Windows
Analysis Report
dwm.exe
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
dwm.exe (PID: 6340 cmdline:
"C:\Users\ user\Deskt op\dwm.exe " MD5: 54D4B7E69178F0F53B1AF2113C476EC0) conhost.exe (PID: 5028 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: |
- • Cryptography
- • Networking
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Source: | Binary or memory string: | memstr_acd41883-5 |
Source: | DNS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary |
---|
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Process Injection | 1 Software Packing | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
158.157.4.0.in-addr.arpa | unknown | unknown | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
88.119.167.239 | unknown | Lithuania | 61272 | IST-ASLT | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1461421 |
Start date and time: | 2024-06-24 03:47:48 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | dwm.exe |
Detection: | MAL |
Classification: | mal48.winEXE@2/1@1/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): dllhost.exe, WM IADAP.exe, SIHClient.exe, svch ost.exe - Excluded domains from analysis
(whitelisted): ocsp.digicert. com, slscr.update.microsoft.co m, ctldl.windowsupdate.com, fe 3cr.delivery.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information
Time | Type | Description |
---|---|---|
21:48:41 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
IST-ASLT | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | SocGholish | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Users\user\Desktop\dwm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 4.8570036420448215 |
Encrypted: | false |
SSDEEP: | 6:38vNR/DLQghpmYTIa4Lew1+c/DLQghpmYTIa4Lew1+c/DLQghpmYTIa4Lew1+c/O:3kRPKP3PKP3PKP3PKPX |
MD5: | 18BDD7C4A4F217A9A2325278270D7099 |
SHA1: | 8760A7D12BC2A878A6B134F64558AE7493F7ACB3 |
SHA-256: | 128053B4E9A091C79000DBBA0F404F89224C445311E10AF874ED32795608BA21 |
SHA-512: | A98C1A0F60E51217096B7F4AA0588CC0C090C58AB251B0517235BA1438625CDE50321A958AA0849FAE9A2958AF7DABCE9313A75FDBD5AD031E31BAA720F3B09C |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.396783949194561 |
TrID: |
|
File name: | dwm.exe |
File size: | 13'854'720 bytes |
MD5: | 54d4b7e69178f0f53b1af2113c476ec0 |
SHA1: | 592897b0fb589496d8ed3c86bcd954b55a69af26 |
SHA256: | 19c59928654fd8cb64ec6500d4a23a16c8d5c749257c7ca11aad7c5acf2fa161 |
SHA512: | ba372679d92e84d67c58f049217900be0fb56be1c5efec9108d47ca4f93ebf0ecbbc992ff7f308ad175fe75a6c8799fd8bec81b8e112976046191ce192ff58de |
SSDEEP: | 393216:EcSJixRXcQvs88RBAKFdu9CwJsv6taszAK66j:CJmE84V |
TLSH: | D5D6E042AB9B24C1C5B75038CDAF5603D3317D548BE253AB325476F0AD626E4BE2F329 |
File Content Preview: | MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........f.a...2...2...2...3...2...3...2.{s2...2.{.3...2.{.3...2.{.3...2.{.3!..2...3...2...3...2...3...2...2...2.{.3...2.{.3...2.{q2... |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x140c09af4 |
Entrypoint Section: | .tmc |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA |
Time Stamp: | 0x65BD1B85 [Fri Feb 2 16:42:45 2024 UTC] |
TLS Callbacks: | 0x407ad948, 0x1 |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 52ccbe0bd796df128616fb77adc1cd54 |
Instruction |
---|
dec eax |
mov dword ptr [esp+08h], ebx |
inc esp |
mov dword ptr [esp+20h], ecx |
dec esp |
mov dword ptr [esp+18h], eax |
push ebp |
push esi |
push edi |
inc ecx |
push esp |
inc ecx |
push ebp |
inc ecx |
push esi |
inc ecx |
push edi |
dec eax |
sub esp, 00000670h |
dec esp |
mov esi, ecx |
mov esi, 00002030h |
mov ebp, 000BA5E8h |
mov ecx, 00000016h |
mov ebx, 02BB7EF6h |
inc ecx |
mov esp, 0005E847h |
inc ecx |
mov edi, 00033108h |
inc ecx |
mov ebp, 0038676Ah |
mov dword ptr [esp+20h], 7132253Ch |
mov dword ptr [esp+24h], 77757451h |
mov dword ptr [esp+28h], 41613144h |
mov dword ptr [esp+2Ch], 45512424h |
mov word ptr [esp+30h], 4C44h |
mov byte ptr [esp+32h], 00000000h |
dec eax |
lea eax, dword ptr [esp+000000C8h] |
nop |
dec eax |
mov dword ptr [eax], FE045D46h |
dec eax |
mov dword ptr [eax+08h], FE045D46h |
dec eax |
mov dword ptr [eax+10h], FE045D46h |
dec eax |
lea eax, dword ptr [eax+40h] |
dec eax |
mov dword ptr [eax-28h], FE045D46h |
dec eax |
mov dword ptr [eax-20h], FE045D46h |
dec eax |
mov dword ptr [eax-18h], FE045D46h |
dec eax |
mov dword ptr [eax-10h], FE045D46h |
dec eax |
mov dword ptr [eax-08h], FE045D46h |
dec eax |
dec ecx |
jne 00007F926135666Ah |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xaaa8bc | 0x1cc | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xb9c000 | 0x2e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0xae8000 | 0x5fd3c | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xb9d000 | 0x99d4 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x9faaf0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x9fab80 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x9fa9b0 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x800000 | 0x11d0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x7fe660 | 0x7fe800 | 5a349dd389d8a57b4559f791cb358fbf | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x800000 | 0x2ae4ae | 0x2ae600 | e75598483b310b6c269bbba815d6c241 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xaaf000 | 0x38614 | 0x1ec00 | a10428ac2f1ec19c61ea2991559aa5b8 | False | 0.13532933180894308 | GLS_BINARY_LSB_FIRST | 4.131759371740861 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0xae8000 | 0x5fd3c | 0x5fe00 | f6b46ce5dbfc9f2068bfd9962701872f | False | 0.4874842120273794 | data | 6.543326828847851 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.qtmetad | 0xb48000 | 0x6f4 | 0x800 | 8ab9b85d3a02244d6af66f0742f6354f | False | 0.24072265625 | data | 5.054922840721276 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.qtmimed | 0xb49000 | 0x517ca | 0x51800 | dd73cd7a74dd3e1e6a9262f090e3e6de | False | 0.998816741756135 | gzip compressed data, last modified: Thu Jun 1 23:16:40 2023, max compression, from Unix, original size modulo 2^32 0 | 7.997560880881912 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
_RDATA | 0xb9b000 | 0x15c | 0x200 | 308f1ba156d13745fb4e8f7ce9f7a503 | False | 0.41796875 | data | 3.3631171724566897 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xb9c000 | 0x2e0 | 0x400 | d26233b7724a6c89079cb8c636ba516f | False | 0.3984375 | data | 4.261922928843283 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xb9d000 | 0x99d4 | 0x9a00 | 29c838662f5fdd570a38a82ac6a7f984 | False | 0.2327516233766234 | data | 5.46021927128898 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.tmc | 0xba7000 | 0x1aec00 | 0x1aec00 | b27d164fd6b4252961a95d4461afffa4 | False | 0.4118622587782937 | data | 6.459964578374451 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_MANIFEST | 0xb9c060 | 0x27e | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5501567398119123 |
DLL | Import |
---|---|
KERNEL32.dll | lstrcpyA, WriteConsoleW, GetLastError, GetModuleHandleW, GetProcAddress, LocalFree, FormatMessageW, WTSGetActiveConsoleSessionId, GlobalAlloc, GlobalSize, GlobalUnlock, GlobalLock, CheckRemoteDebuggerPresent, CloseHandle, OpenProcess, GetCurrentThreadId, ExpandEnvironmentStringsW, CreateProcessW, GetLocaleInfoW, LoadLibraryA, GetCurrentProcessId, CreateFileW, GetFileSizeEx, ReadFile, WriteFile, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, WideCharToMultiByte, LocalAlloc, GetUserDefaultLocaleName, GetConsoleWindow, GetUserDefaultLangID, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, ExitProcess, CreateEventW, WaitForMultipleObjects, GlobalFree, SetHandleInformation, OutputDebugStringW, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, CompareStringEx, GetCommandLineW, GetSystemTime, GetLocalTime, SetEvent, WaitForSingleObjectEx, GetSystemDirectoryW, LoadLibraryW, DuplicateHandle, WaitForSingleObject, Sleep, CreateThread, GetCurrentThread, SetThreadPriority, GetThreadPriority, TerminateThread, ResumeThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemInfo, ResetEvent, GetDateFormatW, GetTimeFormatW, GetCurrencyFormatW, GetUserDefaultLCID, GetUserPreferredUILanguages, GetFileAttributesExW, QueryPerformanceCounter, QueryPerformanceFrequency, GetTickCount64, MultiByteToWideChar, GetModuleFileNameW, FindCloseChangeNotification, FindFirstChangeNotificationW, FindNextChangeNotification, GetDriveTypeW, PeekNamedPipe, GetOverlappedResult, CancelIoEx, CreateThreadpoolWait, SetThreadpoolWait, WaitForThreadpoolWaitCallbacks, CloseThreadpoolWait, FlushFileBuffers, GetFileType, GetLogicalDrives, SetEndOfFile, SetFilePointerEx, SetErrorMode, GetCurrentDirectoryW, CreateDirectoryW, DeleteFileW, FindClose, FindFirstFileW, GetFileAttributesW, GetFileInformationByHandle, GetFullPathNameW, GetLongPathNameW, RemoveDirectoryW, SetFileTime, GetTempPathW, GetVolumePathNamesForVolumeNameW, DeviceIoControl, CopyFileW, MoveFileW, MoveFileExW, TzSpecificLocalTimeToSystemTime, FileTimeToSystemTime, SystemTimeToFileTime, GetFileInformationByHandleEx, FreeLibrary, GetModuleHandleExW, FindFirstFileExW, FindNextFileW, GetTimeZoneInformation, GetGeoInfoW, GetUserGeoID, GetExitCodeProcess, K32GetModuleFileNameExW, ReleaseMutex, CreateMutexW, VirtualAlloc, VirtualFree, InitializeCriticalSectionAndSpinCount, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, InitializeCriticalSectionEx, EncodePointer, DecodePointer, LCMapStringEx, GetStringTypeW, GetCPInfo, RtlPcToFileHeader, RaiseException, RtlUnwindEx, InterlockedPushEntrySList, SetLastError, RtlUnwind, LoadLibraryExW, GetCommandLineA, ExitThread, FreeLibraryAndExitThread, SetStdHandle, SetFileAttributesW, GetConsoleMode, ReadConsoleW, GetConsoleOutputCP, GetStdHandle, HeapFree, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, IsValidLocale, EnumSystemLocalesW, HeapReAlloc, SetEnvironmentVariableW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, HeapSize |
ADVAPI32.dll | AllocateAndInitializeSid, RegSetValueExW, GetUserNameA, GetUserNameW, RegQueryInfoKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegCloseKey, RegNotifyChangeKeyValue, RegOpenKeyExW, RegQueryValueExW, SystemFunction036, GetSidSubAuthority, GetSidSubAuthorityCount, GetTokenInformation, OpenProcessToken, AccessCheck, CopySid, DuplicateToken, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, FreeSid, GetLengthSid, MapGenericMask, LookupAccountSidW, GetEffectiveRightsFromAclW, GetNamedSecurityInfoW, BuildTrusteeWithSidW, LookupAccountNameW |
dwmapi.dll | DwmSetWindowAttribute, DwmGetWindowAttribute, DwmEnableBlurBehindWindow |
IMM32.dll | ImmGetDefaultIMEWnd, ImmGetContext, ImmReleaseContext, ImmAssociateContext, ImmAssociateContextEx, ImmGetCompositionStringW, ImmGetOpenStatus, ImmNotifyIME, ImmSetCompositionWindow, ImmGetVirtualKey, ImmSetCandidateWindow |
WTSAPI32.dll | WTSFreeMemory, WTSQuerySessionInformationW |
CRYPT32.dll | CertAddStoreToCollection, CertVerifyTimeValidity, CertFindChainInStore, CertGetCertificateChain, CertDuplicateCertificateContext, CertFreeCertificateChain, CertAddCertificateContextToStore, CertFreeCertificateContext, CertCreateCertificateContext, CertOpenStore, CertOpenSystemStoreW, CertFindCertificateInStore, CertCloseStore, PFXImportCertStore |
bcrypt.dll | BCryptGenerateSymmetricKey, BCryptOpenAlgorithmProvider, BCryptDestroyKey, BCryptSetProperty, BCryptEncrypt, BCryptDecrypt, BCryptCloseAlgorithmProvider |
DWrite.dll | DWriteCreateFactory |
DNSAPI.dll | DnsFree, DnsQuery_W |
IPHLPAPI.DLL | ConvertInterfaceIndexToLuid, ConvertInterfaceLuidToGuid, GetAdaptersAddresses, ConvertInterfaceNameToLuidW, ConvertInterfaceLuidToNameW, ConvertInterfaceLuidToIndex |
Secur32.dll | FreeCredentialsHandle, InitializeSecurityContextW, AcceptSecurityContext, DeleteSecurityContext, ApplyControlToken, QueryContextAttributesW, FreeContextBuffer, EncryptMessage, DecryptMessage, AcquireCredentialsHandleW, InitSecurityInterfaceW |
WINHTTP.dll | WinHttpCloseHandle, WinHttpOpen, WinHttpGetDefaultProxyConfiguration, WinHttpGetProxyForUrl, WinHttpGetIEProxyConfigForCurrentUser |
USERENV.dll | GetUserProfileDirectoryW |
NETAPI32.dll | NetApiBufferFree, NetShareEnum, NetWkstaGetInfo |
VERSION.dll | VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW |
WINMM.dll | timeSetEvent, timeKillEvent, PlaySoundW |
WS2_32.dll | ntohl, getaddrinfo, freeaddrinfo, getnameinfo, getsockopt, __WSAFDIsSet, WSAAsyncSelect, htonl, WSACleanup, WSAStartup, gethostname, WSASocketW, WSASendTo, WSASend, WSARecvFrom, WSARecv, WSANtohs, WSANtohl, WSAIoctl, WSAHtonl, WSAConnect, bind, closesocket, getpeername, getsockname, htons, listen, select, setsockopt, WSAGetLastError, WSAAccept |
USER32.dll | SetClipboardViewer, ChangeClipboardChain, GetWindowThreadProcessId, AttachThreadInput, IsChild, ShowWindow, UpdateLayeredWindow, SetLayeredWindowAttributes, FlashWindowEx, MoveWindow, SetWindowPlacement, IsWindowVisible, IsIconic, SetFocus, RegisterTouchWindow, UnregisterTouchWindow, IsTouchWindow, GetCapture, SetCapture, ReleaseCapture, GetMenu, GetSystemMenu, EnableMenuItem, GetForegroundWindow, SetForegroundWindow, BeginPaint, EndPaint, GetUpdateRect, SetWindowRgn, SetWindowTextW, GetWindowRect, AdjustWindowRectEx, SetCursor, GetWindowLongW, SetWindowLongW, SetWindowLongPtrW, SetParent, GetWindow, DestroyCursor, DestroyIcon, MonitorFromPoint, GetAncestor, SetMenu, DrawMenuBar, CreateMenu, CreatePopupMenu, DestroyMenu, InsertMenuW, AppendMenuW, ModifyMenuW, RemoveMenu, TrackPopupMenu, UnregisterClassW, SetMenuItemInfoW, GetDisplayConfigBufferSizes, QueryDisplayConfig, PostMessageW, MonitorFromWindow, GetMonitorInfoW, EnumDisplayMonitors, GetSysColor, LoadIconW, GetKeyboardLayout, RegisterWindowMessageW, IsWindowEnabled, CreateCaret, DestroyCaret, HideCaret, ShowCaret, SetCaretPos, FindWindowA, PeekMessageW, IsZoomed, GetKeyState, GetKeyboardState, ToAscii, ToUnicode, MapVirtualKeyW, TrackPopupMenuEx, SetCursorPos, GetCursor, LoadCursorW, CreateCursor, CreateIconIndirect, GetIconInfo, GetCursorInfo, TrackMouseEvent, GetMessageExtraInfo, GetAsyncKeyState, GetTouchInputInfo, CloseTouchInputHandle, GetWindowTextW, EnumWindows, RealGetWindowClassW, ChangeWindowMessageFilterEx, DrawIconEx, TranslateMessage, DispatchMessageW, GetQueueStatus, MsgWaitForMultipleObjectsEx, SetTimer, KillTimer, CharNextExA, RegisterDeviceNotificationW, UnregisterDeviceNotification, UnregisterPowerSettingNotification, SendMessageW, RegisterPowerSettingNotification, GetKeyboardLayoutList, UpdateLayeredWindowIndirect, SystemParametersInfoW, GetDesktopWindow, GetCaretBlinkTime, IsHungAppWindow, EnumDisplayDevicesW, RegisterClassW, GetClipboardFormatNameW, RegisterClipboardFormatW, LoadImageW, GetParent, GetWindowLongPtrW, GetSysColorBrush, ChildWindowFromPointEx, WindowFromPoint, ScreenToClient, ClientToScreen, GetCursorPos, GetClientRect, MessageBeep, InvalidateRect, ReleaseDC, GetDC, GetSystemMetrics, GetFocus, GetWindowPlacement, SetWindowPos, DestroyWindow, CreateWindowExW, RegisterClassExW, DisplayConfigGetDeviceInfo, GetClassInfoW, IsWindow, GetDoubleClickTime, DefWindowProcW, GetMenuItemInfoW |
GDI32.dll | DeleteDC, DescribePixelFormat, GetPixelFormat, SwapBuffers, GetBitmapBits, GetObjectW, CreateFontIndirectW, SelectObject, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, SetLayout, OffsetRgn, DeleteObject, CreateRectRgn, CombineRgn, SetPixelFormat, ChoosePixelFormat, GetDeviceCaps, CreateDCW, CreateBitmap, EnumFontFamiliesExW, ExtTextOutW, SetWorldTransform, SetTextAlign, SetTextColor, SetGraphicsMode, SetBkMode, GetCharABCWidthsI, GetCharWidthI, GetTextExtentPoint32W, GetOutlineTextMetricsW, GetGlyphOutlineW, GetCharABCWidthsFloatW, GetCharABCWidthsW, GetStockObject, GetDIBits, GdiFlush, CreateDIBSection, GetTextFaceW, GetTextMetricsW, RemoveFontMemResourceEx, AddFontMemResourceEx, RemoveFontResourceExW, AddFontResourceExW, GetFontData |
SHELL32.dll | SHGetKnownFolderPath, CommandLineToArgvW, Shell_NotifyIconGetRect, Shell_NotifyIconW, SHBrowseForFolderW, SHGetKnownFolderIDList, SHGetPathFromIDListW, SHGetMalloc, SHCreateItemFromParsingName, SHCreateItemFromIDList, SHGetFileInfoW, SHGetStockIconInfo, ShellExecuteW |
ole32.dll | RevokeDragDrop, CoUninitialize, CoLockObjectExternal, CoInitialize, CoCreateInstance, DoDragDrop, CoGetMalloc, CoCreateGuid, CoInitializeEx, OleIsCurrentClipboard, OleFlushClipboard, OleGetClipboard, OleSetClipboard, ReleaseStgMedium, CoTaskMemFree, OleUninitialize, OleInitialize, RegisterDragDrop |
OLEAUT32.dll | GetErrorInfo, SysFreeString, SafeArrayPutElement, SafeArrayCreateVector, SysAllocString, VariantInit, VariantClear, SetErrorInfo, SysStringLen |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Download Network PCAP: filtered – full
- Total Packets: 80
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 24, 2024 03:48:41.587380886 CEST | 49705 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:48:41.587479115 CEST | 443 | 49705 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:48:41.587558985 CEST | 49705 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:48:41.638197899 CEST | 49705 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:48:41.638225079 CEST | 443 | 49705 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:48:41.638273001 CEST | 443 | 49705 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:48:46.632282972 CEST | 49706 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:48:46.632381916 CEST | 443 | 49706 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:48:46.632478952 CEST | 49706 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:48:46.632694960 CEST | 49706 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:48:46.632735968 CEST | 443 | 49706 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:48:46.632838964 CEST | 443 | 49706 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:48:51.632508993 CEST | 49707 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:48:51.632586002 CEST | 443 | 49707 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:48:51.632683039 CEST | 49707 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:48:51.632880926 CEST | 49707 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:48:51.632915974 CEST | 443 | 49707 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:48:51.632968903 CEST | 443 | 49707 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:48:56.632344007 CEST | 49708 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:48:56.632456064 CEST | 443 | 49708 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:48:56.632554054 CEST | 49708 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:48:56.632760048 CEST | 49708 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:48:56.632793903 CEST | 443 | 49708 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:48:56.632858992 CEST | 443 | 49708 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:01.632312059 CEST | 49715 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:01.632350922 CEST | 443 | 49715 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:01.632520914 CEST | 49715 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:01.632767916 CEST | 49715 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:01.632783890 CEST | 443 | 49715 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:01.632842064 CEST | 443 | 49715 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:06.632225037 CEST | 49716 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:06.632308006 CEST | 443 | 49716 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:06.632397890 CEST | 49716 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:06.632615089 CEST | 49716 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:06.632648945 CEST | 443 | 49716 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:06.632709980 CEST | 443 | 49716 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:11.635708094 CEST | 49717 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:11.635757923 CEST | 443 | 49717 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:11.635843039 CEST | 49717 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:11.637509108 CEST | 49717 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:11.637567043 CEST | 443 | 49717 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:11.637619972 CEST | 49717 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:16.632325888 CEST | 49718 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:16.632355928 CEST | 443 | 49718 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:16.632422924 CEST | 49718 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:16.632647991 CEST | 49718 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:16.632658005 CEST | 443 | 49718 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:16.632690907 CEST | 443 | 49718 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:21.632272005 CEST | 49719 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:21.632370949 CEST | 443 | 49719 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:21.632605076 CEST | 49719 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:21.632895947 CEST | 49719 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:21.632936001 CEST | 443 | 49719 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:21.632978916 CEST | 443 | 49719 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:26.632276058 CEST | 49720 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:26.632380009 CEST | 443 | 49720 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:26.632464886 CEST | 49720 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:26.632684946 CEST | 49720 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:26.632738113 CEST | 443 | 49720 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:26.632790089 CEST | 443 | 49720 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:31.632215977 CEST | 49721 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:31.632246971 CEST | 443 | 49721 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:31.632316113 CEST | 49721 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:31.632848978 CEST | 49721 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:31.632862091 CEST | 443 | 49721 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:31.632906914 CEST | 443 | 49721 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:36.632400036 CEST | 49723 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:36.632452011 CEST | 443 | 49723 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:36.632642031 CEST | 49723 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:36.632798910 CEST | 49723 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:36.632819891 CEST | 443 | 49723 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:36.632904053 CEST | 443 | 49723 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:41.632230043 CEST | 49724 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:41.632261992 CEST | 443 | 49724 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:41.632451057 CEST | 49724 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:41.632694960 CEST | 49724 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:41.632707119 CEST | 443 | 49724 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:41.632906914 CEST | 443 | 49724 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:46.632639885 CEST | 49725 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:46.632736921 CEST | 443 | 49725 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:46.632827997 CEST | 49725 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:46.633321047 CEST | 49725 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:46.633655071 CEST | 443 | 49725 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:46.633738995 CEST | 49725 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:51.632633924 CEST | 49726 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:51.632739067 CEST | 443 | 49726 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:51.632853031 CEST | 49726 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:51.633089066 CEST | 49726 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:51.633110046 CEST | 443 | 49726 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:51.633483887 CEST | 443 | 49726 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:56.632322073 CEST | 49727 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:56.632364988 CEST | 443 | 49727 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:56.632441998 CEST | 49727 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:56.632724047 CEST | 49727 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:49:56.632734060 CEST | 443 | 49727 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:49:56.633008003 CEST | 443 | 49727 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:01.632363081 CEST | 49728 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:01.632509947 CEST | 443 | 49728 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:01.632615089 CEST | 49728 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:01.632857084 CEST | 49728 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:01.632879972 CEST | 443 | 49728 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:01.633032084 CEST | 443 | 49728 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:06.632211924 CEST | 49729 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:06.632268906 CEST | 443 | 49729 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:06.632338047 CEST | 49729 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:06.632664919 CEST | 49729 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:06.632684946 CEST | 443 | 49729 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:06.632797956 CEST | 443 | 49729 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:11.632498026 CEST | 49730 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:11.632544994 CEST | 443 | 49730 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:11.632747889 CEST | 49730 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:11.633013964 CEST | 49730 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:11.633032084 CEST | 443 | 49730 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:11.633282900 CEST | 443 | 49730 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:16.632405043 CEST | 49731 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:16.632525921 CEST | 443 | 49731 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:16.632616043 CEST | 49731 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:16.633006096 CEST | 49731 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:16.633094072 CEST | 443 | 49731 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:16.633157969 CEST | 443 | 49731 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:21.632272005 CEST | 49732 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:21.632388115 CEST | 443 | 49732 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:21.632534981 CEST | 49732 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:21.632864952 CEST | 49732 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:21.632916927 CEST | 443 | 49732 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:21.632980108 CEST | 49732 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:26.632262945 CEST | 49733 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:26.632349014 CEST | 443 | 49733 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:26.632435083 CEST | 49733 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:26.632663012 CEST | 49733 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:26.632700920 CEST | 443 | 49733 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:26.632741928 CEST | 443 | 49733 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:31.632467985 CEST | 49734 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:31.632554054 CEST | 443 | 49734 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:31.632658005 CEST | 49734 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:31.632896900 CEST | 49734 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:31.632915020 CEST | 443 | 49734 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:31.632988930 CEST | 443 | 49734 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:36.632225037 CEST | 49735 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:36.632283926 CEST | 443 | 49735 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:36.632353067 CEST | 49735 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:36.647398949 CEST | 49735 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:36.647430897 CEST | 443 | 49735 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:36.647540092 CEST | 443 | 49735 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:41.647968054 CEST | 49736 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:41.648010969 CEST | 443 | 49736 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:41.648191929 CEST | 49736 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:41.648540020 CEST | 49736 | 443 | 192.168.2.5 | 88.119.167.239 |
Jun 24, 2024 03:50:41.648633957 CEST | 443 | 49736 | 88.119.167.239 | 192.168.2.5 |
Jun 24, 2024 03:50:41.648797035 CEST | 49736 | 443 | 192.168.2.5 | 88.119.167.239 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 24, 2024 03:48:41.545923948 CEST | 52714 | 53 | 192.168.2.5 | 1.1.1.1 |
Jun 24, 2024 03:48:41.553235054 CEST | 53 | 52714 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jun 24, 2024 03:48:41.545923948 CEST | 192.168.2.5 | 1.1.1.1 | 0xe567 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jun 24, 2024 03:48:41.553235054 CEST | 1.1.1.1 | 192.168.2.5 | 0xe567 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 21:48:40 |
Start date: | 23/06/2024 |
Path: | C:\Users\user\Desktop\dwm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x140000000 |
File size: | 13'854'720 bytes |
MD5 hash: | 54D4B7E69178F0F53B1AF2113C476EC0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 21:48:40 |
Start date: | 23/06/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |