Windows
Analysis Report
raw_cbot.exe
Overview
General Information
Detection
Score: | 84 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
raw_cbot.exe (PID: 8012 cmdline:
"C:\Users\ user\Deskt op\raw_cbo t.exe" MD5: 9EF7EDFA24458412DD4667023FD8466B)
svchost.exe (PID: 8064 cmdline:
C:\Windows \System32\ svchost.ex e -k netsv cs -p -s B ITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
svchost.exe (PID: 7412 cmdline:
C:\Windows \System32\ svchost.ex e -k Netwo rkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
svchost.exe (PID: 7656 cmdline:
C:\Windows \system32\ svchost.ex e -k Unist ackSvcGrou p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
svchost.exe (PID: 7692 cmdline:
C:\Windows \System32\ svchost.ex e -k Local SystemNetw orkRestric ted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
svchost.exe (PID: 7756 cmdline:
C:\Windows \System32\ svchost.ex e -k Local ServiceNet workRestri cted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A) MpCmdRun.exe (PID: 3452 cmdline:
"C:\Progra m Files\Wi ndows Defe nder\mpcmd run.exe" - wdenable MD5: B3676839B2EE96983F9ED735CD044159) conhost.exe (PID: 4812 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
svchost.exe (PID: 4420 cmdline:
"C:\Users\ user\AppDa ta\Roaming \Microsoft \Windows\S tart Menu\ Programs\S tartup\svc host.exe" MD5: 9EF7EDFA24458412DD4667023FD8466B)
- cleanup
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Source: | Author: vburov: |
- • AV Detection
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Boot Survival
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | File opened / queried: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Last function: |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | Key value created or modified: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 11 Masquerading | OS Credential Dumping | 141 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 12 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 3 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 12 Registry Run Keys / Startup Folder | 3 Virtualization/Sandbox Evasion | Security Account Manager | 23 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
56% | Virustotal | Browse | ||
37% | ReversingLabs | Win64.Trojan.Barys |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
37% | ReversingLabs | Win64.Trojan.Barys | ||
37% | ReversingLabs | Win64.Trojan.Barys |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
58.9.110.23 | unknown | Thailand | 17552 | TRUE-AS-APTrueInternetCoLtdTH | true | |
176.65.142.252 | unknown | Germany | 8649 | WEBTRAFFICDE | true |
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1643734 |
Start date and time: | 2025-03-20 03:14:06 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | raw_cbot.exe |
Detection: | MAL |
Classification: | mal84.troj.adwa.evad.winEXE@10/9@0/3 |
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): WMIADAP.exe, SI HClient.exe, SgrmBroker.exe - Excluded IPs from analysis (wh
itelisted): 23.204.23.20, 4.24 5.163.56 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, ocsp.digicert.com, slscr.u pdate.microsoft.com, ctldl.win dowsupdate.com, prod.fs.micros oft.com.akadns.net, fs-wildcar d.microsoft.com.edgekey.net, f s-wildcard.microsoft.com.edgek ey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, c .pki.goog, fe3cr.delivery.mp.m icrosoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size exceeded maximum c
apacity and may have missing b ehavior information.
Time | Type | Description |
---|---|---|
02:15:08 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
58.9.110.23 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TRUE-AS-APTrueInternetCoLtdTH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
WEBTRAFFICDE | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | Batch Injector, Remcos | Browse |
| ||
Get hash | malicious | Batch Injector, Remcos | Browse |
| ||
Get hash | malicious | Batch Injector, Remcos | Browse |
| ||
Get hash | malicious | ScreenConnect Tool, AsyncRAT, StormKitty, VenomRAT | Browse |
| ||
Get hash | malicious | PureLog Stealer, Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8192 |
Entropy (8bit): | 0.363788168458258 |
Encrypted: | false |
SSDEEP: | 6:6xPoaaD0JOCEfMuaaD0JOCEfMKQmDNOxPoaaD0JOCEfMuaaD0JOCEfMKQmDN:1aaD0JcaaD0JwQQbaaD0JcaaD0JwQQ |
MD5: | 0E72F896C84F1457C62C0E20338FAC0D |
SHA1: | 9C071CC3D15E5BD8BF603391AE447202BD9F8537 |
SHA-256: | 686DC879EA8690C42D3D5D10D0148AE7110FA4D8DCCBF957FB8E41EE3D4A42B3 |
SHA-512: | AAA5BE088708DABC2EC9A7A6632BDF5700BE719D3F72B732BD2DFD1A3CFDD5C8884BFA4951DB0C499AF423EC30B14A49A30FBB831D1B0A880FE10053043A4251 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310720 |
Entropy (8bit): | 1.3107706451904466 |
Encrypted: | false |
SSDEEP: | 3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvr0:KooCEYhgYEL0In |
MD5: | 650D49CB756AD4161BB033A98932950D |
SHA1: | A0289DCE2DC391927DD244EC57BE71C227259E06 |
SHA-256: | 697DED1EE1C34B074BDDB946C6BEEFA807B8A5689084E0077B20CE64A7B33226 |
SHA-512: | D155572F3B32409B2093C8A7C03403D9B54D423ABCB1CCA1EC49BAF5B4D9C0F099BA97F7B46EADE78230BF8D22209714D4B2B9AA7CAA5E78CB24B1C3AC45C8DA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310720 |
Entropy (8bit): | 0.42216995823620856 |
Encrypted: | false |
SSDEEP: | 1536:HSB2ESB2SSjlK/uedMrSU0OrsJzvqYkr3g16f2UPkLk+ku4/Iw4KKazAkUk1k2DO:Hazag03A2UrzJDO |
MD5: | FE91E7B265A57EC556C5FB89CF0B16E8 |
SHA1: | 9BF08CD9325296B6D36E68737340953B7B846C3F |
SHA-256: | 82D3B467591C74350C4675A179E9AA60560898C37CB0C47B0D75FF0DDB0982C8 |
SHA-512: | 2561F7FD390B94F2241656097335F18DD9B8E66BF89D1ABF11E4CC954D0A96228E7774238BC69FB73F9B58E8F7C0893D472CDB629C5596C2B1A119D0C7F9C92A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.07828854525991015 |
Encrypted: | false |
SSDEEP: | 3:t/tOetYeUcxy1t/Onxejt/cK+xvQ/AllOE/tlnl+/rTc:1trzFm1OxeBcqApMP |
MD5: | 980AAB2065F5059A7AE2C3F2F7A18FD8 |
SHA1: | CF5754B79CD82CD9368D75B6BA2079FC17C0EB94 |
SHA-256: | 39BE583F4A680C6015C653CB7E7BEF806573DEB0EF8315352B2616D2C0C51BFF |
SHA-512: | A6927AD3A8727148C4B85E29016508CE1555AEBA620130A0BF9299964D54DBF6D3BB618D2072F5291C6F2749ABB96ACD1BCE8F8FB18D2349704475E116205D09 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\raw_cbot.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61952 |
Entropy (8bit): | 6.069918401167628 |
Encrypted: | false |
SSDEEP: | 768:EX/VDdl1ooSHqckQSZecQu0hsehhRxU5UluWaXVpuvYD1bvOn40XZ00yanOuSx4:SpVooz2LZrTculaVEvWpOnr00yjg |
MD5: | 9EF7EDFA24458412DD4667023FD8466B |
SHA1: | 696A87AE39645223F5149F455C32D77135F67CBD |
SHA-256: | 1FC13FF144F070E7CEC92DD959EC889DF2928B8220E420EC3BA2A78BCBEB7E13 |
SHA-512: | 45F75AD39E7D5A006D265257259A9036B26C9B9C4BACFEE0D37A86A84DFDFD5D52EBD15C9A0E46AC2E70D3DEA46CCEAC1B6EA7A5F42B879F0660DCDE13DBD4FE |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\raw_cbot.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\raw_cbot.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61952 |
Entropy (8bit): | 6.069918401167628 |
Encrypted: | false |
SSDEEP: | 768:EX/VDdl1ooSHqckQSZecQu0hsehhRxU5UluWaXVpuvYD1bvOn40XZ00yanOuSx4:SpVooz2LZrTculaVEvWpOnr00yjg |
MD5: | 9EF7EDFA24458412DD4667023FD8466B |
SHA1: | 696A87AE39645223F5149F455C32D77135F67CBD |
SHA-256: | 1FC13FF144F070E7CEC92DD959EC889DF2928B8220E420EC3BA2A78BCBEB7E13 |
SHA-512: | 45F75AD39E7D5A006D265257259A9036B26C9B9C4BACFEE0D37A86A84DFDFD5D52EBD15C9A0E46AC2E70D3DEA46CCEAC1B6EA7A5F42B879F0660DCDE13DBD4FE |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 55 |
Entropy (8bit): | 4.306461250274409 |
Encrypted: | false |
SSDEEP: | 3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y |
MD5: | DCA83F08D448911A14C22EBCACC5AD57 |
SHA1: | 91270525521B7FE0D986DB19747F47D34B6318AD |
SHA-256: | 2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9 |
SHA-512: | 96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Windows Defender\MpCmdRun.exe |
File Type: | |
Category: | modified |
Size (bytes): | 7388 |
Entropy (8bit): | 3.24091864456928 |
Encrypted: | false |
SSDEEP: | 96:cEi+AAsoJjykzEJ+AAsoJjykHE46+AAsoJjykIE:cN+SoJbO+SoJvR6+SoJAE |
MD5: | FCDD3B5FC4C17945ED67DF720F13C9E5 |
SHA1: | 42EED295FE6400B582D0E27CE4F635064D3ADEB1 |
SHA-256: | 3B2A1E855B43AA754DA7B865CFA82A86D2B2F932081DDEB85F219DE8C4BE8EE9 |
SHA-512: | 3FA5A3EC5023DC8F44302D51C72161C41AD6CE42F67301C5D9F28E20677777C4B77CD7EE48C15E7035CEC787A2502873FA3A9398F02A2DEB0836029BA47ABFE9 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.069918401167628 |
TrID: |
|
File name: | raw_cbot.exe |
File size: | 61'952 bytes |
MD5: | 9ef7edfa24458412dd4667023fd8466b |
SHA1: | 696a87ae39645223f5149f455c32d77135f67cbd |
SHA256: | 1fc13ff144f070e7cec92dd959ec889df2928b8220e420ec3ba2a78bcbeb7e13 |
SHA512: | 45f75ad39e7d5a006d265257259a9036b26c9b9c4bacfee0d37a86a84dfdfd5d52ebd15c9a0e46ac2e70d3dea46cceac1b6ea7a5f42b879f0660dcde13dbd4fe |
SSDEEP: | 768:EX/VDdl1ooSHqckQSZecQu0hsehhRxU5UluWaXVpuvYD1bvOn40XZ00yanOuSx4:SpVooz2LZrTculaVEvWpOnr00yjg |
TLSH: | 5C531B1BB34354EDC62AD5B486BFAB33B672B8920630AF3F52A4E7701E10E605F5A514 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......g...............&.......................@.............................p......e.....`... ............................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x1400014d0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x67D6EDDC [Sun Mar 16 15:27:24 2025 UTC] |
TLS Callbacks: | 0x40004e80, 0x1, 0x40004e50, 0x1 |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | c6f8590df3a6e8e386690a3f3b0cf556 |
Instruction |
---|
dec eax |
sub esp, 28h |
dec eax |
mov eax, dword ptr [0000CEE5h] |
mov dword ptr [eax], 00000001h |
call 00007F6EA0E472BFh |
nop |
nop |
dec eax |
add esp, 28h |
ret |
nop dword ptr [eax] |
dec eax |
sub esp, 28h |
dec eax |
mov eax, dword ptr [0000CEC5h] |
mov dword ptr [eax], 00000000h |
call 00007F6EA0E4729Fh |
nop |
nop |
dec eax |
add esp, 28h |
ret |
nop dword ptr [eax] |
dec eax |
sub esp, 28h |
call 00007F6EA0E50BD4h |
dec eax |
test eax, eax |
sete al |
movzx eax, al |
neg eax |
dec eax |
add esp, 28h |
ret |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
dec eax |
lea ecx, dword ptr [00000009h] |
jmp 00007F6EA0E475E9h |
nop dword ptr [eax+00h] |
ret |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
dec eax |
sub esp, 38h |
dec esp |
mov eax, dword ptr [0000CDA5h] |
dec ebp |
mov edx, dword ptr [eax] |
dec esp |
mov dword ptr [esp+28h], edx |
inc ebp |
xor edx, edx |
mov word ptr [esp+26h], 0000h |
cmp edx, 01h |
jle 00007F6EA0E47622h |
inc esp |
movzx ebx, word ptr [ecx] |
dec eax |
add ecx, 02h |
sub edx, 02h |
inc ebp |
add edx, ebx |
jmp 00007F6EA0E475FDh |
jne 00007F6EA0E47620h |
mov dl, byte ptr [ecx] |
mov byte ptr [esp+26h], dl |
movzx ecx, word ptr [esp+26h] |
inc ecx |
add edx, ecx |
inc ebp |
mov ecx, edx |
inc ecx |
movzx eax, word ptr [eax] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x12000 | 0xe80 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x15000 | 0x3b0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0xf000 | 0x714 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x16000 | 0x98 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xdbe0 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x123c8 | 0x350 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xa540 | 0xa600 | a35fc22fa5f702d6a262b7e9ced74b05 | False | 0.5507341867469879 | data | 6.242709308827174 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0xc000 | 0x100 | 0x200 | 3e73fd0a1b3c609970935400c78dc530 | False | 0.1640625 | data | 1.0307701636188438 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xd000 | 0x1a50 | 0x1c00 | bcf1448c63dd02634b8bb5f2cb923d1f | False | 0.30189732142857145 | data | 5.219944685913332 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.pdata | 0xf000 | 0x714 | 0x800 | 9b24038d224e6c7298cc440dee930df5 | False | 0.4560546875 | data | 4.269365295670671 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.xdata | 0x10000 | 0x7f8 | 0x800 | 1f19f9168970429cb4ec7dfbb1b7b796 | False | 0.32666015625 | data | 4.592232795586179 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.bss | 0x11000 | 0xc60 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x12000 | 0xe80 | 0x1000 | 6c56a56025577ba1e1d886c17ac833db | False | 0.314453125 | zlib compressed data | 4.1105520524632 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.CRT | 0x13000 | 0x68 | 0x200 | 0cdd8602562e773b404ac0502234f75b | False | 0.072265625 | data | 0.3406417195159507 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x14000 | 0x10 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x15000 | 0x3b0 | 0x400 | c141e82b043ee638ba818a72ae55876f | False | 0.4208984375 | data | 3.0863403008417483 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0x16000 | 0x98 | 0x200 | c70f29840f30c2814897bb63d508c384 | False | 0.27734375 | data | 1.7375704363188285 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x15058 | 0x358 | data | English | United States | 0.4614485981308411 |
DLL | Import |
---|---|
ADVAPI32.dll | CryptAcquireContextA, CryptGenRandom, CryptReleaseContext |
KERNEL32.dll | CloseHandle, CopyFileA, CreateMutexA, CreateThread, DeleteCriticalSection, DeleteFileA, EnterCriticalSection, ExitProcess, FreeLibrary, GetCurrentProcessId, GetLastError, GetModuleFileNameA, GetModuleHandleW, GetProcAddress, GetStartupInfoA, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, MoveFileA, MultiByteToWideChar, ReleaseMutex, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, TlsGetValue, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WideCharToMultiByte |
msvcrt.dll | __C_specific_handler, ___lc_codepage_func, ___mb_cur_max_func, __getmainargs, __initenv, __iob_func, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _cexit, _commode, _errno, _exit, _fmode, _initterm, _lock, _onexit, _time64, _unlock, abort, atoi, calloc, exit, fclose, fopen, fprintf, fputc, free, fwrite, localeconv, malloc, memcpy, perror, rand, signal, strcpy, strerror, strlen, strncmp, strrchr, vfprintf, wcslen, _write, _open, _close |
SHELL32.dll | SHGetSpecialFolderPathA |
WS2_32.dll | WSACleanup, WSAGetLastError, WSASocketA, WSAStartup, bind, closesocket, connect, htons, inet_addr, inet_ntoa, ioctlsocket, ntohl, ntohs, recv, select, send, sendto, setsockopt, socket |
Description | Data |
---|---|
CompanyName | Microsoft Corporation |
FileDescription | Host Process for Windows Services |
FileVersion | 1.2.0.0 |
InternalName | cbot |
LegalCopyright | Microsoft Corporation. All rights reserved. |
OriginalFilename | svchost.exe |
ProductName | Microsoft Windows Operating System |
ProductVersion | 1.2.0.0 |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Download Network PCAP: filtered – full
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 20, 2025 03:15:07.006339073 CET | 49712 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:07.006366014 CET | 49711 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:08.009207964 CET | 49711 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:08.009305000 CET | 49712 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:10.009207964 CET | 49712 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:10.024804115 CET | 49711 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:12.509406090 CET | 49718 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:12.509650946 CET | 49719 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:13.509182930 CET | 49718 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:13.509232998 CET | 49719 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:15.524724007 CET | 49718 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:15.524837017 CET | 49719 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:18.033587933 CET | 49720 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:18.033632994 CET | 49721 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:18.041104078 CET | 49722 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:18.041285038 CET | 49723 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:19.040345907 CET | 49720 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:19.041326046 CET | 49723 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:19.041362047 CET | 49721 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:19.041363001 CET | 49722 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:21.040338993 CET | 49720 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:21.040455103 CET | 49723 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:21.040467024 CET | 49722 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:21.040483952 CET | 49721 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:23.556317091 CET | 49733 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:23.556320906 CET | 49732 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:23.571906090 CET | 49734 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:23.572016001 CET | 49735 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:24.555999994 CET | 49732 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:24.557214975 CET | 49733 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:24.587225914 CET | 49734 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:24.587423086 CET | 49735 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:26.571635962 CET | 49732 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:26.571815968 CET | 49733 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:26.587321043 CET | 49734 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:26.587450981 CET | 49735 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:29.071959972 CET | 49736 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:29.071980000 CET | 49737 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:29.087593079 CET | 49739 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:29.087599039 CET | 49738 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:30.087347031 CET | 49737 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:30.087378025 CET | 49738 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:30.087390900 CET | 49736 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:30.087513924 CET | 49739 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:32.087481022 CET | 49737 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:32.087531090 CET | 49736 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:32.089335918 CET | 49739 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:32.089389086 CET | 49738 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:34.587649107 CET | 49740 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:34.588110924 CET | 49741 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:34.619072914 CET | 49742 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:34.619195938 CET | 49743 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:35.587414026 CET | 49740 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:35.603005886 CET | 49741 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:35.634283066 CET | 49742 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:35.634325981 CET | 49743 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:37.602891922 CET | 49740 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:37.602909088 CET | 49741 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:37.634165049 CET | 49742 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:37.634188890 CET | 49743 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:40.118922949 CET | 49744 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:40.119108915 CET | 49745 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:40.150305033 CET | 49747 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:40.150320053 CET | 49746 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:41.134258032 CET | 49744 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:41.134367943 CET | 49745 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:41.165380001 CET | 49747 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:41.166045904 CET | 49746 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:43.134155989 CET | 49744 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:43.134263039 CET | 49745 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:43.165381908 CET | 49747 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:43.165385962 CET | 49746 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:45.650296926 CET | 49748 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:45.650393963 CET | 49749 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:45.665740967 CET | 49750 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:45.665863991 CET | 49751 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:46.650000095 CET | 49749 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:46.650003910 CET | 49748 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:46.665421009 CET | 49750 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:46.665502071 CET | 49751 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:48.649837971 CET | 49749 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:48.649842978 CET | 49748 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:48.665411949 CET | 49750 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:48.669245958 CET | 49751 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:51.181622982 CET | 49752 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:51.181624889 CET | 49753 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:51.196971893 CET | 49754 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:51.197169065 CET | 49755 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:52.181113958 CET | 49753 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:52.181221962 CET | 49752 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:52.212399960 CET | 49754 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:52.212405920 CET | 49755 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:54.196784019 CET | 49753 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:54.196788073 CET | 49752 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:54.212397099 CET | 49755 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:54.212395906 CET | 49754 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:56.712743998 CET | 49756 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:56.712852955 CET | 49757 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:56.728214025 CET | 49758 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:56.728287935 CET | 49759 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:57.712338924 CET | 49757 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:57.712428093 CET | 49756 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:57.743707895 CET | 49759 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:57.743711948 CET | 49758 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:59.712327003 CET | 49756 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:15:59.713279009 CET | 49757 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:59.743583918 CET | 49759 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:15:59.743623972 CET | 49758 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:02.244002104 CET | 49761 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:02.244025946 CET | 49762 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:02.259493113 CET | 49763 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:02.259572029 CET | 49764 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:03.243695974 CET | 49761 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:03.243819952 CET | 49762 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:03.259330034 CET | 49763 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:03.259430885 CET | 49764 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:05.243658066 CET | 49762 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:05.243680000 CET | 49761 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:05.259397030 CET | 49763 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:05.261413097 CET | 49764 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:07.759526014 CET | 49765 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:07.759754896 CET | 49766 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:07.775321960 CET | 49767 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:07.775440931 CET | 49768 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:08.774842024 CET | 49765 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:08.774857998 CET | 49767 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:08.774959087 CET | 49766 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:08.775269032 CET | 49768 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:10.774977922 CET | 49766 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:10.775038958 CET | 49765 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:10.775304079 CET | 49768 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:10.775341034 CET | 49767 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:13.291291952 CET | 49769 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:13.293302059 CET | 49770 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:13.306680918 CET | 49771 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:13.307087898 CET | 49772 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:14.306102037 CET | 49769 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:14.306129932 CET | 49772 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:14.306133986 CET | 49770 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:14.306145906 CET | 49771 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:16.321822882 CET | 49769 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:16.321826935 CET | 49772 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:16.321856976 CET | 49770 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:16.321949005 CET | 49771 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:18.822308064 CET | 49773 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:18.822323084 CET | 49774 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:18.837822914 CET | 49775 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:18.837975979 CET | 49776 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:19.821892023 CET | 49774 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:19.822149992 CET | 49773 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:19.837414980 CET | 49775 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:19.837466955 CET | 49776 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:21.821863890 CET | 49773 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:21.821882963 CET | 49774 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:21.837363005 CET | 49775 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:21.837378025 CET | 49776 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:24.353434086 CET | 49778 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:24.353442907 CET | 49779 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:24.369005919 CET | 49780 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:24.369127989 CET | 49781 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:25.353116989 CET | 49779 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:25.353152037 CET | 49778 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:25.368765116 CET | 49780 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:25.368859053 CET | 49781 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:27.353159904 CET | 49779 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:27.353236914 CET | 49778 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:27.384468079 CET | 49781 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:27.384478092 CET | 49780 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:29.884665012 CET | 49782 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:29.884783983 CET | 49783 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:29.885076046 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:29.885111094 CET | 49785 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:30.496225119 CET | 18063 | 49782 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:30.496376038 CET | 49782 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:30.497060061 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:30.497133017 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:30.497859001 CET | 49782 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:30.497951984 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:30.900027037 CET | 49785 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:30.900033951 CET | 49783 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:31.114994049 CET | 18063 | 49782 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:31.115197897 CET | 49782 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:31.603064060 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:32.228137016 CET | 49782 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:32.661345005 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:32.661845922 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:32.661884069 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:32.661921978 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:32.661953926 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:32.661963940 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:32.662019968 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:32.662587881 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:32.712454081 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:32.844933987 CET | 18063 | 49782 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:32.915644884 CET | 49783 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:32.915646076 CET | 49785 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:34.733700037 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:34.735560894 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:35.415884972 CET | 49786 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:35.416687012 CET | 49787 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:36.415559053 CET | 49786 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:36.431180954 CET | 49787 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:38.431200981 CET | 49786 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:38.431226969 CET | 49787 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:40.947312117 CET | 49788 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:40.947464943 CET | 49789 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:41.962408066 CET | 49788 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:41.962788105 CET | 49789 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:43.962449074 CET | 49788 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:43.962450981 CET | 49789 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:46.463018894 CET | 49790 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:46.463206053 CET | 49791 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:47.478082895 CET | 49790 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:47.480376959 CET | 49791 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:47.857244015 CET | 18063 | 49782 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:47.857348919 CET | 49782 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:49.493756056 CET | 49790 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:49.493779898 CET | 49791 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:50.605289936 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:16:50.605362892 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:16:51.979130030 CET | 49792 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:51.982989073 CET | 49793 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:52.993669987 CET | 49792 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:52.995366096 CET | 49793 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:54.993665934 CET | 49792 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:54.993750095 CET | 49793 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:57.525113106 CET | 49794 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:57.525440931 CET | 49795 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:58.540611029 CET | 49794 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:16:58.540621042 CET | 49795 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:00.540576935 CET | 49794 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:00.540699005 CET | 49795 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:03.057595015 CET | 49796 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:03.057790995 CET | 49797 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:03.501610994 CET | 18063 | 49782 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:17:03.501822948 CET | 49782 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:17:04.056226015 CET | 49797 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:04.056322098 CET | 49796 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:06.056209087 CET | 49796 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:06.056248903 CET | 49797 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:06.254950047 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:17:06.255017042 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:17:08.572304010 CET | 49798 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:08.572511911 CET | 49799 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:09.571917057 CET | 49798 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:09.573499918 CET | 49799 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:11.571959019 CET | 49798 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:11.572066069 CET | 49799 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:14.087958097 CET | 49801 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:14.087975025 CET | 49800 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:15.087486982 CET | 49801 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:15.087568045 CET | 49800 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:17.087740898 CET | 49801 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:17.087745905 CET | 49800 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:18.508191109 CET | 18063 | 49782 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:17:18.508269072 CET | 49782 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:17:19.620471001 CET | 49802 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:19.621346951 CET | 49803 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:20.634430885 CET | 49802 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:20.634481907 CET | 49803 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:21.332353115 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:17:21.332406998 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:17:22.634499073 CET | 49802 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:22.637392998 CET | 49803 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:25.150557041 CET | 49804 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:25.150854111 CET | 49805 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:26.165652037 CET | 49804 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:26.165666103 CET | 49805 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:28.165815115 CET | 49804 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:28.165915966 CET | 49805 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:30.666399956 CET | 49806 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:30.666743040 CET | 49807 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:31.681345940 CET | 49806 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:31.681350946 CET | 49807 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:33.696970940 CET | 49806 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:33.697201967 CET | 49807 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:34.156506062 CET | 18063 | 49782 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:17:34.156614065 CET | 49782 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:17:36.181770086 CET | 49808 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:36.181974888 CET | 49809 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:36.973136902 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:17:36.973444939 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:17:37.199387074 CET | 49808 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:37.199409962 CET | 49809 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:39.212635994 CET | 49808 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:39.213450909 CET | 49809 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:41.712946892 CET | 49810 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:41.713037014 CET | 49811 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:42.712558985 CET | 49810 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:42.712615013 CET | 49811 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:44.712572098 CET | 49810 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:44.713454962 CET | 49811 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:47.229163885 CET | 49812 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:47.232671976 CET | 49813 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:48.228267908 CET | 49812 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:48.243932009 CET | 49813 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:49.804411888 CET | 18063 | 49782 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:17:49.804505110 CET | 49782 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:17:50.228296041 CET | 49812 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:50.259547949 CET | 49813 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:52.589874983 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:17:52.590007067 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:17:52.759829998 CET | 49814 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:52.760004997 CET | 49815 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:53.775096893 CET | 49815 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:53.775182962 CET | 49814 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:55.775170088 CET | 49815 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:55.775244951 CET | 49814 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:58.276102066 CET | 49816 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:58.276465893 CET | 49817 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:59.290730000 CET | 49817 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:17:59.290813923 CET | 49816 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:01.306354046 CET | 49816 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:01.306369066 CET | 49817 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:03.806684017 CET | 49818 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:03.807090044 CET | 49819 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:04.822118998 CET | 49818 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:04.822237968 CET | 49819 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:05.420552015 CET | 18063 | 49782 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:18:05.421595097 CET | 49782 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:18:06.837996960 CET | 49818 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:06.838077068 CET | 49819 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:08.239403963 CET | 18063 | 49784 | 176.65.142.252 | 192.168.2.4 |
Mar 20, 2025 03:18:08.239569902 CET | 49784 | 18063 | 192.168.2.4 | 176.65.142.252 |
Mar 20, 2025 03:18:09.338196039 CET | 49820 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:09.338383913 CET | 49821 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:10.337658882 CET | 49820 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:10.339520931 CET | 49821 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:12.337649107 CET | 49820 | 18063 | 192.168.2.4 | 58.9.110.23 |
Mar 20, 2025 03:18:12.337677956 CET | 49821 | 18063 | 192.168.2.4 | 58.9.110.23 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 22:15:05 |
Start date: | 19/03/2025 |
Path: | C:\Users\user\Desktop\raw_cbot.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bd080000 |
File size: | 61'952 bytes |
MD5 hash: | 9EF7EDFA24458412DD4667023FD8466B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 22:15:06 |
Start date: | 19/03/2025 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ca680000 |
File size: | 55'320 bytes |
MD5 hash: | B7F884C1B74A263F746EE12A5F7C9F6A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 22:15:12 |
Start date: | 19/03/2025 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ca680000 |
File size: | 55'320 bytes |
MD5 hash: | B7F884C1B74A263F746EE12A5F7C9F6A |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 22:15:12 |
Start date: | 19/03/2025 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ca680000 |
File size: | 55'320 bytes |
MD5 hash: | B7F884C1B74A263F746EE12A5F7C9F6A |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 5 |
Start time: | 22:15:12 |
Start date: | 19/03/2025 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ca680000 |
File size: | 55'320 bytes |
MD5 hash: | B7F884C1B74A263F746EE12A5F7C9F6A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 22:15:13 |
Start date: | 19/03/2025 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ca680000 |
File size: | 55'320 bytes |
MD5 hash: | B7F884C1B74A263F746EE12A5F7C9F6A |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 7 |
Start time: | 22:15:16 |
Start date: | 19/03/2025 |
Path: | C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69ed60000 |
File size: | 61'952 bytes |
MD5 hash: | 9EF7EDFA24458412DD4667023FD8466B |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 9 |
Start time: | 22:16:13 |
Start date: | 19/03/2025 |
Path: | C:\Program Files\Windows Defender\MpCmdRun.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6fb6e0000 |
File size: | 468'120 bytes |
MD5 hash: | B3676839B2EE96983F9ED735CD044159 |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 22:16:13 |
Start date: | 19/03/2025 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff62fc20000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |