Windows
Analysis Report
1200000.MSBuild.exe
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
1200000.MSBuild.exe (PID: 7640 cmdline:
"C:\Users\ user\Deskt op\1200000 .MSBuild.e xe" MD5: 7B1991965AF6EE002DD11ABB09D6FE95) chrome.exe (PID: 7836 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized --sin gle-argume nt http:// go.microso ft.com/fwl ink/?prd=1 1324&pver= 4.5&sbp=Ap pLaunch2&p lcid=0x409 &o1=SHIM_N OVERSION_F OUND&versi on=(null)& processNam e=1200000. MSBuild.ex e&platform =0009&osve r=6&isServ er=0&shimv er=4.0.303 19.0 MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 8068 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=1988,i ,640106338 4290370130 ,104839838 8818757476 7,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version --mojo-pl atform-cha nnel-handl e=2020 /pr efetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 8392 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized --sin gle-argume nt http:// go.microso ft.com/fwl ink/?prd=1 1324&pver= 4.5&sbp=Ap pLaunch2&p lcid=0x409 &o1=SHIM_N OVERSION_F OUND&versi on=(null)& processNam e=1200000. MSBuild.ex e&platform =0009&osve r=6&isServ er=0&shimv er=4.0.303 19.0 MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • AV Detection
- • Phishing
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Malware Analysis System Evasion
- • HIPS / PFW / Operating System Protection Evasion
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | IP Address: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Software Packing | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
47% | Virustotal | Browse | ||
47% | ReversingLabs | Win32.Trojan.CrypterX |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
s-part-0010.t-0009.t-msedge.net | 13.107.246.38 | true | false | high | |
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
s-part-0023.t-0009.t-msedge.net | 13.107.246.51 | true | false | high | |
a1883.dscd.akamai.net | 23.62.47.167 | true | false | high | |
c-msn-pme.trafficmanager.net | 20.110.205.119 | true | false | high | |
www.google.com | 142.251.40.196 | true | false | high | |
ax-0001.ax-msedge.net | 150.171.28.10 | true | false | high | |
js.monitor.azure.com | unknown | unknown | false | high | |
mdec.nelreports.net | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.246.51 | s-part-0023.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.251.40.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
23.62.47.167 | a1883.dscd.akamai.net | United States | 6147 | TelefonicadelPeruSAAPE | false |
IP |
---|
192.168.2.6 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1646285 |
Start date and time: | 2025-03-23 20:19:10 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 45s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 1200000.MSBuild.exe |
Detection: | MAL |
Classification: | mal52.evad.winEXE@28/65@6/4 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, WMIADAP.exe, SIHCl ient.exe, SgrmBroker.exe, conh ost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 23.204.23.20, 142. 250.65.238, 142.250.80.3, 142. 251.40.206, 23.51.57.215, 142. 251.16.84, 142.250.64.110, 142 .250.65.206, 23.56.210.89, 142 .251.41.14, 142.250.65.170, 14 2.250.176.202, 142.251.40.202, 142.250.80.10, 142.250.64.106 , 142.250.65.234, 142.251.40.2 34, 142.250.80.42, 142.251.40. 170, 142.250.80.106, 142.250.6 5.202, 142.250.72.106, 142.250 .80.74, 172.217.165.138, 142.2 51.41.10, 142.251.40.138, 20.4 2.73.28, 4.245.163.56, 20.42.7 3.27, 199.232.214.172, 20.242. 39.171, 52.165.164.15, 142.251 .32.110, 199.232.210.172, 142. 250.80.110, 142.250.64.99, 34. 104.35.123, 142.251.40.227, 14 2.250.80.78, 142.250.80.46, 14 2.251.40.142, 13.107.246.38, 2 0.110.205.119, 150.171.28.10, 52.231.230.148 - Excluded domains from analysis
(whitelisted): slscr.update.m icrosoft.com, clientservices.g oogleapis.com, browser.events. data.trafficmanager.net, learn .microsoft.com, fs-wildcard.mi crosoft.com.edgekey.net, fs-wi ldcard.microsoft.com.edgekey.n et.globalredir.akadns.net, e16 604.dscf.akamaiedge.net, e1129 0.dspg.akamaiedge.net, clients 2.google.com, go.microsoft.com , redirector.gvt1.com, learn.m icrosoft.com.edgekey.net, glb. cws.prod.dcat.dsp.trafficmanag er.net, sls.update.microsoft.c om, update.googleapis.com, pro d.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficm anager.net, clients1.google.co m, fs.microsoft.com, accounts. google.com, content-autofill.g oogleapis.com, ctldl.windowsup date.com.delivery.microsoft.co m, learn.microsoft.com.edgekey .net.globalredir.akadns.net, c tldl.windowsupdate.com, onedsc olprdeus12.eastus.cloudapp.azu re.com, fe3cr.delivery.mp.micr osoft.com, browser.events.data .microsoft.com, fe3.delivery.m p.microsoft.com, edgedl.me.gvt 1.com, e13636.dscb.akamaiedge. net, - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - Report size getting too big, t
oo many NtOpenKeyEx calls foun d. - Report size getting too big, t
oo many NtProtectVirtualMemory calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.246.51 | Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
s-part-0023.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
s-part-0010.t-0009.t-msedge.net | Get hash | malicious | DanaBot | Browse |
| |
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
a1883.dscd.akamai.net | Get hash | malicious | DBatLoader, PureLog Stealer | Browse |
| |
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | DBatLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | LummaC Stealer, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer, PureLog Stealer, zgRAT | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | DanaBot | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | PureCrypter, AsyncRAT | Browse |
| ||
Get hash | malicious | SheetRat | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DarkTortilla, LummaC Stealer | Browse |
| ||
Get hash | malicious | Conti | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TelefonicadelPeruSAAPE | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | Conti | Browse |
| ||
Get hash | malicious | Conti | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 52717 |
Entropy (8bit): | 5.462668685745912 |
Encrypted: | false |
SSDEEP: | 1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ |
MD5: | 413FCC759CC19821B61B6941808B29B5 |
SHA1: | 1AD23B8A202043539C20681B1B3E9F3BC5D55133 |
SHA-256: | DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536 |
SHA-512: | E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8 |
Malicious: | false |
Reputation: | high, very likely benign file |
URL: | https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1173007 |
Entropy (8bit): | 5.503893944397598 |
Encrypted: | false |
SSDEEP: | 24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT |
MD5: | 2E00D51C98DBB338E81054F240E1DEB2 |
SHA1: | D33BAC6B041064AE4330DCC2D958EBE4C28EBE58 |
SHA-256: | 300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862 |
SHA-512: | B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
URL: | https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 13339 |
Entropy (8bit): | 7.683569563478597 |
Encrypted: | false |
SSDEEP: | 192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM |
MD5: | 512625CF8F40021445D74253DC7C28C0 |
SHA1: | F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730 |
SHA-256: | 1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369 |
SHA-512: | AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C |
Malicious: | false |
Reputation: | moderate, very likely benign file |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 693 |
Entropy (8bit): | 4.671626891582674 |
Encrypted: | false |
SSDEEP: | 12:Yqj+QI1Hz0IKE/Ku1wu0VKv2gndPZCuWJCN/Ku1wu0VKv2gndPZCum4J6twf1EWR:Y171HzME/p0VofIJCN/p0VofO95WF9 |
MD5: | 78B95785C37EE526805D5F081B4E663B |
SHA1: | 534263286A464829EB907F6317F37E3B6E796525 |
SHA-256: | 7C720F74719AE87499C316DFB1F638C4458303DE3220D2431D511C8D59A7C61C |
SHA-512: | E6C9B7C6C49BDD0242E1FE9D8A79E9E2CC2432F179DFD87BE6E21D0ECABA32E2B28E1EE626CCBBD218C91D7873F381C2B52BFA16D7D5D55050A2F56C91789947 |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/feature-rollout.json |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 17174 |
Entropy (8bit): | 2.9129715116732746 |
Encrypted: | false |
SSDEEP: | 24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO |
MD5: | 12E3DAC858061D088023B2BD48E2FA96 |
SHA1: | E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5 |
SHA-256: | 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21 |
SHA-512: | C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01 |
Malicious: | false |
URL: | https://learn.microsoft.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5644 |
Entropy (8bit): | 4.785769732002188 |
Encrypted: | false |
SSDEEP: | 96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX |
MD5: | B5885C991E30238110973653F2408300 |
SHA1: | 39B0A79D951F8254E21821134E047C76F57AD2A8 |
SHA-256: | 085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E |
SHA-512: | 6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 17174 |
Entropy (8bit): | 2.9129715116732746 |
Encrypted: | false |
SSDEEP: | 24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO |
MD5: | 12E3DAC858061D088023B2BD48E2FA96 |
SHA1: | E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5 |
SHA-256: | 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21 |
SHA-512: | C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 13842 |
Entropy (8bit): | 7.802399161550213 |
Encrypted: | false |
SSDEEP: | 192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk |
MD5: | F6EC97C43480D41695065AD55A97B382 |
SHA1: | D9C3D0895A5ED1A3951B8774B519B8217F0A54C5 |
SHA-256: | 07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68 |
SHA-512: | 22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32962 |
Entropy (8bit): | 4.912241219708713 |
Encrypted: | false |
SSDEEP: | 384:F8vWOb4OLI9h+KCnMet7NPXlJl+HjZjBTRdE0zIwHd04vNNpUjV8din4E9hLUu4S:G+OEO89hkMet7pCjBffHkWOzUu4S |
MD5: | 699E20A7E94E2DD6B72F32CA9FCBDFDF |
SHA1: | 1F67CD41D6FE34FFED4B1661C9D5947286B6E70F |
SHA-256: | 416FE8342AF12468FBFE0BFB323AAB53679010EF42F9E1C713CD7EDBE840AFF5 |
SHA-512: | D1A112DB2DC1FF70E068563684C747228AE3D39198FFC0BE2C47F13D30595A6804D417C33C5A0E7DC978698301B98FA13FD4C3F3FED5B46F6646D624C389A9B9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5644 |
Entropy (8bit): | 4.785769732002188 |
Encrypted: | false |
SSDEEP: | 96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX |
MD5: | B5885C991E30238110973653F2408300 |
SHA1: | 39B0A79D951F8254E21821134E047C76F57AD2A8 |
SHA-256: | 085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E |
SHA-512: | 6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0 |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/content-nav/site-header/site-header.json? |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 35005 |
Entropy (8bit): | 7.980061050467981 |
Encrypted: | false |
SSDEEP: | 768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR |
MD5: | 522037F008E03C9448AE0AAAF09E93CB |
SHA1: | 8A32997EAB79246BEED5A37DB0C92FBFB006BEF2 |
SHA-256: | 983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7 |
SHA-512: | 643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8 |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 78836 |
Entropy (8bit): | 7.9417059849254406 |
Encrypted: | false |
SSDEEP: | 1536:FvqE6IWEfZvV+GODMCBm58xnco/vCyGFcTxQJHXhKbuDZ+3Xe7z2rWOkDX66:FlF7+GODx6S3JGFoQNxdZsX2OkDr |
MD5: | 7CFA9A9098C2B32B9A0AC5AD3526E278 |
SHA1: | 590E47AE33407035E37A2059B548057F2880D07A |
SHA-256: | EEC9BB407C4A5FD508C786546604C01F134D9511FCC0888F9F55458AD97FC2E7 |
SHA-512: | 8A9DD09A078484E3E833800C2815BDF4FB5999F4F459456AE288598E8CB9FC0AD8DE13931443619A6F410FE962B4311112DED198126F416F242DFE5D02FCEC3B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4897 |
Entropy (8bit): | 4.8007377074457604 |
Encrypted: | false |
SSDEEP: | 96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ |
MD5: | 0E78F790402498FA57E649052DA01218 |
SHA1: | 9ED4D0846DA5D66D44EE831920B141BBF60A0200 |
SHA-256: | 73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603 |
SHA-512: | B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051 |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json? |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1888397 |
Entropy (8bit): | 5.497080516732931 |
Encrypted: | false |
SSDEEP: | 49152:L3I/wE38lfgqvI1SB1DkCXWYgA7N/draPweGNq:yRSB1DkCXWQAP3 |
MD5: | 32A27BC5B770E7DE6206CD7210BD8138 |
SHA1: | F902037481CEB3B1F3F14B05475665BBDE5371DF |
SHA-256: | FAE91857EF0961D6E7D56C5EF2C6620FBA49CFF5FA5C68762A03C36BA11F9B11 |
SHA-512: | 36ACFA9D57619811BB7B40AC1EC7752D365BDC8F91BAC8F7A0E8F4C01DBE685A50F9327A22F9EC8474DE6E18196E37EFDD714E3CFA044DA8687364AAB0CB5105 |
Malicious: | false |
URL: | https://learn.microsoft.com/static/assets/0.4.030016490/scripts/en-us/index-docs.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 469717 |
Entropy (8bit): | 5.074093583831628 |
Encrypted: | false |
SSDEEP: | 6144:JeaPrJKCehH5daURtuYh6BFPDxZYX04GK7MA:bKCehXaU3 |
MD5: | D30537004AA3B856EF45FE962F1336E9 |
SHA1: | A40F825B37B3B3D8E96BCEDF617A2E98F7FBEFDB |
SHA-256: | 78A97F3BC28834C275B5F871E79CA0B166A6093C948A22ED31F63578914887E7 |
SHA-512: | 42EADA9F0D3732FB17A2D28E14C3FB758AE88454D84ACD8423781EB8FED0CCFB0B71E9D53A8BA8A7F7237ADB9564D6ADF9FC19209E3A4C31B014F0F9A5F8E413 |
Malicious: | false |
URL: | https://learn.microsoft.com/static/assets/0.4.030016490/styles/site-ltr.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.241202481433726 |
Encrypted: | false |
SSDEEP: | 3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY |
MD5: | 9E576E34B18E986347909C29AE6A82C6 |
SHA1: | 532C767978DC2B55854B3CA2D2DF5B4DB221C934 |
SHA-256: | 88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D |
SHA-512: | 5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1432 |
Entropy (8bit): | 4.986131881931089 |
Encrypted: | false |
SSDEEP: | 24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh |
MD5: | 6B8763B76F400DC480450FD69072F215 |
SHA1: | 6932907906AFCF8EAFA22154D8478106521BC9EE |
SHA-256: | 3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC |
SHA-512: | 8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22 |
Malicious: | false |
URL: | https://learn.microsoft.com/static/assets/0.4.030016490/global/deprecation.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1154 |
Entropy (8bit): | 4.59126408969148 |
Encrypted: | false |
SSDEEP: | 24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS |
MD5: | 37258A983459AE1C2E4F1E551665F388 |
SHA1: | 603A4E9115E613CC827206CF792C62AEB606C941 |
SHA-256: | 8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44 |
SHA-512: | 184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/media/logos/logo_net.svg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 46672 |
Entropy (8bit): | 5.0085113667954655 |
Encrypted: | false |
SSDEEP: | 768:hasb16LIDlO65cx2MTI1ln4a1T0MCFnFMBVeZ7dLw:hTRGClO6qAMTIr4audZqBkZBLw |
MD5: | A7ECEE9B1F8D5A13964644B1AF8A2F0E |
SHA1: | 272E911CFEB5DBB926A0A6E97EB4B4F3BA88E0F2 |
SHA-256: | 28C88FCD95B2C6DE4259BA0580BB330F7EFBA9B8047C94AB3926281697A18744 |
SHA-512: | 242E3F97D02EEA9A71647D8ADD3CC35ED936F92D9001FB0F012B05629A3ED8209507244611517A76D16583CA77CFD7AF7CC1FE6B59D96F448C1393A914D52DEE |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=1200000.MSBuild.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 21100 |
Entropy (8bit): | 7.989361161081878 |
Encrypted: | false |
SSDEEP: | 384:zaCbb8ppAibxZTz+nr2rehhPeehwvtpl+or8D1IAt6C+:eC0pm+ZZ20eGVbvvC+ |
MD5: | E73523663E3EC1B20A51A4490E820B8D |
SHA1: | C6DC176123EAE124256C891B690002E87EAEB387 |
SHA-256: | E34945BF4E939DF9F6EFD9A3882477DCEF1B3EE201EF2D870C0A160174200C9C |
SHA-512: | 7CB51134611CB373C775FE1393B758E65099B7ECCB74BB71BA8FDE3C48EBF39538A6D67051AF0A7C5C4FC330D66F072DEE93CB6783A3AE30EEDB74B8A3B436D4 |
Malicious: | false |
URL: | https://learn.microsoft.com/static/assets/0.4.030016490/styles/docons.6f61416.50504608.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 32962 |
Entropy (8bit): | 4.912241219708713 |
Encrypted: | false |
SSDEEP: | 384:F8vWOb4OLI9h+KCnMet7NPXlJl+HjZjBTRdE0zIwHd04vNNpUjV8din4E9hLUu4S:G+OEO89hkMet7pCjBffHkWOzUu4S |
MD5: | 699E20A7E94E2DD6B72F32CA9FCBDFDF |
SHA1: | 1F67CD41D6FE34FFED4B1661C9D5947286B6E70F |
SHA-256: | 416FE8342AF12468FBFE0BFB323AAB53679010EF42F9E1C713CD7EDBE840AFF5 |
SHA-512: | D1A112DB2DC1FF70E068563684C747228AE3D39198FFC0BE2C47F13D30595A6804D417C33C5A0E7DC978698301B98FA13FD4C3F3FED5B46F6646D624C389A9B9 |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/toc.json |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35005 |
Entropy (8bit): | 7.980061050467981 |
Encrypted: | false |
SSDEEP: | 768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR |
MD5: | 522037F008E03C9448AE0AAAF09E93CB |
SHA1: | 8A32997EAB79246BEED5A37DB0C92FBFB006BEF2 |
SHA-256: | 983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7 |
SHA-512: | 643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13842 |
Entropy (8bit): | 7.802399161550213 |
Encrypted: | false |
SSDEEP: | 192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk |
MD5: | F6EC97C43480D41695065AD55A97B382 |
SHA1: | D9C3D0895A5ED1A3951B8774B519B8217F0A54C5 |
SHA-256: | 07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68 |
SHA-512: | 22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4897 |
Entropy (8bit): | 4.8007377074457604 |
Encrypted: | false |
SSDEEP: | 96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ |
MD5: | 0E78F790402498FA57E649052DA01218 |
SHA1: | 9ED4D0846DA5D66D44EE831920B141BBF60A0200 |
SHA-256: | 73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603 |
SHA-512: | B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3130 |
Entropy (8bit): | 4.790069981348324 |
Encrypted: | false |
SSDEEP: | 48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc |
MD5: | EBA6E81304F2F555E1D2EA3126A18A41 |
SHA1: | 61429C3FE837FD4DD68E7B26678F131F2E00070D |
SHA-256: | F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81 |
SHA-512: | 3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 18367 |
Entropy (8bit): | 7.7772261735974215 |
Encrypted: | false |
SSDEEP: | 384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX |
MD5: | 240C4CC15D9FD65405BB642AB81BE615 |
SHA1: | 5A66783FE5DD932082F40811AE0769526874BFD3 |
SHA-256: | 030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07 |
SHA-512: | 267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13339 |
Entropy (8bit): | 7.683569563478597 |
Encrypted: | false |
SSDEEP: | 192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM |
MD5: | 512625CF8F40021445D74253DC7C28C0 |
SHA1: | F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730 |
SHA-256: | 1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369 |
SHA-512: | AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18367 |
Entropy (8bit): | 7.7772261735974215 |
Encrypted: | false |
SSDEEP: | 384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX |
MD5: | 240C4CC15D9FD65405BB642AB81BE615 |
SHA1: | 5A66783FE5DD932082F40811AE0769526874BFD3 |
SHA-256: | 030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07 |
SHA-512: | 267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0 |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1154 |
Entropy (8bit): | 4.59126408969148 |
Encrypted: | false |
SSDEEP: | 24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS |
MD5: | 37258A983459AE1C2E4F1E551665F388 |
SHA1: | 603A4E9115E613CC827206CF792C62AEB606C941 |
SHA-256: | 8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44 |
SHA-512: | 184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 78836 |
Entropy (8bit): | 7.9417059849254406 |
Encrypted: | false |
SSDEEP: | 1536:FvqE6IWEfZvV+GODMCBm58xnco/vCyGFcTxQJHXhKbuDZ+3Xe7z2rWOkDX66:FlF7+GODx6S3JGFoQNxdZsX2OkDr |
MD5: | 7CFA9A9098C2B32B9A0AC5AD3526E278 |
SHA1: | 590E47AE33407035E37A2059B548057F2880D07A |
SHA-256: | EEC9BB407C4A5FD508C786546604C01F134D9511FCC0888F9F55458AD97FC2E7 |
SHA-512: | 8A9DD09A078484E3E833800C2815BDF4FB5999F4F459456AE288598E8CB9FC0AD8DE13931443619A6F410FE962B4311112DED198126F416F242DFE5D02FCEC3B |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/media/event-banners/banner-build-2025.jpg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3130 |
Entropy (8bit): | 4.790069981348324 |
Encrypted: | false |
SSDEEP: | 48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc |
MD5: | EBA6E81304F2F555E1D2EA3126A18A41 |
SHA1: | 61429C3FE837FD4DD68E7B26678F131F2E00070D |
SHA-256: | F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81 |
SHA-512: | 3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15427 |
Entropy (8bit): | 7.784472070227724 |
Encrypted: | false |
SSDEEP: | 384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI |
MD5: | 3062488F9D119C0D79448BE06ED140D8 |
SHA1: | 8A148951C894FC9E968D3E46589A2E978267650E |
SHA-256: | C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332 |
SHA-512: | 00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.241202481433726 |
Encrypted: | false |
SSDEEP: | 3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY |
MD5: | 9E576E34B18E986347909C29AE6A82C6 |
SHA1: | 532C767978DC2B55854B3CA2D2DF5B4DB221C934 |
SHA-256: | 88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D |
SHA-512: | 5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 16 |
Entropy (8bit): | 3.875 |
Encrypted: | false |
SSDEEP: | 3:HMB:k |
MD5: | 0B04EA412F8FC88B51398B1CBF38110E |
SHA1: | E073BCC5A03E7BBA2A16CF201A3CED1BE7533FBF |
SHA-256: | 7562254FF78FD854F0A8808E75A406F5C6058B57B71514481DAE490FC7B8F4C3 |
SHA-512: | 6D516068C3F3CBFC1500032E600BFF5542EE30C0EAC11A929EE002C707810BBF614A5586C2673EE959AFDF19C08F6EAEFA18193AD6CEDC839BDF249CF95E8079 |
Malicious: | false |
URL: | https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCQS6vDHpz6ckEgUNv-Yl8iHSFS5ifkEhsQ==?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14104 |
Entropy (8bit): | 5.166520902965944 |
Encrypted: | false |
SSDEEP: | 384:cF8hp3e1yIL3dL7MMZipHp9seL3EwAtkfBFYc//7WDTtr9d45enBRfvntBzX6U:62lGNtoQipHp9zL3EFtcB9//7kT/duEL |
MD5: | C264C6ABC9AFB51FE731972EC829326E |
SHA1: | 656FC18696B20E975F2132DBD4B1C6ACBC1A4C64 |
SHA-256: | 54F734BE621940E4EBFF1CD7DD2576E81A85CFE24E845F02BA7AA39851CF712A |
SHA-512: | 45B33BD20A4F9819DEA510CF8494DB6B2DC0A391973B3210219DE5990866B4A9B7073A661AEFE75E91FD9A97FE2E9E41E14E2BFC2014AB072798DF491848E43D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 208624 |
Entropy (8bit): | 5.41890663985163 |
Encrypted: | false |
SSDEEP: | 3072:d4rRUbQsyeECoaGvofG6NlUH7Q8Me3omzoqQgMBVNIYTo:dIRU5kWOoCbjMeYm3wBXLTo |
MD5: | CA8B40AFC2008F9B423B28DF49F91E6A |
SHA1: | 137FA3516BA200E58A291F3572285B246BFAC6B3 |
SHA-256: | 508151D38E383BED24DAD7B4A6CCA568474AFA64ACAFA795AC00A9E9B979533E |
SHA-512: | 98C4E71E6C726F969548E5F8BA5A546FCFB5500A85CAC4E2263A7754572CAA0925700942B92727EE9EE670CEDA37622425354DE128657A8D8377CC510ED6ADC1 |
Malicious: | false |
URL: | https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 14104 |
Entropy (8bit): | 5.166520902965944 |
Encrypted: | false |
SSDEEP: | 384:cF8hp3e1yIL3dL7MMZipHp9seL3EwAtkfBFYc//7WDTtr9d45enBRfvntBzX6U:62lGNtoQipHp9zL3EFtcB9//7kT/duEL |
MD5: | C264C6ABC9AFB51FE731972EC829326E |
SHA1: | 656FC18696B20E975F2132DBD4B1C6ACBC1A4C64 |
SHA-256: | 54F734BE621940E4EBFF1CD7DD2576E81A85CFE24E845F02BA7AA39851CF712A |
SHA-512: | 45B33BD20A4F9819DEA510CF8494DB6B2DC0A391973B3210219DE5990866B4A9B7073A661AEFE75E91FD9A97FE2E9E41E14E2BFC2014AB072798DF491848E43D |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/banners/index.json |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 693 |
Entropy (8bit): | 4.671626891582674 |
Encrypted: | false |
SSDEEP: | 12:Yqj+QI1Hz0IKE/Ku1wu0VKv2gndPZCuWJCN/Ku1wu0VKv2gndPZCum4J6twf1EWR:Y171HzME/p0VofIJCN/p0VofO95WF9 |
MD5: | 78B95785C37EE526805D5F081B4E663B |
SHA1: | 534263286A464829EB907F6317F37E3B6E796525 |
SHA-256: | 7C720F74719AE87499C316DFB1F638C4458303DE3220D2431D511C8D59A7C61C |
SHA-512: | E6C9B7C6C49BDD0242E1FE9D8A79E9E2CC2432F179DFD87BE6E21D0ECABA32E2B28E1EE626CCBBD218C91D7873F381C2B52BFA16D7D5D55050A2F56C91789947 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29175 |
Entropy (8bit): | 5.234843863407811 |
Encrypted: | false |
SSDEEP: | 192:WZN0O1ZDjBml+f3FUZ+C69ferzQQJ2V+VNZBYfDKCW5OsFxNcWIXaVf7GSrLp652:QjT3GPwerNdIrElIejrtVhn4e |
MD5: | E35D41D29BCACC8474C96FEC87AB3760 |
SHA1: | 04C4CD7C7B0EFBE9A3831B1ED2DB8FE0DC468818 |
SHA-256: | 2F0454DB4DD937F7FE4F0B0D1969F4057C631EC5E102CB3209F79B08DFAD40A1 |
SHA-512: | 12E19DBA0A58F9E7A50F5BC55EBEBF58FA9BDDF8EA2F25E1C14AD15BC1EF65F4B087846AD8172D714DBC76995C9188ABFAD08BFAA650BE08A5E8CA0DE51ED619 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 15427 |
Entropy (8bit): | 7.784472070227724 |
Encrypted: | false |
SSDEEP: | 384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI |
MD5: | 3062488F9D119C0D79448BE06ED140D8 |
SHA1: | 8A148951C894FC9E968D3E46589A2E978267650E |
SHA-256: | C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332 |
SHA-512: | 00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 29175 |
Entropy (8bit): | 5.234843863407811 |
Encrypted: | false |
SSDEEP: | 192:WZN0O1ZDjBml+f3FUZ+C69ferzQQJ2V+VNZBYfDKCW5OsFxNcWIXaVf7GSrLp652:QjT3GPwerNdIrElIejrtVhn4e |
MD5: | E35D41D29BCACC8474C96FEC87AB3760 |
SHA1: | 04C4CD7C7B0EFBE9A3831B1ED2DB8FE0DC468818 |
SHA-256: | 2F0454DB4DD937F7FE4F0B0D1969F4057C631EC5E102CB3209F79B08DFAD40A1 |
SHA-512: | 12E19DBA0A58F9E7A50F5BC55EBEBF58FA9BDDF8EA2F25E1C14AD15BC1EF65F4B087846AD8172D714DBC76995C9188ABFAD08BFAA650BE08A5E8CA0DE51ED619 |
Malicious: | false |
URL: | https://learn.microsoft.com/api/taxonomies?name=devlang&locale=en-us |
Preview: |
File type: | |
Entropy (8bit): | 6.4819400944775 |
TrID: |
|
File name: | 1200000.MSBuild.exe |
File size: | 907'264 bytes |
MD5: | 7b1991965af6ee002dd11abb09d6fe95 |
SHA1: | ae09e6e6985afdccb74af816dde78e558d25fe99 |
SHA256: | 4694f63a2a77d9090c2253efa28f0b54eedf951e002695119dfc44b328b0122f |
SHA512: | 16780e60d6b365fc24193e0c46a39455e57ab10b8d15fd77040e6d043ffc3d3820410fe9fbe24d7a492e3beb9615e4ba6fd54f1b5ae70e54e32d7522c4f5a38c |
SSDEEP: | 24576:tjceW2UyRtJd9Cu8s3pmOSPKdnqhCTP0pSsuZcU:tjceGyj9Cf44GqwTP0pSsQc |
TLSH: | 6D15DF3857E9A508E6BF3B3984B5010657F2B983D977E36D0A9416FD4F227C08D12BA3 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......X.........."...P.................. ........@.. .......................@............`................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x4deefe |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x58A68A1F [Fri Feb 17 05:29:03 2017 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [FF602000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xdeeac | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe0000 | 0x3d0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe2000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xdcf04 | 0xdd000 | fc9f1046d1cfdbe5849ccc74fb781335 | False | 0.6266382830175339 | data | 6.4885494938502175 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xe0000 | 0x3d0 | 0x400 | d4485703481cd1966abb7b8792dd656b | False | 0.41796875 | data | 3.3654038809655806 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe2000 | 0xc | 0x200 | 22fbdc358557d9c77405bfbc5c32c77b | False | 0.041015625 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xe0058 | 0x378 | data | 0.44707207207207206 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
Comments | 8J;@?F:EHE9IADB<E |
CompanyName | =:A@DA<<E=C@G5;=74D7 |
FileDescription | EJI5>@DJB;5AFA:HD |
FileVersion | 6.9.12.15 |
InternalName | sber.exe |
LegalCopyright | Copyright 2006 =:A@DA<<E=C@G5;=74D7 |
OriginalFilename | sber.exe |
ProductName | EJI5>@DJB;5AFA:HD |
ProductVersion | 6.9.12.15 |
Assembly Version | 1.0.0.0 |
Download Network PCAP: filtered – full
- Total Packets: 90
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 23, 2025 20:20:02.171175003 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 23, 2025 20:20:02.482835054 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 23, 2025 20:20:03.092314959 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 23, 2025 20:20:04.295335054 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 23, 2025 20:20:06.701761961 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 23, 2025 20:20:10.765177011 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 23, 2025 20:20:11.076577902 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 23, 2025 20:20:11.514096975 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 23, 2025 20:20:11.682380915 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 23, 2025 20:20:12.885286093 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 23, 2025 20:20:15.133625984 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.133666992 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.133778095 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.134367943 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.134386063 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.296928883 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 23, 2025 20:20:15.427112103 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.427165985 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.428837061 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.428844929 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.429090977 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.429872990 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.472373962 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.712977886 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.713007927 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.713028908 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.713059902 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.713069916 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.713099957 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.713119030 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.741554022 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.741580009 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.741619110 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.741631031 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.741651058 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.741676092 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.809387922 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.809413910 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.809442043 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.809449911 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.809475899 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.809494019 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.828475952 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.828497887 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.828537941 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.828546047 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.828577042 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.828597069 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.849389076 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.849410057 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.849447012 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.849468946 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.849487066 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.849524975 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.906800032 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.906824112 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.906878948 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.906887054 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.906904936 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.907135963 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.933971882 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.933994055 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.934027910 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.934034109 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.934082031 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.956842899 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.956939936 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:15.956965923 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:15.957025051 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:16.000502110 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.000570059 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.000585079 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:16.000611067 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.000628948 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:16.000641108 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:16.025193930 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.025222063 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.025279045 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:16.025294065 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.025335073 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:16.047663927 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.047699928 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.047729015 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:16.047734022 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.047771931 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:16.085582018 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.085612059 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.085639000 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:16.085644960 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.085685015 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:16.110178947 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.110230923 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.110289097 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:16.110780001 CET | 49720 | 443 | 192.168.2.6 | 13.107.246.51 |
Mar 23, 2025 20:20:16.110794067 CET | 443 | 49720 | 13.107.246.51 | 192.168.2.6 |
Mar 23, 2025 20:20:16.335535049 CET | 49733 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:20:16.335624933 CET | 443 | 49733 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:20:16.335720062 CET | 49733 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:20:16.335886955 CET | 49733 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:20:16.335917950 CET | 443 | 49733 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:20:16.536104918 CET | 443 | 49733 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:20:16.536178112 CET | 49733 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:20:16.537168980 CET | 49733 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:20:16.537178993 CET | 443 | 49733 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:20:16.537492990 CET | 443 | 49733 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:20:16.611119032 CET | 49733 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:20:20.100481033 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 23, 2025 20:20:21.211051941 CET | 49672 | 443 | 192.168.2.6 | 204.79.197.203 |
Mar 23, 2025 20:20:26.536606073 CET | 443 | 49733 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:20:26.536735058 CET | 443 | 49733 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:20:26.536792040 CET | 49733 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:20:26.590893984 CET | 49733 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:20:26.590924025 CET | 443 | 49733 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:20:29.583339930 CET | 80 | 49689 | 23.203.176.221 | 192.168.2.6 |
Mar 23, 2025 20:20:29.583429098 CET | 49689 | 80 | 192.168.2.6 | 23.203.176.221 |
Mar 23, 2025 20:20:29.706758022 CET | 49678 | 443 | 192.168.2.6 | 20.42.65.91 |
Mar 23, 2025 20:20:30.732372999 CET | 80 | 49684 | 23.203.176.221 | 192.168.2.6 |
Mar 23, 2025 20:20:30.732505083 CET | 49684 | 80 | 192.168.2.6 | 23.203.176.221 |
Mar 23, 2025 20:20:30.732613087 CET | 49684 | 80 | 192.168.2.6 | 23.203.176.221 |
Mar 23, 2025 20:20:30.827632904 CET | 80 | 49684 | 23.203.176.221 | 192.168.2.6 |
Mar 23, 2025 20:20:53.002748013 CET | 49686 | 443 | 192.168.2.6 | 23.33.40.135 |
Mar 23, 2025 20:20:53.002901077 CET | 49689 | 80 | 192.168.2.6 | 23.203.176.221 |
Mar 23, 2025 20:21:16.250777006 CET | 49811 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:21:16.250840902 CET | 443 | 49811 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:21:16.250916004 CET | 49811 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:21:16.251075983 CET | 49811 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:21:16.251086950 CET | 443 | 49811 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:21:16.448586941 CET | 443 | 49811 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:21:16.449019909 CET | 49811 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:21:16.449042082 CET | 443 | 49811 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:21:18.390597105 CET | 49813 | 443 | 192.168.2.6 | 23.62.47.167 |
Mar 23, 2025 20:21:18.390636921 CET | 443 | 49813 | 23.62.47.167 | 192.168.2.6 |
Mar 23, 2025 20:21:18.390701056 CET | 49813 | 443 | 192.168.2.6 | 23.62.47.167 |
Mar 23, 2025 20:21:18.390881062 CET | 49813 | 443 | 192.168.2.6 | 23.62.47.167 |
Mar 23, 2025 20:21:18.390892982 CET | 443 | 49813 | 23.62.47.167 | 192.168.2.6 |
Mar 23, 2025 20:21:18.596980095 CET | 443 | 49813 | 23.62.47.167 | 192.168.2.6 |
Mar 23, 2025 20:21:18.597064972 CET | 49813 | 443 | 192.168.2.6 | 23.62.47.167 |
Mar 23, 2025 20:21:18.598242998 CET | 49813 | 443 | 192.168.2.6 | 23.62.47.167 |
Mar 23, 2025 20:21:18.598258972 CET | 443 | 49813 | 23.62.47.167 | 192.168.2.6 |
Mar 23, 2025 20:21:18.598695040 CET | 443 | 49813 | 23.62.47.167 | 192.168.2.6 |
Mar 23, 2025 20:21:18.598932981 CET | 49813 | 443 | 192.168.2.6 | 23.62.47.167 |
Mar 23, 2025 20:21:18.640324116 CET | 443 | 49813 | 23.62.47.167 | 192.168.2.6 |
Mar 23, 2025 20:21:18.951879978 CET | 443 | 49813 | 23.62.47.167 | 192.168.2.6 |
Mar 23, 2025 20:21:18.952055931 CET | 443 | 49813 | 23.62.47.167 | 192.168.2.6 |
Mar 23, 2025 20:21:18.952131033 CET | 49813 | 443 | 192.168.2.6 | 23.62.47.167 |
Mar 23, 2025 20:21:18.952608109 CET | 49813 | 443 | 192.168.2.6 | 23.62.47.167 |
Mar 23, 2025 20:21:18.952627897 CET | 443 | 49813 | 23.62.47.167 | 192.168.2.6 |
Mar 23, 2025 20:21:23.013421059 CET | 443 | 49681 | 2.23.227.215 | 192.168.2.6 |
Mar 23, 2025 20:21:23.013494015 CET | 443 | 49681 | 2.23.227.215 | 192.168.2.6 |
Mar 23, 2025 20:21:23.013601065 CET | 49681 | 443 | 192.168.2.6 | 2.23.227.215 |
Mar 23, 2025 20:21:23.013645887 CET | 49681 | 443 | 192.168.2.6 | 2.23.227.215 |
Mar 23, 2025 20:21:26.441610098 CET | 443 | 49811 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:21:26.441687107 CET | 443 | 49811 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:21:26.441796064 CET | 49811 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:21:26.579092979 CET | 49811 | 443 | 192.168.2.6 | 142.251.40.196 |
Mar 23, 2025 20:21:26.579127073 CET | 443 | 49811 | 142.251.40.196 | 192.168.2.6 |
Mar 23, 2025 20:21:40.907202959 CET | 49682 | 443 | 192.168.2.6 | 40.126.24.149 |
Mar 23, 2025 20:21:41.007365942 CET | 443 | 49682 | 40.126.24.149 | 192.168.2.6 |
Mar 23, 2025 20:21:41.007452011 CET | 49682 | 443 | 192.168.2.6 | 40.126.24.149 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 23, 2025 20:20:11.764575958 CET | 53 | 64704 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:20:11.774398088 CET | 53 | 55192 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:20:12.437186003 CET | 53 | 65280 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:20:12.898886919 CET | 53 | 58494 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:20:15.012975931 CET | 55342 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 23, 2025 20:20:15.013154030 CET | 64533 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 23, 2025 20:20:15.113647938 CET | 53 | 64533 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:20:15.132950068 CET | 53 | 55342 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:20:16.187144995 CET | 56708 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 23, 2025 20:20:16.187572002 CET | 62027 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 23, 2025 20:20:16.299897909 CET | 53 | 62027 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:20:16.301100016 CET | 53 | 56708 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:20:18.714521885 CET | 53 | 60128 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:20:29.963044882 CET | 53 | 57134 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:20:48.975027084 CET | 53 | 65444 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:21:08.835109949 CET | 138 | 138 | 192.168.2.6 | 192.168.2.255 |
Mar 23, 2025 20:21:11.382539034 CET | 53 | 49421 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:21:11.510437965 CET | 53 | 52584 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:21:14.604851007 CET | 53 | 55506 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:21:18.250432968 CET | 54626 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 23, 2025 20:21:18.250637054 CET | 51208 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 23, 2025 20:21:18.353423119 CET | 53 | 54626 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:21:18.390280962 CET | 53 | 51208 | 1.1.1.1 | 192.168.2.6 |
Mar 23, 2025 20:21:41.275023937 CET | 53 | 65484 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Mar 23, 2025 20:21:18.390381098 CET | 192.168.2.6 | 1.1.1.1 | c277 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 23, 2025 20:20:15.012975931 CET | 192.168.2.6 | 1.1.1.1 | 0x80ab | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 23, 2025 20:20:15.013154030 CET | 192.168.2.6 | 1.1.1.1 | 0xd28e | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 23, 2025 20:20:16.187144995 CET | 192.168.2.6 | 1.1.1.1 | 0x5844 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 23, 2025 20:20:16.187572002 CET | 192.168.2.6 | 1.1.1.1 | 0x6105 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 23, 2025 20:21:18.250432968 CET | 192.168.2.6 | 1.1.1.1 | 0xdcb4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 23, 2025 20:21:18.250637054 CET | 192.168.2.6 | 1.1.1.1 | 0xcc91 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 23, 2025 20:20:14.678126097 CET | 1.1.1.1 | 192.168.2.6 | 0x6ee7 | No error (0) | azurefd-t-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:14.678126097 CET | 1.1.1.1 | 192.168.2.6 | 0x6ee7 | No error (0) | shed.dual-low.s-part-0010.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:14.678126097 CET | 1.1.1.1 | 192.168.2.6 | 0x6ee7 | No error (0) | s-part-0010.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:14.678126097 CET | 1.1.1.1 | 192.168.2.6 | 0x6ee7 | No error (0) | 13.107.246.38 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:14.713736057 CET | 1.1.1.1 | 192.168.2.6 | 0x7fea | No error (0) | azurefd-t-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:14.713736057 CET | 1.1.1.1 | 192.168.2.6 | 0x7fea | No error (0) | shed.dual-low.s-part-0010.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:15.113647938 CET | 1.1.1.1 | 192.168.2.6 | 0xd28e | No error (0) | aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:15.113647938 CET | 1.1.1.1 | 192.168.2.6 | 0xd28e | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:15.113647938 CET | 1.1.1.1 | 192.168.2.6 | 0xd28e | No error (0) | shed.dual-low.s-part-0012.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:15.132950068 CET | 1.1.1.1 | 192.168.2.6 | 0x80ab | No error (0) | aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:15.132950068 CET | 1.1.1.1 | 192.168.2.6 | 0x80ab | No error (0) | star-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:15.132950068 CET | 1.1.1.1 | 192.168.2.6 | 0x80ab | No error (0) | shed.dual-low.s-part-0023.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:15.132950068 CET | 1.1.1.1 | 192.168.2.6 | 0x80ab | No error (0) | s-part-0023.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:15.132950068 CET | 1.1.1.1 | 192.168.2.6 | 0x80ab | No error (0) | 13.107.246.51 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:16.299897909 CET | 1.1.1.1 | 192.168.2.6 | 0x6105 | No error (0) | 65 | IN (0x0001) | false | |||
Mar 23, 2025 20:20:16.301100016 CET | 1.1.1.1 | 192.168.2.6 | 0x5844 | No error (0) | 142.251.40.196 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:19.708275080 CET | 1.1.1.1 | 192.168.2.6 | 0x470d | No error (0) | c-msn-pme.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:19.708275080 CET | 1.1.1.1 | 192.168.2.6 | 0x470d | No error (0) | 20.110.205.119 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:19.751480103 CET | 1.1.1.1 | 192.168.2.6 | 0x945e | No error (0) | c-msn-pme.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:20.600790977 CET | 1.1.1.1 | 192.168.2.6 | 0x220e | No error (0) | ax-0001.ax-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:20.600790977 CET | 1.1.1.1 | 192.168.2.6 | 0x220e | No error (0) | 150.171.28.10 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:20.600790977 CET | 1.1.1.1 | 192.168.2.6 | 0x220e | No error (0) | 150.171.27.10 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:22.024676085 CET | 1.1.1.1 | 192.168.2.6 | 0xe18a | No error (0) | c-msn-pme.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:22.035588980 CET | 1.1.1.1 | 192.168.2.6 | 0x92af | No error (0) | c-msn-pme.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:22.035588980 CET | 1.1.1.1 | 192.168.2.6 | 0x92af | No error (0) | 52.231.230.148 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:22.356647968 CET | 1.1.1.1 | 192.168.2.6 | 0xc495 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:22.356647968 CET | 1.1.1.1 | 192.168.2.6 | 0xc495 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:36.268217087 CET | 1.1.1.1 | 192.168.2.6 | 0x1e66 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:36.268217087 CET | 1.1.1.1 | 192.168.2.6 | 0x1e66 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:53.521320105 CET | 1.1.1.1 | 192.168.2.6 | 0x96ed | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:20:53.521320105 CET | 1.1.1.1 | 192.168.2.6 | 0x96ed | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:21:18.353423119 CET | 1.1.1.1 | 192.168.2.6 | 0xdcb4 | No error (0) | mdec.nelreports.net.akamaized.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:21:18.353423119 CET | 1.1.1.1 | 192.168.2.6 | 0xdcb4 | No error (0) | a1883.dscd.akamai.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:21:18.353423119 CET | 1.1.1.1 | 192.168.2.6 | 0xdcb4 | No error (0) | 23.62.47.167 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:21:18.353423119 CET | 1.1.1.1 | 192.168.2.6 | 0xdcb4 | No error (0) | 23.62.47.149 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:21:18.390280962 CET | 1.1.1.1 | 192.168.2.6 | 0xcc91 | No error (0) | mdec.nelreports.net.akamaized.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:21:18.390280962 CET | 1.1.1.1 | 192.168.2.6 | 0xcc91 | No error (0) | a1883.dscd.akamai.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 23, 2025 20:21:22.623503923 CET | 1.1.1.1 | 192.168.2.6 | 0x8d7f | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:21:22.623503923 CET | 1.1.1.1 | 192.168.2.6 | 0x8d7f | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:21:56.373346090 CET | 1.1.1.1 | 192.168.2.6 | 0x9f3b | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Mar 23, 2025 20:21:56.373346090 CET | 1.1.1.1 | 192.168.2.6 | 0x9f3b | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49720 | 13.107.246.51 | 443 | 8068 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-23 19:20:15 UTC | 590 | OUT | |
2025-03-23 19:20:15 UTC | 896 | IN | |
2025-03-23 19:20:15 UTC | 15488 | IN | |
2025-03-23 19:20:15 UTC | 16384 | IN | |
2025-03-23 19:20:15 UTC | 16384 | IN | |
2025-03-23 19:20:15 UTC | 16384 | IN | |
2025-03-23 19:20:15 UTC | 16384 | IN | |
2025-03-23 19:20:15 UTC | 16384 | IN | |
2025-03-23 19:20:15 UTC | 16384 | IN | |
2025-03-23 19:20:15 UTC | 16384 | IN | |
2025-03-23 19:20:15 UTC | 16384 | IN | |
2025-03-23 19:20:16 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49813 | 23.62.47.167 | 443 | 8068 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-03-23 19:21:18 UTC | 413 | OUT | |
2025-03-23 19:21:18 UTC | 440 | IN | |
2025-03-23 19:21:18 UTC | 278 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 15:20:04 |
Start date: | 23/03/2025 |
Path: | C:\Users\user\Desktop\1200000.MSBuild.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa70000 |
File size: | 907'264 bytes |
MD5 hash: | 7B1991965AF6EE002DD11ABB09D6FE95 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:20:09 |
Start date: | 23/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63b000000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 5 |
Start time: | 15:20:10 |
Start date: | 23/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63b000000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 9 |
Start time: | 15:20:12 |
Start date: | 23/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63b000000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |