Windows
Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.30136.14956.exe
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Win64.MalwareX-gen.30136.14956.exe (PID: 6724 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Win64.Malw areX-gen.3 0136.14956 .exe" MD5: 6261EE4279A2F896625CA965AD014FB7) - conhost.exe (PID: 6792 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 5500 cmdline:
C:\Windows \system32\ cmd.exe /c net start w32time MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - cmd.exe (PID: 5344 cmdline:
C:\Windows \system32\ cmd.exe /c w32tm /re sync /nowa it MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - w32tm.exe (PID: 6092 cmdline:
w32tm /res ync /nowai t MD5: 81A82132737224D324A3E8DA993E2FB5) - cmd.exe (PID: 1816 cmdline:
C:\Windows \system32\ cmd.exe /c taskkill /IM Rainbo wSix.exe / f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - taskkill.exe (PID: 5312 cmdline:
taskkill / IM Rainbow Six.exe /f MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 4092 cmdline:
C:\Windows \system32\ cmd.exe /c ipconfig /flushdns MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - ipconfig.exe (PID: 3468 cmdline:
ipconfig / flushdns MD5: 62F170FB07FDBB79CEB7147101406EB8)
- cleanup
System Summary |
---|
Source: | Author: Jonathan Cheong, oscd.community: |
Source: | Author: Jonathan Cheong, oscd.community: |
Source: | Author: E.M. Anhaus (originally from Atomic Blue Detections, Endgame), oscd.community: |
Source: | Author: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): |
Source: | Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | Process created: |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Last function: |
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 12 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 1 Remote System Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
63% | ReversingLabs | Win64.Trojan.SpyLoader | ||
71% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ac86eaa6fe0c4cb58393b3297e524ca9.pacloudflare.com | 172.65.154.135 | true | false | unknown | |
api.klar.ac | unknown | unknown | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.65.154.135 | ac86eaa6fe0c4cb58393b3297e524ca9.pacloudflare.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1502252 |
Start date and time: | 2024-08-31 20:22:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Win64.MalwareX-gen.30136.14956.exe |
Detection: | MAL |
Classification: | mal76.evad.winEXE@20/1@1/1 |
EGA Information: | Failed |
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target SecuriteInfo.com.Win64.MalwareX-gen.30136.14956.exe, PID 6724 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.30136.14956.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1482070 |
Entropy (8bit): | 5.950769889559477 |
Encrypted: | false |
SSDEEP: | 12288:7iHPj/jx/b1Zgj9yLJ4/eFhmU45tcm5Ftj:Ipb1Zfd4gk5tr5Fh |
MD5: | 8BEB4B0676D3C064750BE6EDAD0764BA |
SHA1: | 020D2082F15556B277D2DF90098F619570E5E053 |
SHA-256: | C63799634E85F95F9B6160F64557AE171F79F67305CBFBAF8B6F4218CF1201EC |
SHA-512: | DC28C8F1AE8C9A4FC2FA9E61E533A7367D0E4485ED1C0BBE9C9D64B7A14502F3D2E727906D2EFD6F30C067F273217C45C63256DED91BE9A56180DC3BC874733F |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.873454706600173 |
TrID: |
|
File name: | SecuriteInfo.com.Win64.MalwareX-gen.30136.14956.exe |
File size: | 5'141'504 bytes |
MD5: | 6261ee4279a2f896625ca965ad014fb7 |
SHA1: | 0bbd43aed75d13993e364cd7e26393d2b4fefb50 |
SHA256: | 5b36923b5ab87c82b33614790f2ab2add6b8675ebd27ba278f1eaf2499848cdd |
SHA512: | 40d39aa83b603ec5b9b2260d9976663decdf49799e6387b7f4a557e6e5662e5246b75ec97507af4c117cd6aafbd9ebb332f705961e50fd68830df19dd9bbd3f8 |
SSDEEP: | 98304:LpYNjKbwFkPieT0hzXDIIOsA6hwINfiNBrOlxhFzF+FVhylLDX3P2YO:LpZbwFkPieWDPHhJNfuMlxP4FVhyxL3 |
TLSH: | 903612BE5284335CC01EC4749436BC45F1FA152E4AE9D6AEB6DBB7C037AE424E502B4B |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...s[{f.........."....'.....&!.....|.g........@..........................................`................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x14067d97c |
Entrypoint Section: | .vmp1 |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x667B5B73 [Wed Jun 26 00:06:11 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | f8ad335fffe558ce43b830b90a0acee2 |
Instruction |
---|
push 513EDA4Fh |
call 00007FE7A8EAEB01h |
ficom dword ptr [ebx+ecx+0Bh] |
arpl word ptr [eax-7202C523h], di |
test byte ptr [esi], 00000076h |
cld |
xchg eax, ebp |
test dword ptr [eax+05h], esi |
add esi, dword ptr [ebp+03C3D5ADh] |
fxch4 st(5) |
jnle 00007FE7A8C30E6Eh |
cld |
popad |
sub bh, byte ptr [ebx+57h] |
add al, 4Fh |
jnle 00007FE7A8C30E74h |
pop ds |
cld |
stc |
fiadd dword ptr [esi-76h] |
cld |
int1 |
mov ecx, 37FC1FB5h |
out dx, eax |
aas |
sbb edi, esp |
xchg eax, esp |
sub al, 35h |
scasb |
sti |
push esi |
xchg byte ptr [edi+eax*8], bh |
add al, byte ptr [eax] |
adc bh, ah |
mov eax, dword ptr [ebx] |
and edx, dword ptr [ecx-4C9F0308h] |
xor al, 3Eh |
cld |
rcr byte ptr [ebx-62h], 1 |
mov eax, dword ptr [9A24C403h] |
stosb |
sti |
sal dword ptr [ecx], FFFFFF83h |
loop 00007FE7A8C30E15h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x672ce0 | 0x244 | .vmp1 |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x9eb000 | 0x1e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x9dffc0 | 0x9b34 | .vmp1 |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x9ea000 | 0xc0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x515028 | 0x58 | .vmp1 |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x9dfe80 | 0x140 | .vmp1 |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x6c5000 | 0xcb0 | .vmp1 |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xec56f | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0xee000 | 0x1fc076 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2eb000 | 0xc480 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x2f8000 | 0x96c0 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.vmp0 | 0x302000 | 0x2008ca | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.vmp1 | 0x503000 | 0x4e6af4 | 0x4e6c00 | 43efe1d7e0ec3d510bd9e5365d382232 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.reloc | 0x9ea000 | 0xc0 | 0x200 | 5af05468740c02f7086efd47fd5c1d4e | False | 0.330078125 | GLS_BINARY_LSB_FIRST | 1.9573758939436507 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x9eb000 | 0x1e0 | 0x200 | 64973e4011b315df1bd3e01f63e5a7be | False | 0.541015625 | data | 4.772037401703051 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_MANIFEST | 0x9eb058 | 0x188 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5892857142857143 |
DLL | Import |
---|---|
ntdll.dll | RtlLookupFunctionEntry, RtlCaptureContext, RtlVirtualUnwind, NtGetContextThread, NtResumeThread, NtTerminateProcess, NtUnmapViewOfSection, NtWriteVirtualMemory, NtSetContextThread, NtClose, NtReadVirtualMemory, VerSetConditionMask |
KERNEL32.dll | GetUserDefaultUILanguage, GetTempPathW, K32GetProcessImageFileNameW, OpenProcess, ProcessIdToSessionId, GetLastError, CreateFileA, GetCurrentThread, LoadLibraryW, K32EnumProcesses, VirtualAllocEx, WTSGetActiveConsoleSessionId, CreateProcessW, AcquireSRWLockExclusive, AreFileApisANSI, SetFileTime, SetFileInformationByHandle, SetFileAttributesW, GetFullPathNameW, GetFinalPathNameByHandleW, GetFileInformationByHandle, GetFileAttributesExW, GetFileAttributesW, GetDiskFreeSpaceExW, FindNextFileW, FindFirstFileExW, FindFirstFileW, FindClose, CreateFileW, CreateDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, GetLocaleInfoEx, FormatMessageA, LocalFree, WakeAllConditionVariable, SleepConditionVariableSRW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeSListHead, VirtualAlloc, GetCurrentProcess, GetModuleFileNameW, VirtualFree, GetConsoleWindow, Sleep, QueryPerformanceCounter, FreeLibrary, GetProcAddress, QueryPerformanceFrequency, LoadLibraryA, GlobalUnlock, WideCharToMultiByte, GlobalLock, GlobalFree, GlobalAlloc, MultiByteToWideChar, CreateProcessA, CloseHandle, GetModuleHandleA, GetCurrentThreadId, GetModuleFileNameA, DeviceIoControl, GetModuleHandleW, CreateDirectoryExW, CopyFileW, MoveFileExW, CreateHardLinkW, GetFileInformationByHandleEx, CreateSymbolicLinkW, ReleaseSRWLockExclusive |
USER32.dll | TranslateMessage, MessageBoxA, GetDesktopWindow, RegisterClassExW, MessageBoxW, DefWindowProcW, GetWindowRect, CreateWindowExW, UpdateWindow, SetLayeredWindowAttributes, ShowWindow, GetDC, PeekMessageW, GetClipboardData, MonitorFromWindow, ScreenToClient, GetActiveWindow, GetCapture, ClientToScreen, IsChild, TrackMouseEvent, LoadCursorW, SetCapture, DispatchMessageW, SetCursor, GetClientRect, SetProcessDPIAware, ReleaseCapture, SetCursorPos, ReleaseDC, GetCursorPos, OpenClipboard, CloseClipboard, EmptyClipboard, UnregisterClassW, SetClipboardData |
GDI32.dll | GetDeviceCaps, CreateRectRgn, DeleteObject |
ADVAPI32.dll | LsaOpenPolicy, RegOpenKeyExA, LookupPrivilegeValueW, AdjustTokenPrivileges, RevertToSelf, PrivilegeCheck, LookupPrivilegeValueA, ImpersonateSelf, IsValidSid, OpenProcessToken, CreateProcessAsUserW, RegSetValueExA, GetUserNameW, LsaAddAccountRights, DuplicateTokenEx, LsaClose, OpenThreadToken, LookupAccountNameW, GetUserNameA, RegCloseKey, RegQueryValueExA |
MSVCP140.dll | ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ, ?_Xout_of_range@std@@YAXPEBD@Z, ??0_Lockit@std@@QEAA@H@Z, ??1_Lockit@std@@QEAA@XZ, ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z, ?_Xlength_error@std@@YAXPEBD@Z, ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z, ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ, ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z, ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ, ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z, ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z, ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z, ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ, ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ, ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??Bios_base@std@@QEBA_NXZ, ?always_noconv@codecvt_base@std@@QEBA_NXZ, ??Bid@locale@std@@QEAA_KXZ, _Mbrtowc, ?_Throw_Cpp_error@std@@YAXH@Z, ?_Xbad_alloc@std@@YAXXZ, ?_Winerror_map@std@@YAHH@Z, ?_Syserror_map@std@@YAPEBDH@Z, _Cnd_do_broadcast_at_thread_exit, _Thrd_detach, ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?good@ios_base@std@@QEBA_NXZ, ?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ, ?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ, ?_Getmonths@_Locinfo@std@@QEBAPEBDXZ, ?_Getdays@_Locinfo@std@@QEBAPEBDXZ, ?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ, ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z, ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ, ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ, ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ, ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z, ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z, ?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z, ?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ, ?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ, ?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ, ?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ, ?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z, ?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z, ?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ, ?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z, ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ, ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ, ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ, ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ, ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ, ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ, ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z, ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z, ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z, ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A, ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z, ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ, ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z, ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ, ??7ios_base@std@@QEBA_NXZ, ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ |
USERENV.dll | DestroyEnvironmentBlock, CreateEnvironmentBlock |
SHLWAPI.dll | StrRChrW, PathRemoveFileSpecA |
IMM32.dll | ImmGetContext, ImmSetCompositionWindow, ImmReleaseContext |
D3DCOMPILER_47.dll | D3DCompile |
dwmapi.dll | DwmGetColorizationColor, DwmExtendFrameIntoClientArea, DwmIsCompositionEnabled, DwmEnableBlurBehindWindow |
d3d11.dll | D3D11CreateDeviceAndSwapChain |
WS2_32.dll | WSAStartup, connect |
VCRUNTIME140_1.dll | __CxxFrameHandler4 |
VCRUNTIME140.dll | memcmp, memchr, memcpy, __std_exception_destroy, __std_exception_copy, __std_terminate, strstr, strchr, __current_exception, __current_exception_context, __C_specific_handler, _CxxThrowException, memset, __std_type_info_destroy_list, memmove |
api-ms-win-crt-runtime-l1-1-0.dll | _seh_filter_exe, _set_app_type, _crt_at_quick_exit, _get_initial_narrow_environment, _initterm, _initterm_e, _exit, system, __p___argc, __p___argv, _c_exit, _register_thread_local_exe_atexit_callback, _crt_atexit, _execute_onexit_table, _beginthreadex, terminate, exit, _register_onexit_function, _initialize_onexit_table, _initialize_narrow_environment, _configure_narrow_argv, _seh_filter_dll, abort, _cexit, _invalid_parameter_noinfo_noreturn |
api-ms-win-crt-stdio-l1-1-0.dll | fflush, fopen_s, ferror, fputc, __stdio_common_vfprintf, __p__commode, fclose, __stdio_common_vsscanf, __stdio_common_vsprintf, _wfopen, fgetc, fseek, __acrt_iob_func, _set_fmode, ftell, _get_stream_buffer_pointers, __stdio_common_vswprintf, _fseeki64, fread, fsetpos, ungetc, _popen, setvbuf, fgetpos, fwrite, fgets, feof |
api-ms-win-crt-time-l1-1-0.dll | _difftime64, _time64 |
api-ms-win-crt-filesystem-l1-1-0.dll | remove, _lock_file, _unlock_file |
api-ms-win-crt-convert-l1-1-0.dll | atof, strtol |
api-ms-win-crt-environment-l1-1-0.dll | getenv |
api-ms-win-crt-heap-l1-1-0.dll | _callnewh, malloc, realloc, _set_new_mode, calloc, free |
api-ms-win-crt-string-l1-1-0.dll | _wcsicmp, wcscpy_s, strncmp, strcmp, strncpy, toupper |
api-ms-win-crt-utility-l1-1-0.dll | srand, qsort, rand |
api-ms-win-crt-math-l1-1-0.dll | atan2f, acosf, ceilf, ldexp, sqrtf, sinf, powf, pow, logf, log, cosf, floorf, fmodf, __setusermatherr |
api-ms-win-crt-locale-l1-1-0.dll | _configthreadlocale, ___lc_codepage_func |
KERNEL32.dll | LocalAlloc, LocalFree, GetModuleFileNameW, GetProcessAffinityMask, SetProcessAffinityMask, SetThreadAffinityMask, Sleep, ExitProcess, FreeLibrary, LoadLibraryA, GetModuleHandleA, GetProcAddress |
USER32.dll | GetProcessWindowStation, GetUserObjectInformationW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 31, 2024 20:22:57.297297955 CEST | 49730 | 25565 | 192.168.2.4 | 172.65.154.135 |
Aug 31, 2024 20:22:57.302365065 CEST | 25565 | 49730 | 172.65.154.135 | 192.168.2.4 |
Aug 31, 2024 20:22:57.302736044 CEST | 49730 | 25565 | 192.168.2.4 | 172.65.154.135 |
Aug 31, 2024 20:22:57.464103937 CEST | 49730 | 25565 | 192.168.2.4 | 172.65.154.135 |
Aug 31, 2024 20:22:57.771570921 CEST | 49730 | 25565 | 192.168.2.4 | 172.65.154.135 |
Aug 31, 2024 20:22:57.834453106 CEST | 25565 | 49730 | 172.65.154.135 | 192.168.2.4 |
Aug 31, 2024 20:22:57.834469080 CEST | 25565 | 49730 | 172.65.154.135 | 192.168.2.4 |
Aug 31, 2024 20:22:58.047326088 CEST | 25565 | 49730 | 172.65.154.135 | 192.168.2.4 |
Aug 31, 2024 20:22:58.103789091 CEST | 49730 | 25565 | 192.168.2.4 | 172.65.154.135 |
Aug 31, 2024 20:22:58.138348103 CEST | 25565 | 49730 | 172.65.154.135 | 192.168.2.4 |
Aug 31, 2024 20:22:58.193453074 CEST | 49730 | 25565 | 192.168.2.4 | 172.65.154.135 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 31, 2024 20:22:57.153652906 CEST | 50289 | 53 | 192.168.2.4 | 1.1.1.1 |
Aug 31, 2024 20:22:57.286689997 CEST | 53 | 50289 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Aug 31, 2024 20:22:57.153652906 CEST | 192.168.2.4 | 1.1.1.1 | 0xca9 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Aug 31, 2024 20:22:57.286689997 CEST | 1.1.1.1 | 192.168.2.4 | 0xca9 | No error (0) | ac86eaa6fe0c4cb58393b3297e524ca9.pacloudflare.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Aug 31, 2024 20:22:57.286689997 CEST | 1.1.1.1 | 192.168.2.4 | 0xca9 | No error (0) | 172.65.154.135 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:22:55 |
Start date: | 31/08/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.30136.14956.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff71eb80000 |
File size: | 5'141'504 bytes |
MD5 hash: | 6261EE4279A2F896625CA965AD014FB7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 14:22:55 |
Start date: | 31/08/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 14:22:55 |
Start date: | 31/08/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7fecf0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 14:22:55 |
Start date: | 31/08/2024 |
Path: | C:\Windows\System32\net.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b70f0000 |
File size: | 59'904 bytes |
MD5 hash: | 0BD94A338EEA5A4E1F2830AE326E6D19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 14:22:55 |
Start date: | 31/08/2024 |
Path: | C:\Windows\System32\net1.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e000000 |
File size: | 183'808 bytes |
MD5 hash: | 55693DF2BB3CBE2899DFDDF18B4EB8C9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 5 |
Start time: | 14:22:56 |
Start date: | 31/08/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7fecf0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 14:22:56 |
Start date: | 31/08/2024 |
Path: | C:\Windows\System32\w32tm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff685e80000 |
File size: | 108'032 bytes |
MD5 hash: | 81A82132737224D324A3E8DA993E2FB5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 7 |
Start time: | 14:22:56 |
Start date: | 31/08/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7fecf0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 14:22:56 |
Start date: | 31/08/2024 |
Path: | C:\Windows\System32\taskkill.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6325b0000 |
File size: | 101'376 bytes |
MD5 hash: | A599D3B2FAFBDE4C1A6D7D0F839451C7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 9 |
Start time: | 14:22:56 |
Start date: | 31/08/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7fecf0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 14:22:56 |
Start date: | 31/08/2024 |
Path: | C:\Windows\System32\ipconfig.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff622820000 |
File size: | 35'840 bytes |
MD5 hash: | 62F170FB07FDBB79CEB7147101406EB8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |