5589b836c61e060a18e653a92d7933ae105ef75f228d41105a843ad36dc2a079abdfa153f6600202 |
SSDEEP: | 196608:ZkgfplJyv7aqESXn/FmLlV7PUHCALVvo1n:ZVRbqESXn/qDzkbCn |
TLSH: | AA8623DA2FC749EFC98324B49796EEFE73B2598DC685C8351BC6E0C06061B7E601A171 |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....1f.....................:......6.............@..................................w}...@........................................ |
Icon Hash: | 1373e3eb5b098093 |
Entrypoint: | 0xef9e36 |
Entrypoint Section: | .vmp |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66311A18 [Tue Apr 30 16:19:36 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 1a02d69b15f5b6a928d42e49d3ab56e5 |
Signature Valid: | false |
Signature Issuer: | C=Continental, S=Continental, L=\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021\u2020\xddB\u2020\xddA\u2020\xddA\u2020\xddB\u2020\xddB\u2021\xddA\u2021\xdeB\u2020\xddB\u2020\xddB\u2020\xddB\u2021\xddA\u2021, OU=NOKIA, O=Creted by NOKIA, CN=NOKIA |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 3B786C577099AADA42900A679BCD26AE |
Thumbprint SHA-1: | 23E29AB0EDFBD4185D27C4417B77C1CA939C9FFB |
Thumbprint SHA-256: | DCE8873D030ED310AA3856635AC00F9BC77F16625FE0268D5A7B9E4FE04E4160 |
Serial: | 5179C6DF2D8D7D4E92B367EAA5073A02 |
Instruction |
---|
push 4E022A2Eh |
call 00007F64F0CB3B72h |
call 00007F64F1244AE2h |
xor dword ptr [esp+eax-0D1B6569h], 00163909h |
dec ecx |
sub al, byte ptr [esp+eax-0D1B6566h] |
xor ecx, 8FAFBAAAh |
add eax, 0323EA35h |
add eax, 421E02A1h |
btc edx, eax |
xor ebx, ecx |
rol eax, FFFFFFA1h |
jno 00007F64F11BE291h |
adc ebp, ecx |
jmp 00007F64F13942ADh |
pop edx |
lea edi, dword ptr [edi+edx-56F22FF8h] |
sub edx, eax |
btr ax, dx |
ror dx, 0023h |
xor ecx, ebx |
sal ax, 0023h |
xor edx, eax |
inc ecx |
sub dl, dh |
xor ecx, B0A99AB4h |
lea ecx, dword ptr [ecx+edx+3894879Fh] |
bswap edx |
btc edx, FFFFFF8Fh |
imul dl |
rol ecx, 1 |
call 00007F64F1236C0Eh |
mov edx, dword ptr [esi] |
mov ecx, D98238AAh |
mov ecx, dword ptr [esi+04h] |
mov eax, D59A0D03h |
not edx |
btr eax, eax |
not ecx |
not eax |
or edx, ecx |
mov dword ptr [eax+esi-2A65F2F8h], edx |
lea ecx, dword ptr [eax-0C60434Fh] |
xadd eax, ecx |
sal ecx, 4Bh |
mov edx, dword ptr [ecx+edi-2F97E000h] |
ror eax, 2Eh |
neg eax |
lea edi, dword ptr [edi+ecx*2-5F2FBFFCh] |
neg ecx |
sbb ecx, eax |
btc eax, ecx |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xaec190 | 0xa0 | .vmp |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc75000 | 0x1852e | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x7c1200 | 0x7a90 | .vmp |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xc74000 | 0x6b8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x4cb000 | 0x4c | .vmp |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3eb9b | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x40000 | 0x2cff | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x43000 | 0x1301c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.vmp | 0x57000 | 0x473941 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.vmp | 0x4cb000 | 0x3dc | 0x400 | fe91ebc09a70f7caa1aac02044ee16d7 | False | 0.0693359375 | data | 0.381705562067457 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.vmp | 0x4cc000 | 0x7a7a30 | 0x7a7c00 | b30da799453fab05c630cf8ac6ae645c | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.reloc | 0xc74000 | 0x6b8 | 0x800 | e91e08893a3695b2ae4dbd4f416fc17b | False | 0.43212890625 | data | 3.7288848229484293 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xc75000 | 0x1852e | 0x18600 | 1c44161d56a6cfa22004d043a64078fe | False | 0.31452323717948716 | data | 3.804103265210808 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xc75184 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | 0.5082082551594747 | ||
RT_ICON | 0xc7622c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | 0.425 | ||
RT_ICON | 0xc787d4 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384 | 0.37198866320264523 | ||
RT_ICON | 0xc7c9fc | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536 | 0.27079143499349345 | ||
RT_GROUP_ICON | 0xc8d224 | 0x3e | data | 0.7903225806451613 | ||
RT_MANIFEST | 0xc8d264 | 0x2ca | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5028011204481793 |
DLL | Import |
---|---|
KERNEL32.dll | ExitProcess |
ole32.dll | CoCreateInstance |
OLEAUT32.dll | SysAllocString |
USER32.dll | CloseClipboard |
GDI32.dll | BitBlt |
KERNEL32.dll | GetSystemTimeAsFileTime |
KERNEL32.dll | HeapAlloc, HeapFree, ExitProcess, GetModuleHandleA, LoadLibraryA, GetProcAddress |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 3, 2024 05:28:19.157761097 CEST | 49712 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:19.157787085 CEST | 443 | 49712 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:19.157864094 CEST | 49712 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:19.161464930 CEST | 49712 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:19.161483049 CEST | 443 | 49712 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:19.353570938 CEST | 443 | 49712 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:19.353708029 CEST | 49712 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:19.357800007 CEST | 49712 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:19.357805967 CEST | 443 | 49712 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:19.358100891 CEST | 443 | 49712 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:19.411039114 CEST | 49712 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:19.796228886 CEST | 49712 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:19.796308041 CEST | 49712 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:19.796391010 CEST | 443 | 49712 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.254744053 CEST | 443 | 49712 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.254849911 CEST | 443 | 49712 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.254939079 CEST | 49712 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.256882906 CEST | 49712 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.256896019 CEST | 443 | 49712 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.268621922 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.268650055 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.268739939 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.269037962 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.269052982 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.456643105 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.461786985 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.463704109 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.463712931 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.463979959 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.465349913 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.465380907 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.465426922 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.966284990 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.966365099 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.966443062 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.966459036 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.966495991 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.966537952 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.966546059 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.966737032 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.966777086 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.966784000 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.966909885 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.966948032 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.966953993 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.968020916 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.968074083 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.968081951 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.968090057 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.968147993 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.968157053 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.969023943 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.969098091 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.969270945 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.969281912 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:20.969335079 CEST | 49713 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:20.969338894 CEST | 443 | 49713 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:21.076961994 CEST | 49714 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:21.076998949 CEST | 443 | 49714 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:21.077086926 CEST | 49714 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:21.077404976 CEST | 49714 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:21.077416897 CEST | 443 | 49714 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:21.262741089 CEST | 443 | 49714 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:21.262824059 CEST | 49714 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:21.264252901 CEST | 49714 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:21.264259100 CEST | 443 | 49714 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:21.264508009 CEST | 443 | 49714 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:21.265758038 CEST | 49714 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:21.265964031 CEST | 49714 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:21.265993118 CEST | 443 | 49714 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:21.751857996 CEST | 443 | 49714 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:21.752010107 CEST | 443 | 49714 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:21.752067089 CEST | 49714 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:21.752167940 CEST | 49714 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:21.752186060 CEST | 443 | 49714 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:21.867439985 CEST | 49715 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:21.867470026 CEST | 443 | 49715 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:21.867542028 CEST | 49715 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:21.867877960 CEST | 49715 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:21.867892027 CEST | 443 | 49715 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:22.054986954 CEST | 443 | 49715 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:22.055073977 CEST | 49715 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:22.164457083 CEST | 49715 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:22.164475918 CEST | 443 | 49715 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:22.164853096 CEST | 443 | 49715 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:22.207870007 CEST | 49715 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:22.727112055 CEST | 49715 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:22.768119097 CEST | 443 | 49715 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:22.796911001 CEST | 49715 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:22.796942949 CEST | 443 | 49715 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:23.297750950 CEST | 443 | 49715 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:23.297895908 CEST | 443 | 49715 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:23.297945976 CEST | 49715 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:23.471764088 CEST | 49715 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:23.471786976 CEST | 443 | 49715 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:23.785851002 CEST | 49717 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:23.785886049 CEST | 443 | 49717 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:23.785943031 CEST | 49717 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:23.786565065 CEST | 49717 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:23.786581993 CEST | 443 | 49717 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:23.969990015 CEST | 443 | 49717 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:23.970058918 CEST | 49717 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:23.972371101 CEST | 49717 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:23.972378969 CEST | 443 | 49717 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:23.972613096 CEST | 443 | 49717 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:23.975119114 CEST | 49717 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:23.975291967 CEST | 49717 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:23.975320101 CEST | 443 | 49717 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:23.975375891 CEST | 49717 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:23.975385904 CEST | 443 | 49717 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:24.506162882 CEST | 443 | 49717 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:24.506300926 CEST | 443 | 49717 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:24.506361961 CEST | 49717 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:24.507040977 CEST | 49717 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:24.507065058 CEST | 443 | 49717 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:24.761034966 CEST | 49718 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:24.761074066 CEST | 443 | 49718 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:24.761140108 CEST | 49718 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:24.761665106 CEST | 49718 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:24.761676073 CEST | 443 | 49718 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:24.951051950 CEST | 443 | 49718 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:24.951170921 CEST | 49718 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:24.952609062 CEST | 49718 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:24.952616930 CEST | 443 | 49718 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:24.952856064 CEST | 443 | 49718 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:24.954085112 CEST | 49718 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:24.954191923 CEST | 49718 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:24.954216003 CEST | 443 | 49718 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:25.298336983 CEST | 443 | 49718 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:25.298475981 CEST | 443 | 49718 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:25.298576117 CEST | 49718 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:25.298815966 CEST | 49718 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:25.298832893 CEST | 443 | 49718 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:25.366642952 CEST | 49719 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:25.366682053 CEST | 443 | 49719 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:25.366770983 CEST | 49719 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:25.367131948 CEST | 49719 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:25.367146015 CEST | 443 | 49719 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:25.552681923 CEST | 443 | 49719 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:25.552851915 CEST | 49719 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:25.554090023 CEST | 49719 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:25.554095984 CEST | 443 | 49719 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:25.554347992 CEST | 443 | 49719 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:25.555680990 CEST | 49719 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:25.555809021 CEST | 49719 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:25.555814028 CEST | 443 | 49719 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.036571026 CEST | 443 | 49719 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.036696911 CEST | 443 | 49719 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.036767006 CEST | 49719 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.036974907 CEST | 49719 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.036993980 CEST | 443 | 49719 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.495347023 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.495381117 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.495470047 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.495866060 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.495878935 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.682667971 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.682825089 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.684163094 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.684170008 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.684407949 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.685762882 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.686636925 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.686655998 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.686799049 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.686829090 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.686964989 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.687012911 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.687166929 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.687195063 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.687311888 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.687338114 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.687482119 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.687506914 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.687515974 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.687530041 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.687643051 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.687669992 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.687695980 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.687804937 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.687836885 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.728132963 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.728353024 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.728424072 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.728465080 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.772125006 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:26.772227049 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:26.820113897 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:28.310457945 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:28.310566902 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
May 3, 2024 05:28:28.310640097 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:28.310889959 CEST | 49720 | 443 | 192.168.2.6 | 104.21.53.146 |
May 3, 2024 05:28:28.310904026 CEST | 443 | 49720 | 104.21.53.146 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 3, 2024 05:28:19.046937943 CEST | 60369 | 53 | 192.168.2.6 | 1.1.1.1 |
May 3, 2024 05:28:19.144717932 CEST | 53 | 60369 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 3, 2024 05:28:19.046937943 CEST | 192.168.2.6 | 1.1.1.1 | 0x5db6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 3, 2024 05:28:19.144717932 CEST | 1.1.1.1 | 192.168.2.6 | 0x5db6 | No error (0) | 104.21.53.146 | A (IP address) | IN (0x0001) | false | ||
May 3, 2024 05:28:19.144717932 CEST | 1.1.1.1 | 192.168.2.6 | 0x5db6 | No error (0) | 172.67.213.139 | A (IP address) | IN (0x0001) | false | ||
May 3, 2024 05:28:33.758207083 CEST | 1.1.1.1 | 192.168.2.6 | 0x356 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 3, 2024 05:28:33.758207083 CEST | 1.1.1.1 | 192.168.2.6 | 0x356 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
May 3, 2024 05:28:34.451699018 CEST | 1.1.1.1 | 192.168.2.6 | 0xea84 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
May 3, 2024 05:28:34.451699018 CEST | 1.1.1.1 | 192.168.2.6 | 0xea84 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49712 | 104.21.53.146 | 443 | 5156 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 03:28:19 UTC | 271 | OUT | |
2024-05-03 03:28:19 UTC | 8 | OUT | |
2024-05-03 03:28:20 UTC | 814 | IN | |
2024-05-03 03:28:20 UTC | 7 | IN | |
2024-05-03 03:28:20 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49713 | 104.21.53.146 | 443 | 5156 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 03:28:20 UTC | 272 | OUT | |
2024-05-03 03:28:20 UTC | 49 | OUT | |
2024-05-03 03:28:20 UTC | 808 | IN | |
2024-05-03 03:28:20 UTC | 561 | IN | |
2024-05-03 03:28:20 UTC | 726 | IN | |
2024-05-03 03:28:20 UTC | 1369 | IN | |
2024-05-03 03:28:20 UTC | 1369 | IN | |
2024-05-03 03:28:20 UTC | 1369 | IN | |
2024-05-03 03:28:20 UTC | 1369 | IN | |
2024-05-03 03:28:20 UTC | 1369 | IN | |
2024-05-03 03:28:20 UTC | 1369 | IN | |
2024-05-03 03:28:20 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49714 | 104.21.53.146 | 443 | 5156 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 03:28:21 UTC | 290 | OUT | |
2024-05-03 03:28:21 UTC | 12854 | OUT | |
2024-05-03 03:28:21 UTC | 814 | IN | |
2024-05-03 03:28:21 UTC | 23 | IN | |
2024-05-03 03:28:21 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49715 | 104.21.53.146 | 443 | 5156 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 03:28:22 UTC | 290 | OUT | |
2024-05-03 03:28:22 UTC | 15100 | OUT | |
2024-05-03 03:28:23 UTC | 812 | IN | |
2024-05-03 03:28:23 UTC | 23 | IN | |
2024-05-03 03:28:23 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.6 | 49717 | 104.21.53.146 | 443 | 5156 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 03:28:23 UTC | 290 | OUT | |
2024-05-03 03:28:23 UTC | 15331 | OUT | |
2024-05-03 03:28:23 UTC | 4627 | OUT | |
2024-05-03 03:28:24 UTC | 810 | IN | |
2024-05-03 03:28:24 UTC | 23 | IN | |
2024-05-03 03:28:24 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.6 | 49718 | 104.21.53.146 | 443 | 5156 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 03:28:24 UTC | 289 | OUT | |
2024-05-03 03:28:24 UTC | 5429 | OUT | |
2024-05-03 03:28:25 UTC | 814 | IN | |
2024-05-03 03:28:25 UTC | 23 | IN | |
2024-05-03 03:28:25 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.6 | 49719 | 104.21.53.146 | 443 | 5156 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 03:28:25 UTC | 289 | OUT | |
2024-05-03 03:28:25 UTC | 1391 | OUT | |
2024-05-03 03:28:26 UTC | 814 | IN | |
2024-05-03 03:28:26 UTC | 23 | IN | |
2024-05-03 03:28:26 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.6 | 49720 | 104.21.53.146 | 443 | 5156 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-03 03:28:26 UTC | 291 | OUT | |
2024-05-03 03:28:26 UTC | 15331 | OUT | |
2024-05-03 03:28:26 UTC | 15331 | OUT | |
2024-05-03 03:28:26 UTC | 15331 | OUT | |
2024-05-03 03:28:26 UTC | 15331 | OUT | |
2024-05-03 03:28:26 UTC | 15331 | OUT | |
2024-05-03 03:28:26 UTC | 15331 | OUT | |
2024-05-03 03:28:26 UTC | 15331 | OUT | |
2024-05-03 03:28:26 UTC | 15331 | OUT | |
2024-05-03 03:28:26 UTC | 15331 | OUT | |
2024-05-03 03:28:26 UTC | 15331 | OUT | |
2024-05-03 03:28:28 UTC | 818 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 05:28:15 |
Start date: | 03/05/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x640000 |
File size: | 8'162'448 bytes |
MD5 hash: | 2B9166E260CDDBC58DB20A0C54A6D145 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |