Edit tour
Windows
Analysis Report
SecuriteInfo.com.Trojan.Win64.Spy.1125.10281.exe
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Creates files in the system32 config directory
Drops executables to the windows directory (C:\Windows) and starts them
Excessive usage of taskkill to terminate processes
Uses taskkill to terminate AV processes
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Too many similar processes found
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Classification
- System is w10x64
- SecuriteInfo.com.Trojan.Win64.Spy.1125.10281.exe (PID: 2404 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Win 64.Spy.112 5.10281.ex e" MD5: 95408095927F78DEFFAEB9CB1F4CD44D) - conhost.exe (PID: 1588 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 3792 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\Windo wsUpdate.t xt" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - MicrosoftWindowsDefenderCoreService.exe (PID: 6636 cmdline:
"C:\Window s\System32 \oobe\Micr osoftWindo wsDefender CoreServic e.exe" ins tall MD5: 9CEBC167FF7C8AE3CCFFB718FD7B52D0) - conhost.exe (PID: 2852 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 7012 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - AnyDeskCrashHandler.exe (PID: 5996 cmdline:
"C:\Window s\System32 \oobe\AnyD eskCrashHa ndler.exe" --pid 663 6 MD5: 8EB4565C6C7096C17AC94718B2A3724B) - cmd.exe (PID: 4600 cmdline:
C:\Windows \System32\ cmd.exe /c sc start AnyDeskUpd ateService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5692 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 5660 cmdline:
sc start A nyDeskUpda teService MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - Conhost.exe (PID: 5164 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 4544 cmdline:
C:\Windows \System32\ cmd.exe /c sc start MicrosoftW indowsDefe nderCoreSe rvice MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 1408 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 4236 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - Conhost.exe (PID: 4020 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - AnyDeskCrashHandler.exe (PID: 6080 cmdline:
"C:\Window s\System32 \oobe\AnyD eskCrashHa ndler.exe" --pid 240 4 MD5: 8EB4565C6C7096C17AC94718B2A3724B) - cmd.exe (PID: 1484 cmdline:
C:\Windows \System32\ cmd.exe /c sc start AnyDeskUpd ateService MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5916 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 3748 cmdline:
sc start A nyDeskUpda teService MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 3792 cmdline:
C:\Windows \System32\ cmd.exe /c sc start MicrosoftW indowsDefe nderCoreSe rvice MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 1944 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 7024 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
- MicrosoftWindowsDefenderCoreService.exe (PID: 2128 cmdline:
"C:\Window s\System32 \oobe\Micr osoftWindo wsDefender CoreServic e.exe" MD5: 9CEBC167FF7C8AE3CCFFB718FD7B52D0) - AnyDeskCrashHandler.exe (PID: 6636 cmdline:
"C:\Window s\System32 \oobe\AnyD eskCrashHa ndler.exe" --pid 212 8 MD5: 8EB4565C6C7096C17AC94718B2A3724B) - cmd.exe (PID: 6996 cmdline:
C:\Windows \system32\ cmd.exe /c C:\Window s\System32 \oobe\AnyD eskUpdateS ervice.exe install MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 4976 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 5948 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - AnyDeskUpdateService.exe (PID: 2976 cmdline:
C:\Windows \System32\ oobe\AnyDe skUpdateSe rvice.exe install MD5: 95408095927F78DEFFAEB9CB1F4CD44D) - cmd.exe (PID: 2732 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\Windo wsUpdate.t xt" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - cmd.exe (PID: 3220 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t AnyDeskU pdateServi ce MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 4920 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 3984 cmdline:
sc start A nyDeskUpda teService MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 1088 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\oobe\ version.tx t" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5608 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 4156 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 3420 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 6192 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6628 cmdline:
C:\Windows \system32\ cmd.exe /c C:\Window s\System32 \oobe\AnyD eskUpdateS ervice.exe install MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - cmd.exe (PID: 1780 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t AnyDeskU pdateServi ce MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5100 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 5712 cmdline:
sc start A nyDeskUpda teService MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 3744 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\oobe\ version.tx t" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5040 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 5024 cmdline:
C:\Windows \system32\ cmd.exe /c C:\Window s\System32 \oobe\AnyD eskUpdateS ervice.exe install MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 1052 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - AnyDeskUpdateService.exe (PID: 4892 cmdline:
C:\Windows \System32\ oobe\AnyDe skUpdateSe rvice.exe install MD5: 95408095927F78DEFFAEB9CB1F4CD44D) - cmd.exe (PID: 5340 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\Windo wsUpdate.t xt" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - cmd.exe (PID: 572 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t AnyDeskU pdateServi ce MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 3984 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 3172 cmdline:
sc start A nyDeskUpda teService MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 3756 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\oobe\ version.tx t" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 1952 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 6752 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 3792 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 3852 cmdline:
C:\Windows \system32\ cmd.exe /c C:\Window s\System32 \oobe\AnyD eskUpdateS ervice.exe install MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6404 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 7012 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - AnyDeskUpdateService.exe (PID: 7052 cmdline:
C:\Windows \System32\ oobe\AnyDe skUpdateSe rvice.exe install MD5: 95408095927F78DEFFAEB9CB1F4CD44D) - cmd.exe (PID: 6324 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\Windo wsUpdate.t xt" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - Conhost.exe (PID: 3420 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 420 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t AnyDeskU pdateServi ce MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5208 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 420 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 1600 cmdline:
sc start A nyDeskUpda teService MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 5748 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\oobe\ version.tx t" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 2832 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 5980 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 3540 cmdline:
C:\Windows \system32\ cmd.exe /c C:\Window s\System32 \oobe\AnyD eskUpdateS ervice.exe install MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 4252 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - AnyDeskUpdateService.exe (PID: 6928 cmdline:
C:\Windows \System32\ oobe\AnyDe skUpdateSe rvice.exe install MD5: 95408095927F78DEFFAEB9CB1F4CD44D) - cmd.exe (PID: 6216 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\Windo wsUpdate.t xt" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - Conhost.exe (PID: 1112 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 5016 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t AnyDeskU pdateServi ce MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 2012 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 880 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 5908 cmdline:
sc start A nyDeskUpda teService MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 4876 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\oobe\ version.tx t" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - cmd.exe (PID: 5564 cmdline:
C:\Windows \system32\ cmd.exe /c C:\Window s\System32 \oobe\AnyD eskUpdateS ervice.exe install MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5100 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - AnyDeskUpdateService.exe (PID: 4048 cmdline:
C:\Windows \System32\ oobe\AnyDe skUpdateSe rvice.exe install MD5: 95408095927F78DEFFAEB9CB1F4CD44D) - cmd.exe (PID: 5464 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\Windo wsUpdate.t xt" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - cmd.exe (PID: 6484 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t AnyDeskU pdateServi ce MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6904 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 3532 cmdline:
sc start A nyDeskUpda teService MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 6068 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\oobe\ version.tx t" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 4600 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- AnyDeskUpdateService.exe (PID: 6552 cmdline:
"C:\Window s\System32 \oobe\AnyD eskUpdateS ervice.exe " MD5: 95408095927F78DEFFAEB9CB1F4CD44D) - cmd.exe (PID: 3796 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\Windo wsUpdate.t xt" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 3748 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - AnyDeskCrashHandler.exe (PID: 4196 cmdline:
"C:\Window s\System32 \oobe\AnyD eskCrashHa ndler.exe" --pid 655 2 MD5: 8EB4565C6C7096C17AC94718B2A3724B) - cmd.exe (PID: 5908 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /f /im M sMpEng.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 1944 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 4232 cmdline:
taskkill / f /im MsMp Eng.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 4876 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t Microsof tWindowsDe fenderCore Service MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6628 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - conhost.exe (PID: 5164 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - AnyDeskUpdateService.exe (PID: 5908 cmdline:
C:\Windows \System32\ oobe\AnyDe skUpdateSe rvice.exe install MD5: 95408095927F78DEFFAEB9CB1F4CD44D) - cmd.exe (PID: 1944 cmdline:
C:\Windows \system32\ cmd.exe /c DEL /F /S /Q "C:\Wi ndows\Syst em32\Windo wsUpdate.t xt" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - Conhost.exe (PID: 5256 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 5656 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - conhost.exe (PID: 2580 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 1880 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /f /im M sMpEng.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 2404 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 3796 cmdline:
taskkill / f /im MsMp Eng.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 5692 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t Microsof tWindowsDe fenderCore Service MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5256 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 3792 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 3748 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /f /im M sMpEng.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 1484 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 4072 cmdline:
taskkill / f /im MsMp Eng.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 5916 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t Microsof tWindowsDe fenderCore Service MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 2672 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 1592 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 1408 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /f /im M sMpEng.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6124 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 4616 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 1944 cmdline:
taskkill / f /im MsMp Eng.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - Conhost.exe (PID: 4136 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 1212 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t Microsof tWindowsDe fenderCore Service MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6820 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 3404 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - Conhost.exe (PID: 6984 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 5916 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /f /im M sMpEng.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5256 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 7140 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 6316 cmdline:
taskkill / f /im MsMp Eng.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - Conhost.exe (PID: 1776 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 5156 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t Microsof tWindowsDe fenderCore Service MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 4832 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 6248 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - Conhost.exe (PID: 5752 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 7004 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /f /im M sMpEng.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 2828 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 2716 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 2168 cmdline:
taskkill / f /im MsMp Eng.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - Conhost.exe (PID: 5224 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 5996 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t Microsof tWindowsDe fenderCore Service MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 1112 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 5320 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 5608 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /f /im M sMpEng.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 2788 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 5100 cmdline:
taskkill / f /im MsMp Eng.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - Conhost.exe (PID: 6788 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 5564 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 1428 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 4892 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t Microsof tWindowsDe fenderCore Service MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5648 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 2404 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 1484 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /f /im M sMpEng.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 3404 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 6696 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 4832 cmdline:
taskkill / f /im MsMp Eng.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 5164 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t Microsof tWindowsDe fenderCore Service MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5156 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 4072 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - cmd.exe (PID: 2120 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /f /im M sMpEng.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6192 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 1812 cmdline:
taskkill / f /im MsMp Eng.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 2836 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t Microsof tWindowsDe fenderCore Service MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6292 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 2036 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - Conhost.exe (PID: 6548 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 5036 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /f /im M sMpEng.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5308 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 1132 cmdline:
taskkill / f /im MsMp Eng.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - Conhost.exe (PID: 1600 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 6996 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6212 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t Microsof tWindowsDe fenderCore Service MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5712 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 1780 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - Conhost.exe (PID: 2736 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 1756 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 5156 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /f /im M sMpEng.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 6956 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 6928 cmdline:
taskkill / f /im MsMp Eng.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - Conhost.exe (PID: 5984 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 5984 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 4020 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t Microsof tWindowsDe fenderCore Service MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5320 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 2136 cmdline:
sc start M icrosoftWi ndowsDefen derCoreSer vice MD5: 3FB5CF71F7E7EB49790CB0E663434D80) - Conhost.exe (PID: 3320 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 3424 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 7056 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 5908 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 5996 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /f /im M sMpEng.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 5760 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 7076 cmdline:
taskkill / f /im MsMp Eng.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7) - cmd.exe (PID: 3524 cmdline:
"C:\Window s\System32 \cmd.exe" /c sc star t Microsof tWindowsDe fenderCore Service MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - conhost.exe (PID: 1944 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 7076 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - Conhost.exe (PID: 4188 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- svchost.exe (PID: 6796 cmdline:
C:\Windows \System32\ svchost.ex e -k Local Service -p -s Licens eManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
- cleanup
⊘No configs have been found
⊘No yara matches
Source: | Author: vburov: |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-29T02:26:01.175695+0200 | 2001046 | 3 | Misc activity | 185.199.110.153 | 443 | 192.168.2.6 | 49710 | TCP |
2024-09-29T02:26:01.965049+0200 | 2001046 | 3 | Misc activity | 185.199.110.153 | 443 | 192.168.2.6 | 49711 | TCP |
2024-09-29T02:26:02.839748+0200 | 2001046 | 3 | Misc activity | 185.199.110.153 | 443 | 192.168.2.6 | 49712 | TCP |
2024-09-29T02:26:10.297385+0200 | 2001046 | 3 | Misc activity | 185.199.110.153 | 443 | 192.168.2.6 | 49715 | TCP |
2024-09-29T02:26:11.170934+0200 | 2001046 | 3 | Misc activity | 185.199.110.153 | 443 | 192.168.2.6 | 49717 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-29T02:26:01.082281+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49710 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:26:01.872232+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49711 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:26:02.740638+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49712 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:26:09.596623+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49714 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:26:10.202534+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49715 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:26:11.082553+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49717 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:26:17.685412+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49721 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:26:24.719024+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49724 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:26:31.217086+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49725 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:26:37.673371+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49726 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:26:44.000738+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49728 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:26:50.547457+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49729 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:26:56.517807+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49731 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:27:02.499688+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49733 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:27:08.462279+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49734 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:27:14.453356+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49735 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:27:20.468666+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49736 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:27:26.655782+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49737 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:27:32.889465+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49739 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:27:39.281130+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49740 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:27:45.756534+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49741 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:27:52.185949+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49742 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:27:58.464364+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49743 | 185.199.110.153 | 443 | TCP |
2024-09-29T02:28:04.777993+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49744 | 185.199.110.153 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF6C78832B4 | |
Source: | Code function: | 5_2_00007FF76E1A9B94 | |
Source: | Code function: | 7_2_00007FF7AA9590E0 | |
Source: | Code function: | 25_2_00007FF71DDB32B4 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00007FF6C785CDF0 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: |