Windows
Analysis Report
plugin-newest_release_.exe
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
plugin-newest_release_.exe (PID: 6880 cmdline:
"C:\Users\ user\Deskt op\plugin- newest_rel ease_.exe" MD5: 55708F430C572FFFE83624C57FCBE657) plugin-newest_release_.tmp (PID: 6920 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-NBN HJ.tmp\plu gin-newest _release_. tmp" /SL5= "$103DE,86 5334,12134 4,C:\Users \user\Desk top\plugin -newest_re lease_.exe " MD5: BE3CC5717F5951662ADB399D613F20CC) plugin-newest_release_.exe (PID: 6344 cmdline:
"C:\Users\ user\Deskt op\plugin- newest_rel ease_.exe" /verysile nt /sp- MD5: 55708F430C572FFFE83624C57FCBE657) plugin-newest_release_.tmp (PID: 6256 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-VP1 HK.tmp\plu gin-newest _release_. tmp" /SL5= "$403F4,86 5334,12134 4,C:\Users \user\Desk top\plugin -newest_re lease_.exe " /verysil ent /sp- MD5: BE3CC5717F5951662ADB399D613F20CC) idp.exe (PID: 5516 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-VT0 4S.tmp\idp .exe" x "C :\Users\us er\AppData \Local\Tem p\is-VT04S .tmp\DontS leep_x64.z ip" -o"C:\ Users\user \AppData\L ocal\Progr ams\Common " -y -p19a 9c50a58c8b cd7082384f 7506df9c74 bcb439d904 efe09ba468 7fab6b3234 d MD5: 6482EE0F372469D1190C74BD70D76153) conhost.exe (PID: 4328 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-07T20:25:55.616045+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.8 | 49686 | 104.17.112.233 | 443 | TCP |
2025-03-07T20:25:59.489617+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.8 | 49687 | 164.132.58.105 | 443 | TCP |
- • AV Detection
- • Compliance
- • Spreading
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: |
Source: | Code function: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Process token adjusted: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Key value created or modified: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Key value created or modified: |
Source: | Window found: |
Source: | Window detected: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: |
Source: | Static PE information: |
Source: | Code function: | ||
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Thread sleep time: |
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: | ||
Source: | Key opened: |
Source: | WMI Queries: |
Source: | Last function: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: |
Source: | Code function: |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 12 Process Injection | 2 Virtualization/Sandbox Evasion | LSASS Memory | 111 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Native API | Logon Script (Windows) | 1 DLL Side-Loading | 1 Access Token Manipulation | Security Account Manager | 2 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 12 Process Injection | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 2 System Owner/User Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 3 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Software Packing | DCSync | 36 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | Virustotal | Browse | ||
16% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
4% | ReversingLabs | |||
4% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
tinyurl.com | 104.17.112.233 | true | false | high | |
rentry.org | 164.132.58.105 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
164.132.58.105 | rentry.org | France | 16276 | OVHFR | false | |
104.17.112.233 | tinyurl.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1632176 |
Start date and time: | 2025-03-07 20:24:48 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | plugin-newest_release_.exe |
Detection: | MAL |
Classification: | mal52.evad.winEXE@10/10@2/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): dllhost.exe - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenKeyEx calls foun d. - Report size getting too big, t
oo many NtProtectVirtualMemory calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
14:25:59 | API Interceptor |
Process: | C:\Users\user\AppData\Local\Temp\is-NBNHJ.tmp\plugin-newest_release_.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 530696 |
Entropy (8bit): | 6.855729200155896 |
Encrypted: | false |
SSDEEP: | 6144:yHYkjGzb5GB95kZ+E8iKjwNxxNgaifafGuy+BYeA1fYSWCyXHgL74LisvJc7c8MB:UHjEv9BaL+ilYSUwLUvvJcI8MpX4PQlR |
MD5: | 8D0EEBD8F9083EE140B42321C1DC6FE5 |
SHA1: | E0260AD414DDEA10CB35F73E1B2F957A86AFBC39 |
SHA-256: | A3B964BE72190820662C59ACE07C39B75D0DB587EEAD01E87E5D43DDF6CDA51E |
SHA-512: | B6B6E492F5F140DD6FF421944A8C4B75AC0743720192C4B1E7ACE0F0F38A5A9D2766C5A22C13B2BCFAE018EF29E0A0CBEB6BCA25F8CAC6DC944CDBD064B1A3CF |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-NBNHJ.tmp\plugin-newest_release_.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 6144 |
Entropy (8bit): | 4.720366600008286 |
Encrypted: | false |
SSDEEP: | 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0 |
MD5: | E4211D6D009757C078A9FAC7FF4F03D4 |
SHA1: | 019CD56BA687D39D12D4B13991C9A42EA6BA03DA |
SHA-256: | 388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95 |
SHA-512: | 17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E |
Malicious: | false |
Antivirus: |
|
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-NBNHJ.tmp\plugin-newest_release_.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 237568 |
Entropy (8bit): | 6.42067568634536 |
Encrypted: | false |
SSDEEP: | 3072:dnSx3lws+iWbUmJmE8dxMw7r+mjT5PbzEFwyGIyTcHY10tSB9j:IP0bUmQEUr+mRcbTx4N |
MD5: | 55C310C0319260D798757557AB3BF636 |
SHA1: | 0892EB7ED31D8BB20A56C6835990749011A2D8DE |
SHA-256: | 54E7E0AD32A22B775131A6288F083ED3286A9A436941377FC20F85DD9AD983ED |
SHA-512: | E0082109737097658677D7963CBF28D412DCA3FA8F5812C2567E53849336CE45EBAE2C0430DF74BFE16C0F3EEBB46961BC1A10F32CA7947692A900162128AE57 |
Malicious: | false |
Antivirus: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\plugin-newest_release_.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1185792 |
Entropy (8bit): | 6.397623231254155 |
Encrypted: | false |
SSDEEP: | 24576:wnbbPImgK4brDi4IxgRqzwqNb+Yz71P2EN29cnDdqxyt:GHeKh4nqzF1Px2io |
MD5: | BE3CC5717F5951662ADB399D613F20CC |
SHA1: | F776BC4344AD59FBD6950D24D3AA6DDDB3DF215A |
SHA-256: | 8F0BEB5863D190B7B2CFE7F506F3B721AB6B9E892337A133364F2BA710931B25 |
SHA-512: | FBE0AAB2194E4F09CBDBED770D862A4F9F2672A5C8346EE7E392341973C75CFC0B8C66A132E5A2BB22FB6E265CB40B45DFB05FB076C74914FAED35E1E476A2CD |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\plugin-newest_release_.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1185792 |
Entropy (8bit): | 6.397623231254155 |
Encrypted: | false |
SSDEEP: | 24576:wnbbPImgK4brDi4IxgRqzwqNb+Yz71P2EN29cnDdqxyt:GHeKh4nqzF1Px2io |
MD5: | BE3CC5717F5951662ADB399D613F20CC |
SHA1: | F776BC4344AD59FBD6950D24D3AA6DDDB3DF215A |
SHA-256: | 8F0BEB5863D190B7B2CFE7F506F3B721AB6B9E892337A133364F2BA710931B25 |
SHA-512: | FBE0AAB2194E4F09CBDBED770D862A4F9F2672A5C8346EE7E392341973C75CFC0B8C66A132E5A2BB22FB6E265CB40B45DFB05FB076C74914FAED35E1E476A2CD |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-VP1HK.tmp\plugin-newest_release_.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 530696 |
Entropy (8bit): | 6.855729200155896 |
Encrypted: | false |
SSDEEP: | 6144:yHYkjGzb5GB95kZ+E8iKjwNxxNgaifafGuy+BYeA1fYSWCyXHgL74LisvJc7c8MB:UHjEv9BaL+ilYSUwLUvvJcI8MpX4PQlR |
MD5: | 8D0EEBD8F9083EE140B42321C1DC6FE5 |
SHA1: | E0260AD414DDEA10CB35F73E1B2F957A86AFBC39 |
SHA-256: | A3B964BE72190820662C59ACE07C39B75D0DB587EEAD01E87E5D43DDF6CDA51E |
SHA-512: | B6B6E492F5F140DD6FF421944A8C4B75AC0743720192C4B1E7ACE0F0F38A5A9D2766C5A22C13B2BCFAE018EF29E0A0CBEB6BCA25F8CAC6DC944CDBD064B1A3CF |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-VP1HK.tmp\plugin-newest_release_.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 6144 |
Entropy (8bit): | 4.720366600008286 |
Encrypted: | false |
SSDEEP: | 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0 |
MD5: | E4211D6D009757C078A9FAC7FF4F03D4 |
SHA1: | 019CD56BA687D39D12D4B13991C9A42EA6BA03DA |
SHA-256: | 388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95 |
SHA-512: | 17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-VP1HK.tmp\plugin-newest_release_.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 237568 |
Entropy (8bit): | 6.42067568634536 |
Encrypted: | false |
SSDEEP: | 3072:dnSx3lws+iWbUmJmE8dxMw7r+mjT5PbzEFwyGIyTcHY10tSB9j:IP0bUmQEUr+mRcbTx4N |
MD5: | 55C310C0319260D798757557AB3BF636 |
SHA1: | 0892EB7ED31D8BB20A56C6835990749011A2D8DE |
SHA-256: | 54E7E0AD32A22B775131A6288F083ED3286A9A436941377FC20F85DD9AD983ED |
SHA-512: | E0082109737097658677D7963CBF28D412DCA3FA8F5812C2567E53849336CE45EBAE2C0430DF74BFE16C0F3EEBB46961BC1A10F32CA7947692A900162128AE57 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-VP1HK.tmp\plugin-newest_release_.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 847360 |
Entropy (8bit): | 6.655399003035542 |
Encrypted: | false |
SSDEEP: | 24576:N5Oh3oXwjoThmYgKmRCcBcIGvymfIRNM9+1nG0:Ng9ogjoVsRlBAPV+40 |
MD5: | 6482EE0F372469D1190C74BD70D76153 |
SHA1: | 9001213D28E5B0B18AA24114A38A1EFE1A767698 |
SHA-256: | 4B7FC7818F3168945DBEDADCFD7AAF470B88543EF6B685619AD1C942AC3B1DED |
SHA-512: | 6A5C2BDF58CD8DEADF51302D8F8B17A14908809EF700A1E366E7D107B1E22ABE8CAF1F68E7EB9D35E9B519793699C3492323F6577C3569A56AC3C845516625F3 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-VT04S.tmp\idp.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 415 |
Entropy (8bit): | 4.90296454717944 |
Encrypted: | false |
SSDEEP: | 6:AMpnOMvotkMylHcAxXF2SaieCHhJ23fzIdqmaLgbWoJPXCHhJ23fzIdCtGvovnb6:pt6wnRwFi3mQ1xiCtGKqK2 |
MD5: | 8E24313A38F9D87C7B997FA29A3EFAD9 |
SHA1: | E86696FC63223ABD7678AA327808DF04E1354CB3 |
SHA-256: | 420CA8B092DE23273EB69A0EF1BE12450DBD107A0301D5F99A69559A0F6F730E |
SHA-512: | 4624CB74F07C4A41B038D8B254F554E6993DF312795314AAA8B011491D9E6ECC4CD7CEE4A92E989BC692114E56E82BB87B1AE5F4A84802B3BC59FDB893185399 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.954848249731403 |
TrID: |
|
File name: | plugin-newest_release_.exe |
File size: | 1'640'566 bytes |
MD5: | 55708f430c572fffe83624c57fcbe657 |
SHA1: | f5ce9f6ac27e11df7142c7ce88697836388d7341 |
SHA256: | 977f445d047b424892794025f0306a7d1c6e0600c590ebc029b210692b6f5383 |
SHA512: | 85945a1c183e589d450029d136dde184b68934ceaedfcca344b31da5aabbc97eb5c17d799fbcdbdb55272c1e18ca3846a20934785d81244a653a4b3d9bdf9d93 |
SSDEEP: | 24576:L86hvqKNIYzqm6LDQm3zZ/sHTISn+/Dev8l+MDnbBM8r5WUY4pv1LNdYryk:/5IY+m6nxZ/8TISnMDev0bBM8/Y4pviP |
TLSH: | 6F752303B3CB1432F4982D368CB4C414AD677DF819FAA11A2CB5D60D1ABE9D68C77762 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 2d2e3797b32b2b99 |
Entrypoint: | 0x41181c |
Entrypoint Section: | .itext |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5B1A0D8D [Fri Jun 8 05:01:01 2018 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 20dd26497880c05caed9305b3c8b9109 |
Signature Valid: | false |
Signature Issuer: | CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 02FA1932AC9D3D360F3D0323CCDA30EC |
Thumbprint SHA-1: | 0181DA2D78A2EC6E6966C59A0A663E9D8F0C2F93 |
Thumbprint SHA-256: | AD02A24C8D2FFBC5F7E946048F23967690A9EE43C5B6842093AD345CA83FB7B5 |
Serial: | 688627716A10C6EBD3648632 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFA4h |
push ebx |
push esi |
push edi |
xor eax, eax |
mov dword ptr [ebp-3Ch], eax |
mov dword ptr [ebp-40h], eax |
mov dword ptr [ebp-5Ch], eax |
mov dword ptr [ebp-30h], eax |
mov dword ptr [ebp-38h], eax |
mov dword ptr [ebp-34h], eax |
mov dword ptr [ebp-2Ch], eax |
mov dword ptr [ebp-28h], eax |
mov dword ptr [ebp-14h], eax |
mov eax, 0041015Ch |
call 00007F5374D1BABDh |
xor eax, eax |
push ebp |
push 00411EFEh |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
xor edx, edx |
push ebp |
push 00411EBAh |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
mov eax, dword ptr [00415B48h] |
call 00007F5374D2421Bh |
call 00007F5374D23D6Ah |
cmp byte ptr [00412AE0h], 00000000h |
je 00007F5374D26D3Eh |
call 00007F5374D24330h |
xor eax, eax |
call 00007F5374D19B55h |
lea edx, dword ptr [ebp-14h] |
xor eax, eax |
call 00007F5374D20D9Bh |
mov edx, dword ptr [ebp-14h] |
mov eax, 00418658h |
call 00007F5374D1A12Ah |
push 00000002h |
push 00000000h |
push 00000001h |
mov ecx, dword ptr [00418658h] |
mov dl, 01h |
mov eax, dword ptr [0040C04Ch] |
call 00007F5374D216B2h |
mov dword ptr [0041865Ch], eax |
xor edx, edx |
push ebp |
push 00411E66h |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
call 00007F5374D2428Eh |
mov dword ptr [00418664h], eax |
mov eax, dword ptr [00418664h] |
cmp dword ptr [eax+0Ch], 01h |
jne 00007F5374D26D7Ah |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x19000 | 0xe04 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1c000 | 0xb200 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x18df6e | 0x2908 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x1b000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x19304 | 0x214 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xf25c | 0xf400 | 0da5d73ffbc41792fa65a09058a91476 | False | 0.5482197745901639 | data | 6.375879013420213 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0x11000 | 0xfa4 | 0x1000 | 2eb275566563c3f1d0099a0da7345b74 | False | 0.563720703125 | data | 5.778765357049134 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x12000 | 0xc8c | 0xe00 | 73b859e23f5fd17e00c08db2e0e73dfe | False | 0.25362723214285715 | data | 2.3028287433175367 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x13000 | 0x56bc | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x19000 | 0xe04 | 0x1000 | e9b9c0328fd9628ad4d6ab8283dcb20e | False | 0.321533203125 | data | 4.597812557707959 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x1a000 | 0x8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x1b000 | 0x18 | 0x200 | 3dffc444ccc131c9dcee18db49ee6403 | False | 0.05078125 | data | 0.2044881574398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x1c000 | 0xb200 | 0xb200 | 523facfe6cbb31c3afe25bedfd7e91b7 | False | 0.17834884129213482 | data | 4.142505918306035 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x1c41c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Dutch | Netherlands | 0.5675675675675675 |
RT_ICON | 0x1c544 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | Dutch | Netherlands | 0.4486994219653179 |
RT_ICON | 0x1caac | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Dutch | Netherlands | 0.4637096774193548 |
RT_ICON | 0x1cd94 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | Dutch | Netherlands | 0.3935018050541516 |
RT_STRING | 0x1d63c | 0x68 | data | 0.6538461538461539 | ||
RT_STRING | 0x1d6a4 | 0xd4 | data | 0.5283018867924528 | ||
RT_STRING | 0x1d778 | 0xa4 | data | 0.6524390243902439 | ||
RT_STRING | 0x1d81c | 0x2ac | data | 0.45614035087719296 | ||
RT_STRING | 0x1dac8 | 0x34c | data | 0.4218009478672986 | ||
RT_STRING | 0x1de14 | 0x294 | data | 0.4106060606060606 | ||
RT_RCDATA | 0x1e0a8 | 0x82e8 | data | English | United States | 0.11261637622344235 |
RT_RCDATA | 0x26390 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x263a0 | 0x150 | data | 0.8392857142857143 | ||
RT_RCDATA | 0x264f0 | 0x2c | data | 1.2045454545454546 | ||
RT_GROUP_ICON | 0x2651c | 0x3e | data | English | United States | 0.8387096774193549 |
RT_VERSION | 0x2655c | 0x4f4 | data | English | United States | 0.2910094637223975 |
RT_MANIFEST | 0x26a50 | 0x62c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4240506329113924 |
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey |
user32.dll | GetKeyboardType, LoadStringW, MessageBoxA, CharNextW |
kernel32.dll | GetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW |
user32.dll | CreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW |
kernel32.dll | WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle |
advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW |
comctl32.dll | InitCommonControls |
kernel32.dll | Sleep |
advapi32.dll | AdjustTokenPrivileges |
Description | Data |
---|---|
Comments | This installation was built with Inno Setup. |
CompanyName | Nenad Hrg (SoftwareOK.com) |
FileDescription | DontSleep |
FileVersion | 9.59.1.0 |
LegalCopyright | |
ProductName | DontSleep |
ProductVersion | 9.59.1.0 |
Translation | 0x0000 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Dutch | Netherlands | |
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-07T20:25:55.616045+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.8 | 49686 | 104.17.112.233 | 443 | TCP |
2025-03-07T20:25:59.489617+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.8 | 49687 | 164.132.58.105 | 443 | TCP |
- Total Packets: 20
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 7, 2025 20:25:47.544495106 CET | 49686 | 443 | 192.168.2.8 | 104.17.112.233 |
Mar 7, 2025 20:25:47.544540882 CET | 443 | 49686 | 104.17.112.233 | 192.168.2.8 |
Mar 7, 2025 20:25:47.544599056 CET | 49686 | 443 | 192.168.2.8 | 104.17.112.233 |
Mar 7, 2025 20:25:47.548432112 CET | 49686 | 443 | 192.168.2.8 | 104.17.112.233 |
Mar 7, 2025 20:25:47.548455954 CET | 443 | 49686 | 104.17.112.233 | 192.168.2.8 |
Mar 7, 2025 20:25:55.615808964 CET | 443 | 49686 | 104.17.112.233 | 192.168.2.8 |
Mar 7, 2025 20:25:55.616044998 CET | 49686 | 443 | 192.168.2.8 | 104.17.112.233 |
Mar 7, 2025 20:25:55.620336056 CET | 49686 | 443 | 192.168.2.8 | 104.17.112.233 |
Mar 7, 2025 20:25:55.620378971 CET | 443 | 49686 | 104.17.112.233 | 192.168.2.8 |
Mar 7, 2025 20:25:55.620677948 CET | 443 | 49686 | 104.17.112.233 | 192.168.2.8 |
Mar 7, 2025 20:25:55.679147005 CET | 49686 | 443 | 192.168.2.8 | 104.17.112.233 |
Mar 7, 2025 20:25:55.685628891 CET | 49686 | 443 | 192.168.2.8 | 104.17.112.233 |
Mar 7, 2025 20:25:55.728362083 CET | 443 | 49686 | 104.17.112.233 | 192.168.2.8 |
Mar 7, 2025 20:25:56.400598049 CET | 443 | 49686 | 104.17.112.233 | 192.168.2.8 |
Mar 7, 2025 20:25:56.421746016 CET | 49686 | 443 | 192.168.2.8 | 104.17.112.233 |
Mar 7, 2025 20:25:56.519794941 CET | 49687 | 443 | 192.168.2.8 | 164.132.58.105 |
Mar 7, 2025 20:25:56.519846916 CET | 443 | 49687 | 164.132.58.105 | 192.168.2.8 |
Mar 7, 2025 20:25:56.519927025 CET | 49687 | 443 | 192.168.2.8 | 164.132.58.105 |
Mar 7, 2025 20:25:56.520340919 CET | 49687 | 443 | 192.168.2.8 | 164.132.58.105 |
Mar 7, 2025 20:25:56.520375013 CET | 443 | 49687 | 164.132.58.105 | 192.168.2.8 |
Mar 7, 2025 20:25:59.489531994 CET | 443 | 49687 | 164.132.58.105 | 192.168.2.8 |
Mar 7, 2025 20:25:59.489617109 CET | 49687 | 443 | 192.168.2.8 | 164.132.58.105 |
Mar 7, 2025 20:25:59.605267048 CET | 49687 | 443 | 192.168.2.8 | 164.132.58.105 |
Mar 7, 2025 20:25:59.605310917 CET | 443 | 49687 | 164.132.58.105 | 192.168.2.8 |
Mar 7, 2025 20:25:59.605678082 CET | 443 | 49687 | 164.132.58.105 | 192.168.2.8 |
Mar 7, 2025 20:25:59.624377966 CET | 49687 | 443 | 192.168.2.8 | 164.132.58.105 |
Mar 7, 2025 20:25:59.672329903 CET | 443 | 49687 | 164.132.58.105 | 192.168.2.8 |
Mar 7, 2025 20:26:00.444390059 CET | 443 | 49687 | 164.132.58.105 | 192.168.2.8 |
Mar 7, 2025 20:26:00.444418907 CET | 443 | 49687 | 164.132.58.105 | 192.168.2.8 |
Mar 7, 2025 20:26:00.444473982 CET | 49687 | 443 | 192.168.2.8 | 164.132.58.105 |
Mar 7, 2025 20:26:00.444511890 CET | 443 | 49687 | 164.132.58.105 | 192.168.2.8 |
Mar 7, 2025 20:26:00.444529057 CET | 443 | 49687 | 164.132.58.105 | 192.168.2.8 |
Mar 7, 2025 20:26:00.444605112 CET | 49687 | 443 | 192.168.2.8 | 164.132.58.105 |
Mar 7, 2025 20:26:00.446819067 CET | 49687 | 443 | 192.168.2.8 | 164.132.58.105 |
Mar 7, 2025 20:26:00.446846008 CET | 443 | 49687 | 164.132.58.105 | 192.168.2.8 |
Mar 7, 2025 20:26:00.446856976 CET | 49687 | 443 | 192.168.2.8 | 164.132.58.105 |
Mar 7, 2025 20:26:00.446867943 CET | 443 | 49687 | 164.132.58.105 | 192.168.2.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 7, 2025 20:25:47.497876883 CET | 55588 | 53 | 192.168.2.8 | 1.1.1.1 |
Mar 7, 2025 20:25:47.505459070 CET | 53 | 55588 | 1.1.1.1 | 192.168.2.8 |
Mar 7, 2025 20:25:56.441123962 CET | 57971 | 53 | 192.168.2.8 | 1.1.1.1 |
Mar 7, 2025 20:25:56.464108944 CET | 53 | 57971 | 1.1.1.1 | 192.168.2.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 7, 2025 20:25:47.497876883 CET | 192.168.2.8 | 1.1.1.1 | 0x29c1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 7, 2025 20:25:56.441123962 CET | 192.168.2.8 | 1.1.1.1 | 0xf7d2 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 7, 2025 20:25:47.505459070 CET | 1.1.1.1 | 192.168.2.8 | 0x29c1 | No error (0) | 104.17.112.233 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 20:25:47.505459070 CET | 1.1.1.1 | 192.168.2.8 | 0x29c1 | No error (0) | 104.18.111.161 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 20:25:56.464108944 CET | 1.1.1.1 | 192.168.2.8 | 0xf7d2 | No error (0) | 164.132.58.105 | A (IP address) | IN (0x0001) | false |
|
Click to jump to process
Target ID: | 0 |
Start time: | 14:25:40 |
Start date: | 07/03/2025 |
Path: | C:\Users\user\Desktop\plugin-newest_release_.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'640'566 bytes |
MD5 hash: | 55708F430C572FFFE83624C57FCBE657 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 14:25:40 |
Start date: | 07/03/2025 |
Path: | C:\Users\user\AppData\Local\Temp\is-NBNHJ.tmp\plugin-newest_release_.tmp |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'185'792 bytes |
MD5 hash: | BE3CC5717F5951662ADB399D613F20CC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 14:25:44 |
Start date: | 07/03/2025 |
Path: | C:\Users\user\Desktop\plugin-newest_release_.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'640'566 bytes |
MD5 hash: | 55708F430C572FFFE83624C57FCBE657 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:25:44 |
Start date: | 07/03/2025 |
Path: | C:\Users\user\AppData\Local\Temp\is-VP1HK.tmp\plugin-newest_release_.tmp |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'185'792 bytes |
MD5 hash: | BE3CC5717F5951662ADB399D613F20CC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 5 |
Start time: | 14:25:59 |
Start date: | 07/03/2025 |
Path: | C:\Users\user\AppData\Local\Temp\is-VT04S.tmp\idp.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbc0000 |
File size: | 847'360 bytes |
MD5 hash: | 6482EE0F372469D1190C74BD70D76153 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 14:25:59 |
Start date: | 07/03/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6e60e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |