Windows Analysis Report
SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe
Analysis ID: 1528278
MD5: ebb31c3ced79bc012544f7935b376242
SHA1: 40e907ab13f134bb8bb8af60bab2b398f1cd7e21
SHA256: 781d7b5cacf74dd23d6a64c8ad4768abcb0c295d3ce854b58ca2091469678e26
Tags: exe
Infos:

Detection

Score: 42
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Compliance

Score: 30
Range: 0 - 100

Signatures

Detected unpacking (creates a PE file in dynamic memory)
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.3% probability

Compliance
barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\ProgramData\HDStreamer\StreamService.exe Unpacked PE file: 8.2.StreamService.exe.27450010000.0.unpack
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63383 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63384 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63429 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63463 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.249.249:443 -> 192.168.2.4:63471 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.249.249:443 -> 192.168.2.4:63470 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63527 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.249.249:443 -> 192.168.2.4:63535 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.249.249:443 -> 192.168.2.4:63536 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63584 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.249.249:443 -> 192.168.2.4:63591 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.249.249:443 -> 192.168.2.4:63590 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63662 version: TLS 1.2
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: MovieService.pdb source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2056913409.00000000006FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2125410709.0000000005719000.00000004.00000020.00020000.00000000.sdmp, streamerapp.exe, 00000004.00000002.2387556541.00007FF61B148000.00000002.00000001.01000000.00000005.sdmp, streamerapp.exe, 00000004.00000000.2167722423.00007FF61B148000.00000002.00000001.01000000.00000005.sdmp, StreamService.exe, 00000005.00000002.3589538937.00007FF6F45C8000.00000002.00000001.01000000.00000006.sdmp, StreamService.exe, 00000005.00000000.2384978256.00007FF6F45C8000.00000002.00000001.01000000.00000006.sdmp
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.16.249.249 104.16.249.249
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 143.244.33.74
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.58.164
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.164.43
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.212
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.170
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.60.88
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.58.164
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.58.164
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.58.164
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.164.43
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.164.43
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.164.43
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.58.164
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.58.164
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.58.164
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.58.164
Source: unknown UDP traffic detected without corresponding DNS query: 143.244.33.74
Source: unknown UDP traffic detected without corresponding DNS query: 143.244.33.74
Source: unknown UDP traffic detected without corresponding DNS query: 143.244.33.74
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.212
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.212
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.212
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.58.164
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.164.43
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.164.43
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.164.43
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.164.43
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.164.43
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.58.164
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.170
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.170
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.170
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.58.164
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.212
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.212
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.212
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.60.88
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.60.88
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.60.88
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.212
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.164.43
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.164.43
Source: unknown UDP traffic detected without corresponding DNS query: 195.181.165.212
Source: unknown UDP traffic detected without corresponding DNS query: 143.244.33.74
Source: unknown UDP traffic detected without corresponding DNS query: 143.244.33.74
Source: unknown UDP traffic detected without corresponding DNS query: 143.244.33.74
Source: unknown UDP traffic detected without corresponding DNS query: 212.102.58.164
Source: global traffic HTTP traffic detected: GET /cbhello HTTP/1.1accept: */*user-agent: b2fdf9181f27e9525b9c34db6768743d68562d4e909a23e3ebbfe5c3f10f98a8host: fastfiledownloader.com
Source: global traffic HTTP traffic detected: GET /streamapp_setup.exe HTTP/1.1accept: */*user-agent: b2fdf9181f27e9525b9c34db6768743d68562d4e909a23e3ebbfe5c3f10f98a8host: fastfiledownloader.com
Source: global traffic HTTP traffic detected: GET /cb0 HTTP/1.1accept: */*user-agent: b2fdf9181f27e9525b9c34db6768743d68562d4e909a23e3ebbfe5c3f10f98a8host: fastfiledownloader.com
Source: global traffic HTTP traffic detected: GET /cb1 HTTP/1.1accept: */*user-agent: b2fdf9181f27e9525b9c34db6768743d68562d4e909a23e3ebbfe5c3f10f98a8host: fastfiledownloader.com
Source: global traffic HTTP traffic detected: GET /update.txt HTTP/1.1User-Agent: b2fdf9181f27e9525b9c34db6768743d68562d4e909a23e3ebbfe5c3f10f98a8Host: www.fastfiledownloader.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /dns-query?name=srv.coinsurf.com&type=TXT HTTP/1.1accept: application/dns-jsonuser-agent: windows#10.0.19045#1.8.0-quinnaccept-encoding: gzip, br, deflatehost: cloudflare-dns.com
Source: global traffic HTTP traffic detected: GET /dns-query?name=srv.coinsurf.com&type=TXT HTTP/1.1accept: application/dns-jsonuser-agent: windows#10.0.19045#1.8.0-quinnaccept-encoding: gzip, br, deflatehost: cloudflare-dns.com
Source: global traffic HTTP traffic detected: GET /update.txt HTTP/1.1User-Agent: b2fdf9181f27e9525b9c34db6768743d68562d4e909a23e3ebbfe5c3f10f98a8Host: www.fastfiledownloader.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /dns-query?name=srv.coinsurf.com&type=TXT HTTP/1.1accept: application/dns-jsonuser-agent: windows#10.0.19045#1.8.0-quinnaccept-encoding: gzip, br, deflatehost: cloudflare-dns.com
Source: global traffic HTTP traffic detected: GET /dns-query?name=srv.coinsurf.com&type=TXT HTTP/1.1accept: application/dns-jsonuser-agent: windows#10.0.19045#1.8.0-quinnaccept-encoding: gzip, br, deflatehost: cloudflare-dns.com
Source: global traffic HTTP traffic detected: GET /update.txt HTTP/1.1User-Agent: b2fdf9181f27e9525b9c34db6768743d68562d4e909a23e3ebbfe5c3f10f98a8Host: www.fastfiledownloader.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /dns-query?name=srv.coinsurf.com&type=TXT HTTP/1.1accept: application/dns-jsonuser-agent: windows#10.0.19045#1.8.0-quinnaccept-encoding: gzip, br, deflatehost: cloudflare-dns.com
Source: global traffic HTTP traffic detected: GET /dns-query?name=srv.coinsurf.com&type=TXT HTTP/1.1accept: application/dns-jsonuser-agent: windows#10.0.19045#1.8.0-quinnaccept-encoding: gzip, br, deflatehost: cloudflare-dns.com
Source: global traffic HTTP traffic detected: GET /cb2 HTTP/1.1accept: */*user-agent: b2fdf9181f27e9525b9c34db6768743d68562d4e909a23e3ebbfe5c3f10f98a8host: fastfiledownloader.com
Source: global traffic DNS traffic detected: DNS query: fastfiledownloader.com
Source: global traffic DNS traffic detected: DNS query: www.fastfiledownloader.com
Source: global traffic DNS traffic detected: DNS query: cloudflare-dns.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 16:35:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XUeoxk4wFVmcYzNQJLyAOy0dts1Fk0hmlb7lwyoZb1PGxf9XydQ6ZkTL7jg6PBZEBPfNTxRgbDC1Zsdgici8VHwmiH4r%2B80utOqhID2n5XCAugsOMijhq6FFBX23wr4zV2%2Bd1s1sTTTP"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8cef4d527d2c42aa-EWR
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 16:35:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OsLRDV%2FKE9%2B5YMF2mNeOAqEImqZ0Ym8jg6RVi%2B%2FmtOVARaIe%2B7uaYPrJuuuZYE5GfhfYlSAq6Y9xBC1nbeI9aj3O7yfsECnQ7FAjW66StnoJXuvL7cWjKTeL7BJS1kb9Guu1PF9XgNTZ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8cef4e10df9e1a03-EWR
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 16:35:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mCwap9%2FrXlgscis%2FT4j8HvDCTi7LIfCziAd3P3yfDusG%2FWiQmlM4GfM2cBHtmyqGGB3gsCPY9TgXOzL%2F7Ni%2FlDMRSlDYWNQrwLkFC9%2F%2BwyuvMeE3rKaLT1dBlmVZcrBgR668gmDsqikU"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8cef4e819ef5430d-EWR
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 16:36:36 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qp8hvhnWd2rL52a3SokkUqIXhu8j2aHFmn7HdDFIoKBZrKbnnw%2BFBWi7u3okk1y53bD0t6UEQc93lZoJxFSz6pQEoFZdrXzg6r5H35Zx5h%2BPhU9IuIzmDRSiHI1AamGT2GCdYx060pj3"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8cef4f9fe99b1774-EWR
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2125410709.0000000005D36000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2072620458.0000000004380000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2069515770.0000000004380000.00000004.00000020.00020000.00000000.sdmp, streamerapp.exe, 00000004.00000000.2167828259.00007FF61B6D2000.00000002.00000001.01000000.00000005.sdmp, StreamService.exe, 00000005.00000003.2395590864.000001BD2D15B000.00000004.00000020.00020000.00000000.sdmp, StreamService.exe, 00000005.00000002.3586639115.000001BD2DED7000.00000040.00001000.00020000.00000000.sdmp, StreamService.exe, 00000005.00000000.2385128413.00007FF6F4B52000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://.css
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2125410709.0000000005D36000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2072620458.0000000004380000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2069515770.0000000004380000.00000004.00000020.00020000.00000000.sdmp, streamerapp.exe, 00000004.00000000.2167828259.00007FF61B6D2000.00000002.00000001.01000000.00000005.sdmp, StreamService.exe, 00000005.00000003.2395590864.000001BD2D15B000.00000004.00000020.00020000.00000000.sdmp, StreamService.exe, 00000005.00000002.3586639115.000001BD2DED7000.00000040.00001000.00020000.00000000.sdmp, StreamService.exe, 00000005.00000000.2385128413.00007FF6F4B52000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://.jpg
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2125410709.0000000005D36000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2072620458.0000000004380000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2069515770.0000000004380000.00000004.00000020.00020000.00000000.sdmp, streamerapp.exe, 00000004.00000000.2167828259.00007FF61B6D2000.00000002.00000001.01000000.00000005.sdmp, StreamService.exe, 00000005.00000003.2395590864.000001BD2D15B000.00000004.00000020.00020000.00000000.sdmp, StreamService.exe, 00000005.00000002.3586639115.000001BD2DED7000.00000040.00001000.00020000.00000000.sdmp, StreamService.exe, 00000005.00000000.2385128413.00007FF6F4B52000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: http://html4/loose.dtd
Source: StreamService.exe, 00000005.00000000.2385128413.00007FF6F4B52000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: https://cloudflare-dns.com/dns-query?name=&type=TXT
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2125410709.0000000005D36000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2068217268.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, streamerapp.exe, 00000004.00000000.2167828259.00007FF61B6D2000.00000002.00000001.01000000.00000005.sdmp, StreamService.exe, 00000005.00000003.2395590864.000001BD2D15B000.00000004.00000020.00020000.00000000.sdmp, StreamService.exe, 00000005.00000002.3586639115.000001BD2DED7000.00000040.00001000.00020000.00000000.sdmp, StreamService.exe, 00000005.00000000.2385128413.00007FF6F4B52000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: https://cloudflare-dns.com/dns-query?name=&type=TXTp
Source: StreamService.exe, 00000005.00000002.3581425948.000001BD2B02B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cloudflare-dns.com/dns-query?name=srv.coinsurf.com&type=TXT
Source: StreamService.exe, 00000005.00000002.3581425948.000001BD2B02B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cloudflare-dns.com/dns-query?name=srv.coinsurf.com&type=TXTJ
Source: StreamService.exe, 00000005.00000000.2385128413.00007FF6F4B52000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000002.3583244937.0000000002881000.00000002.10000000.00040000.00000000.sdmp, SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000002.3582214532.0000000002600000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-supportCalling
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2073792107.0000000004618000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2125410709.0000000005D36000.00000004.00000020.00020000.00000000.sdmp, streamerapp.exe, 00000004.00000000.2167828259.00007FF61B6D2000.00000002.00000001.01000000.00000005.sdmp, StreamService.exe, 00000005.00000003.2395590864.000001BD2D15B000.00000004.00000020.00020000.00000000.sdmp, StreamService.exe, 00000005.00000002.3586639115.000001BD2DED7000.00000040.00001000.00020000.00000000.sdmp, StreamService.exe, 00000005.00000000.2385128413.00007FF6F4B52000.00000002.00000001.01000000.00000006.sdmp String found in binary or memory: https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eofno
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000002.3578493215.000000000045D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fastfiledownloader.com/cb2
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000002.3578493215.000000000045D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fastfiledownloader.com/streamapp_setup.exe
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000002.3578493215.000000000045D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fastfiledownloader.com/streamapp_setup.exes
Source: StreamService.exe, 00000005.00000002.3581425948.000001BD2AFBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.fastfiledownloader.com/
Source: StreamService.exe, 00000005.00000002.3581425948.000001BD2AFBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.fastfiledownloader.com/$K
Source: StreamService.exe, 00000005.00000002.3589739254.00007FF6F4612000.00000004.00000001.01000000.00000006.sdmp, StreamService.exe, 00000005.00000002.3581425948.000001BD2AF6C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.fastfiledownloader.com/update.txt
Source: StreamService.exe, 00000005.00000002.3581425948.000001BD2AF6C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.fastfiledownloader.com/update.txtl0
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63470
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63591
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63590
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63471
Source: unknown Network traffic detected: HTTP traffic on port 63591 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63535 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63429
Source: unknown Network traffic detected: HTTP traffic on port 63383 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63527
Source: unknown Network traffic detected: HTTP traffic on port 63471 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63463
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63584
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63662
Source: unknown Network traffic detected: HTTP traffic on port 63527 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63429 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63590 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63584 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63384
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63383
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63662 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63536 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63384 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63536
Source: unknown Network traffic detected: HTTP traffic on port 63463 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63470 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63535
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63383 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63384 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63429 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63463 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.249.249:443 -> 192.168.2.4:63471 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.249.249:443 -> 192.168.2.4:63470 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63527 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.249.249:443 -> 192.168.2.4:63535 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.249.249:443 -> 192.168.2.4:63536 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63584 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.249.249:443 -> 192.168.2.4:63591 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.249.249:443 -> 192.168.2.4:63590 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.145.190:443 -> 192.168.2.4:63662 version: TLS 1.2
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_008D04E0 VirtualAlloc,VirtualProtect,NtUnmapViewOfSection,NtMapViewOfSection,NtCreateSection,VirtualProtect,VirtualProtect,NtMapViewOfSection,CreateThread, 0_2_008D04E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027D59BF NtCreateFile,CreateIoCompletionPort,SetFileCompletionNotificationModes, 0_2_027D59BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02858FA0 NtWriteFile, 0_2_02858FA0
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_008D04E0 0_2_008D04E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_008CF2D6 0_2_008CF2D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02855B80 0_2_02855B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02783309 0_2_02783309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027AEA50 0_2_027AEA50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_0287B2B5 0_2_0287B2B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027D7B7E 0_2_027D7B7E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02850B80 0_2_02850B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02783B7E 0_2_02783B7E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_0278C370 0_2_0278C370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_0279BB00 0_2_0279BB00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02782BE0 0_2_02782BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02794BE0 0_2_02794BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_0279CBE0 0_2_0279CBE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027AA8E0 0_2_027AA8E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027A18A0 0_2_027A18A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027C0154 0_2_027C0154
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_0280F104 0_2_0280F104
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027AB9C0 0_2_027AB9C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02859960 0_2_02859960
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02857170 0_2_02857170
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_028426A0 0_2_028426A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_0286AEE6 0_2_0286AEE6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027FD603 0_2_027FD603
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02869600 0_2_02869600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02856660 0_2_02856660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027BAE9D 0_2_027BAE9D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_0284D7C0 0_2_0284D7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02790710 0_2_02790710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027B9FF9 0_2_027B9FF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027A2460 0_2_027A2460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02856CA0 0_2_02856CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_028594C0 0_2_028594C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02870CF1 0_2_02870CF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027A1CE0 0_2_027A1CE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02787D21 0_2_02787D21
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027D4503 0_2_027D4503
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_0278ADB7 0_2_0278ADB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_0278F5AA 0_2_0278F5AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_027C6D82 0_2_027C6D82
PE file contains executable resources (Code or Archives)
Source: streamerapp.exe.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Source: StreamService.exe.4.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Binary or memory string: OriginalFilename vs SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2129983514.0000000006585000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameWinRAR.exeD vs SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2123992802.0000000005386000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameWinRAR.exeD vs SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000002.3587929910.0000000140B94000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWinRAR.exeD vs SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000002.3585144128.0000000005386000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameWinRAR.exeD vs SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe
Source: classification engine Classification label: mal42.evad.winEXE@7/2@3/8
Source: C:\ProgramData\HDStreamer\StreamService.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\update[1].txt Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\RecentDocumentsUpdat
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe File created: C:\Users\user\AppData\Local\Temp\streamerapp.exe Jump to behavior
Source: StreamService.exe, 00000005.00000000.2385128413.00007FF6F4B52000.00000002.00000001.01000000.00000006.sdmp Memory string: rustls::msgs::handshake
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Process created: C:\Users\user\AppData\Local\Temp\streamerapp.exe "C:\Users\user\AppData\Local\Temp\streamerapp.exe"
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Process created: C:\ProgramData\HDStreamer\StreamService.exe "C:\ProgramData\HDStreamer\StreamService.exe"
Source: unknown Process created: C:\ProgramData\HDStreamer\StreamService.exe "C:\ProgramData\HDStreamer\StreamService.exe"
Source: unknown Process created: C:\ProgramData\HDStreamer\StreamService.exe "C:\ProgramData\HDStreamer\StreamService.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Process created: C:\Users\user\AppData\Local\Temp\streamerapp.exe "C:\Users\user\AppData\Local\Temp\streamerapp.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Process created: C:\ProgramData\HDStreamer\StreamService.exe "C:\ProgramData\HDStreamer\StreamService.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: wininet.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: netutils.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: wldp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: profapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: schannel.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: secur32.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: userenv.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: wininet.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: netutils.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: wldp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: profapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: schannel.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: secur32.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: userenv.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: wininet.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: netutils.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: wldp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: profapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: schannel.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: secur32.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: userenv.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: certificate valid
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static file information: File size 12202552 > 1048576
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x15e400
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: Raw size of .data is bigger than: 0x100000 < 0xa01600
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: MovieService.pdb source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2056913409.00000000006FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000003.2125410709.0000000005719000.00000004.00000020.00020000.00000000.sdmp, streamerapp.exe, 00000004.00000002.2387556541.00007FF61B148000.00000002.00000001.01000000.00000005.sdmp, streamerapp.exe, 00000004.00000000.2167722423.00007FF61B148000.00000002.00000001.01000000.00000005.sdmp, StreamService.exe, 00000005.00000002.3589538937.00007FF6F45C8000.00000002.00000001.01000000.00000006.sdmp, StreamService.exe, 00000005.00000000.2384978256.00007FF6F45C8000.00000002.00000001.01000000.00000006.sdmp

Data Obfuscation
barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\ProgramData\HDStreamer\StreamService.exe Unpacked PE file: 8.2.StreamService.exe.27450010000.0.unpack
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: section name: .gxfg
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: section name: _RDATA
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: section name: .l2
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_008201A7 push dword ptr [ebp-5Eh]; retf 0_2_008201C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_0279310B push E8000000h; ret 0_2_02793119
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_02786777 push E8000002h; retf 0_2_02786781
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Static PE information: section name: .text entropy: 6.966532319263285
Source: streamerapp.exe.0.dr Static PE information: section name: .text entropy: 6.909502941900051
Source: StreamService.exe.4.dr Static PE information: section name: .text entropy: 6.909502941900051
Drops PE files
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe File created: C:\Users\user\AppData\Local\Temp\streamerapp.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe File created: C:\ProgramData\HDStreamer\StreamService.exe Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\AppData\Local\Temp\streamerapp.exe File created: C:\ProgramData\HDStreamer\StreamService.exe Jump to dropped file
Source: C:\ProgramData\HDStreamer\StreamService.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HDStreamer Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HDStreamer Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\ProgramData\HDStreamer\StreamService.exe Thread delayed: delay time: 1800000 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Thread delayed: delay time: 1800000 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Thread delayed: delay time: 1800000 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Thread delayed: delay time: 600000 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\ProgramData\HDStreamer\StreamService.exe TID: 5640 Thread sleep time: -1800000s >= -30000s Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe TID: 5428 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe TID: 3096 Thread sleep time: -1800000s >= -30000s Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe TID: 4600 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe TID: 2848 Thread sleep time: -1800000s >= -30000s Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe TID: 772 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Thread delayed: delay time: 1800000 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Thread delayed: delay time: 1800000 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Thread delayed: delay time: 1800000 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe Thread delayed: delay time: 600000 Jump to behavior
Source: StreamService.exe, 00000005.00000002.3581425948.000001BD2AFEE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%x
Source: StreamService.exe, 00000005.00000002.3581425948.000001BD2AFEE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: StreamService.exe, 00000005.00000002.3581425948.000001BD2AF6C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW@
Source: SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe, 00000000.00000002.3580251088.000000000063B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe NtWriteFile: Indirect: 0x2858FF8 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe NtDeviceIoControlFile: Indirect: 0x2745039C3A0 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe NtDeviceIoControlFile: Indirect: 0x27D52C3 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe NtCreateFile: Indirect: 0x1BD2DD2C491 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe NtCreateFile: Indirect: 0x2745039C491 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe NtCreateFile: Indirect: 0x142D821C491 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe NtCreateFile: Indirect: 0x27D5A28 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe NtDeviceIoControlFile: Indirect: 0x1BD2DD2C3A0 Jump to behavior
Source: C:\ProgramData\HDStreamer\StreamService.exe NtDeviceIoControlFile: Indirect: 0x142D821C3A0 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Process created: C:\Users\user\AppData\Local\Temp\streamerapp.exe "C:\Users\user\AppData\Local\Temp\streamerapp.exe" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Queries volume information: C:\Users\user\AppData\Local\Temp\streamerapp.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Queries volume information: C:\Users\user\AppData\Local\Temp\streamerapp.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Queries volume information: C:\ProgramData\HDStreamer VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Queries volume information: C:\ProgramData\HDStreamer\StreamService.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Code function: 0_2_0000000140150E6C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_0000000140150E6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528278 Sample: SecuriteInfo.com.Win64.Troj... Startdate: 07/10/2024 Architecture: WINDOWS Score: 42 28 www.fastfiledownloader.com 2->28 30 fastfiledownloader.com 2->30 32 cloudflare-dns.com 2->32 42 AI detected suspicious sample 2->42 8 SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe 1 2->8         started        13 StreamService.exe 13 2->13         started        15 StreamService.exe 13 2->15         started        signatures3 process4 dnsIp5 40 fastfiledownloader.com 172.67.145.190, 443, 49740, 63383 CLOUDFLARENETUS United States 8->40 26 C:\Users\user\AppData\...\streamerapp.exe, PE32+ 8->26 dropped 48 Found direct / indirect Syscall (likely to bypass EDR) 8->48 17 streamerapp.exe 2 8->17         started        file6 signatures7 process8 file9 24 C:\ProgramData\HDStreamer\StreamService.exe, PE32+ 17->24 dropped 20 StreamService.exe 1 13 17->20         started        process10 dnsIp11 34 143.244.33.74, 443, 53499, 53501 COGENT-174US United States 20->34 36 cloudflare-dns.com 104.16.249.249, 443, 63470, 63471 CLOUDFLARENETUS United States 20->36 38 5 other IPs or domains 20->38 44 Detected unpacking (creates a PE file in dynamic memory) 20->44 46 Found direct / indirect Syscall (likely to bypass EDR) 20->46 signatures12
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
143.244.33.74
 unknown United States
174 COGENT-174US false
212.102.58.164
 unknown Italy
60068 CDN77GB false
212.102.60.88
 unknown Italy
60068 CDN77GB false
104.16.249.249
 cloudflare-dns.com United States
13335 CLOUDFLARENETUS false
172.67.145.190
 www.fastfiledownloader.com United States
13335 CLOUDFLARENETUS false
195.181.165.212
 unknown United Kingdom
60068 CDN77GB false
195.181.165.170
 unknown United Kingdom
60068 CDN77GB false
195.181.164.43
 unknown United Kingdom
60068 CDN77GB false

Contacted Domains

Name IP Active
www.fastfiledownloader.com 172.67.145.190 true
fastfiledownloader.com 172.67.145.190 true
cloudflare-dns.com 104.16.249.249 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.fastfiledownloader.com/update.txt false
    		unknown