Edit tour
Windows
Analysis Report
https://swishmax.en.download.it/
Overview
General Information
| Sample URL: | https://swishmax.en.download.it/ |
| Analysis ID: | 1503745 |
| Infos: |   |
 | |
Detection
LummaC Stealer, PureLog Stealer
| Score: | 96 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Yara detected LummaC Stealer
Yara detected PureLog Stealer
Changes security center settings (notifications, updates, antivirus, firewall)
HTML page contains obfuscated javascript
Hides that the sample has been downloaded from the Internet (zone.identifier)
Installs Task Scheduler Managed Wrapper
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTML page contains hidden javascript code
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Potential browser exploit detected (process start blacklist hit)
Queries disk information (often used to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sigma detected: Use Short Name Path in Command Line
Stores files to the Windows start menu directory
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
query blbeacon for getting browser version
Classification
- System is w10x64_ra
chrome.exe (PID: 7004 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// swishmax.e n.download .it/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6212 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2104 --fi eld-trial- handle=203 2,i,162390 4719579720 976,130386 5548093103 0212,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1460 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= chrome.moj om.UtilRea dIcon --la ng=en-US - -service-s andbox-typ e=icon_rea der --mojo -platform- channel-ha ndle=6028 --field-tr ial-handle =2032,i,16 2390471957 9720976,13 0386554809 31030212,2 62144 --di sable-feat ures=Optim izationGui deModelDow nloading,O ptimizatio nHints,Opt imizationH intsFetchi ng,Optimiz ationTarge tPredictio n /prefetc h:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
svchost.exe (PID: 5452 cmdline: C:\Windows \System32\ svchost.ex e -k Netwo rkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
- SgrmBroker.exe (PID: 2972 cmdline:
C:\Windows \system32\ SgrmBroker .exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
- svchost.exe (PID: 1832 cmdline:
C:\Windows \System32\ svchost.ex e -k Local SystemNetw orkRestric ted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
- svchost.exe (PID: 3740 cmdline:
C:\Windows \system32\ svchost.ex e -k Unist ackSvcGrou p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
- svchost.exe (PID: 1132 cmdline:
C:\Windows \system32\ svchost.ex e -k netsv cs -p -s U soSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
- svchost.exe (PID: 448 cmdline:
C:\Windows \System32\ svchost.ex e -k Local ServiceNet workRestri cted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A) 
MpCmdRun.exe (PID: 6372 cmdline: "C:\Progra m Files\Wi ndows Defe nder\mpcmd run.exe" - wdenable MD5: B3676839B2EE96983F9ED735CD044159) 
conhost.exe (PID: 7376 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- svchost.exe (PID: 7352 cmdline:
C:\Windows \system32\ svchost.ex e -k netsv cs -p -s w lidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
rundll32.exe (PID: 7980 cmdline: C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
swishmax_lYJ4-o1.exe (PID: 6404 cmdline: "C:\Users\ user\Downl oads\swish max_lYJ4-o 1.exe" MD5: 4CEF35CB56164E4427C8890CF5CDFD85) - swishmax_lYJ4-o1.tmp (PID: 7684 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-L5F 1F.tmp\swi shmax_lYJ4 -o1.tmp" / SL5="$3033 E,1583588, 832512,C:\ Users\user \Downloads \swishmax_ lYJ4-o1.ex e" MD5: 02B1D8FF84BCD4EBCB01156636269B99) - swishmax_lYJ4-o1.exe (PID: 8120 cmdline:
"C:\Users\ user\Downl oads\swish max_lYJ4-o 1.exe" /SP AWNWND=$80 2CA /NOTIF YWND=$3033 E MD5: 4CEF35CB56164E4427C8890CF5CDFD85) - swishmax_lYJ4-o1.tmp (PID: 3916 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-TV7 AU.tmp\swi shmax_lYJ4 -o1.tmp" / SL5="$5031 E,1583588, 832512,C:\ Users\user \Downloads \swishmax_ lYJ4-o1.ex e" /SPAWNW ND=$802CA /NOTIFYWND =$3033E MD5: 02B1D8FF84BCD4EBCB01156636269B99) - prod0.exe (PID: 2424 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-822 OR.tmp\pro d0.exe" -i p:"dui=9e1 46be9-c76a -4720-bcdb -53011b87b d06&dit=20 2409031631 50&is_sile nt=true&oc =ZB_RAV_Cr oss_Tri_NC B&p=f4cc&a =100&b=&se =true" -vp :"dui=9e14 6be9-c76a- 4720-bcdb- 53011b87bd 06&dit=202 4090316315 0&oc=ZB_RA V_Cross_Tr i_NCB&p=f4 cc&a=100&o ip=26&ptl= 7&dta=true " -dp:"dui =9e146be9- c76a-4720- bcdb-53011 b87bd06&di t=20240903 163150&oc= ZB_RAV_Cro ss_Tri_NCB &p=f4cc&a= 100" -i -v -d -se=tr ue MD5: 03228A9B975C727999E361D9CE6EBAA4) fqkw4q2n.exe (PID: 2332 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\fqkw4q 2n.exe" /s ilent MD5: 6F4BCF7A400733C5EF54E0211D6C76DA) 
UnifiedStub-installer.exe (PID: 6416 cmdline: .\UnifiedS tub-instal ler.exe /s ilent MD5: 493D5868E37861C6492F3AC509BED205) - rsSyncSvc.exe (PID: 4864 cmdline:
"C:\Progra m Files\Re asonLabs\C ommon\rsSy ncSvc.exe" -i -bn:Re asonLabs - pn:EPP -lp n:rav_anti virus -url :https://u pdate.reas onsecurity .com/v2/li ve -dt:10 MD5: F2738D0A3DF39A5590C243025D9ECBDA) - conhost.exe (PID: 8140 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
swishmax.exe (PID: 2908 cmdline: "C:\Users\ user\Downl oads\swish max.exe" MD5: 498BACF9A5D17343DB31F4E82B02A4E5) 
SwishMax.exe (PID: 1312 cmdline: "C:\Progra m Files (x 86)\SWiSHm ax\SwishMa x.exe" MD5: C5E1EF93015F08D704B6AFD75FEB1CAB) - chrome.exe (PID: 7484 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// support.sw ishzone.co m/unlock.a sp?SC=KLW0 5TBPCE1882 93KCDN8CND BW1J4CFF&A U=0&af_id= 0&LI=(1000 )&A=T MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1500 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1136 --fi eld-trial- handle=189 6,i,180195 4521412852 5578,82791 2878486857 1556,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7448 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// support.sw ishzone.co m/unlock.a sp?SC=KLW0 5TBPCE1882 93KCDN8CND BW1J4CFF&A U=0&af_id= 0&LI=(1000 )&A=T MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 4572 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1956 --fi eld-trial- handle=196 0,i,959430 9237064165 500,174862 0561608995 7152,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3292 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// support.sw ishzone.co m/unlock.a sp?SC=KLW0 5TBPCE1882 93KCDN8CND BW1J4CFF&A U=0&af_id= 0&LI=(1000 )&A=T MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6464 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2156 --fi eld-trial- handle=199 2,i,134778 1619858873 6164,16649 5350048755 98353,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) 
iexplore.exe (PID: 7816 cmdline: "C:\Progra m Files\In ternet Exp lorer\iexp lore.exe" "http://ww w.swishzon e.com/inst all.php?pi d=4&unlock proc=3" MD5: CFE2E6942AC1B72981B3105E22D3224E) - iexplore.exe (PID: 7532 cmdline:
"C:\Progra m Files (x 86)\Intern et Explore r\IEXPLORE .EXE" SCOD EF:7816 CR EDAT:17410 /prefetch :2 MD5: 6F0F06D6AB125A99E43335427066A4A1) - ie_to_edge_stub.exe (PID: 2400 cmdline:
"C:\Progra m Files (x 86)\Micros oft\Edge\A pplication \117.0.204 5.47\BHO\i e_to_edge_ stub.exe" --from-ie- to-edge=3 --ie-frame -hwnd=5032 6 MD5: 89CF8972D683795DAB6901BC9456675D) 
msedge.exe (PID: 8140 cmdline: "C:\Progra m Files (x 86)\Micros oft\Edge\A pplication \msedge.ex e" --from- ie-to-edge =3 --ie-fr ame-hwnd=5 0326 MD5: 69222B8101B0601CC6663F8381E7E00F) - msedge.exe (PID: 2396 cmdline:
"C:\Progra m Files (x 86)\Micros oft\Edge\A pplication \msedge.ex e" --type= utility -- utility-su b-type=net work.mojom .NetworkSe rvice --la ng=en-GB - -service-s andbox-typ e=none --m ojo-platfo rm-channel -handle=22 08 --field -trial-han dle=2148,i ,116898912 8944208729 6,15668555 0404939837 23,262144 /prefetch: 3 MD5: 69222B8101B0601CC6663F8381E7E00F) - ssvagent.exe (PID: 4912 cmdline:
"C:\PROGRA ~2\Java\jr e-1.8\bin\ ssvagent.e xe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0) - chrome.exe (PID: 7892 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// en.downloa d.it/?typ= 1 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7828 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2068 --fi eld-trial- handle=179 2,i,172456 8342697156 793,972997 6537374896 436,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) 
WerFault.exe (PID: 5796 cmdline: C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 916 -s 105 2 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 3048 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 916 -s 254 8 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- rsSyncSvc.exe (PID: 4060 cmdline:
"C:\Progra m Files\Re asonLabs\C ommon\rsSy ncSvc.exe" -pn:EPP - lpn:rav_an tivirus -u rl:https:/ /update.re asonsecuri ty.com/v2/ live -bn:R easonLabs -dt:10 MD5: F2738D0A3DF39A5590C243025D9ECBDA)
- svchost.exe (PID: 3436 cmdline:
C:\Windows \System32\ svchost.ex e -k WerSv cGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A) - WerFault.exe (PID: 8180 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -pss -s 476 -p 39 16 -ip 391 6 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 1344 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -pss -s 516 -p 39 16 -ip 391 6 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- msedge.exe (PID: 3936 cmdline:
"C:\Progra m Files (x 86)\Micros oft\Edge\A pplication \msedge.ex e" --from- ie-to-edge =3 --ie-fr ame-hwnd=5 0326 --fla g-switches -begin --f lag-switch es-end --d isable-nac l --do-not -de-elevat e MD5: 69222B8101B0601CC6663F8381E7E00F) - msedge.exe (PID: 8052 cmdline:
"C:\Progra m Files (x 86)\Micros oft\Edge\A pplication \msedge.ex e" --type= utility -- utility-su b-type=net work.mojom .NetworkSe rvice --la ng=en-GB - -service-s andbox-typ e=none --m ojo-platfo rm-channel -handle=21 64 --field -trial-han dle=2140,i ,153897720 0005487926 8,66664580 6842812863 6,262144 / prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F) - msedge.exe (PID: 2880 cmdline:
"C:\Progra m Files (x 86)\Micros oft\Edge\A pplication \msedge.ex e" --type= utility -- utility-su b-type=ass et_store.m ojom.Asset StoreServi ce --lang= en-GB --se rvice-sand box-type=a sset_store _service - -mojo-plat form-chann el-handle= 5816 --fie ld-trial-h andle=2140 ,i,1538977 2000054879 268,666645 8068428128 636,262144 /prefetch :8 MD5: 69222B8101B0601CC6663F8381E7E00F)
- cleanup
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
| JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
| JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
| JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
| JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
| Click to see the 4 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
| JoeSecurity_PureLogStealer | Yara detected PureLog Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security |
| Source: | Author: frack113, Nasreddine Bencherchali: | ||
| Source: | Author: vburov: | ||
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | ReversingLabs: | ||
| Source: | ReversingLabs: | ||
Phishing | |
|---|
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Directory created: | ||
| Source: | Registry value created: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | Key opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | Process created: | ||
Networking | |
|---|
| Source: | File source: | ||
| Source: | HTTP traffic detected: | ||