Edit tour

Windows Analysis Report
kbu317MlTn.exe

Overview

General Information

Sample name:	kbu317MlTn.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:	b9677c50b20a1ed951962edcb593cce5f1ed9c742bc7bff827a6fc420202b045
Analysis ID:	1561506
MD5:	fa400cb70d13cb329d05877b8fe73ed5
SHA1:	0fa5bfed7dafbe248f436a6b6ca4b08e7e859fd4
SHA256:	b9677c50b20a1ed951962edcb593cce5f1ed9c742bc7bff827a6fc420202b045
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

AI detected suspicious sample

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Classification

Process Tree

System is w10x64

kbu317MlTn.exe (PID: 1164 cmdline: "C:\Users\user\Desktop\kbu317MlTn.exe" MD5: FA400CB70D13CB329D05877B8FE73ED5)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-23T16:01:35.749641+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	58191	1.1.1.1	53	UDP
2024-11-23T16:01:40.108962+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	51438	1.1.1.1	53	UDP
2024-11-23T16:01:45.132096+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	58385	1.1.1.1	53	UDP
2024-11-23T16:01:50.135297+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	62472	1.1.1.1	53	UDP
2024-11-23T16:01:55.160068+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	59976	1.1.1.1	53	UDP
2024-11-23T16:02:00.106733+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	59126	1.1.1.1	53	UDP
2024-11-23T16:02:05.206439+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	49162	1.1.1.1	53	UDP
2024-11-23T16:02:10.141730+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	58624	1.1.1.1	53	UDP
2024-11-23T16:02:15.104983+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	57423	1.1.1.1	53	UDP
2024-11-23T16:02:20.107395+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	52618	1.1.1.1	53	UDP
2024-11-23T16:02:25.103734+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	65429	1.1.1.1	53	UDP
2024-11-23T16:02:30.106257+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	50573	1.1.1.1	53	UDP
2024-11-23T16:02:35.104222+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	53046	1.1.1.1	53	UDP
2024-11-23T16:02:40.116558+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	54784	1.1.1.1	53	UDP
2024-11-23T16:02:45.105712+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	57906	1.1.1.1	53	UDP
2024-11-23T16:02:50.113354+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	58560	1.1.1.1	53	UDP
2024-11-23T16:02:55.103904+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	64162	1.1.1.1	53	UDP
2024-11-23T16:03:00.107928+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	50026	1.1.1.1	53	UDP
2024-11-23T16:03:05.104085+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	62640	1.1.1.1	53	UDP
2024-11-23T16:03:10.105582+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	60950	1.1.1.1	53	UDP
2024-11-23T16:03:15.105023+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	52438	1.1.1.1	53	UDP
2024-11-23T16:03:20.106523+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	60877	1.1.1.1	53	UDP
2024-11-23T16:03:25.113753+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	63607	1.1.1.1	53	UDP
2024-11-23T16:03:30.103680+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	54303	1.1.1.1	53	UDP
2024-11-23T16:03:35.108421+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	57707	1.1.1.1	53	UDP
2024-11-23T16:03:40.121809+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	59657	1.1.1.1	53	UDP
2024-11-23T16:03:45.107987+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	54028	1.1.1.1	53	UDP
2024-11-23T16:03:50.104934+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	51597	1.1.1.1	53	UDP
2024-11-23T16:03:55.108079+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	49877	1.1.1.1	53	UDP
2024-11-23T16:04:00.104963+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	59310	1.1.1.1	53	UDP
2024-11-23T16:04:05.108124+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	50627	1.1.1.1	53	UDP
2024-11-23T16:04:10.107976+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	58138	1.1.1.1	53	UDP
2024-11-23T16:04:15.107300+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	61368	1.1.1.1	53	UDP
2024-11-23T16:04:20.105722+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	54234	1.1.1.1	53	UDP
2024-11-23T16:04:25.106512+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	58256	1.1.1.1	53	UDP
2024-11-23T16:04:30.104454+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	56033	1.1.1.1	53	UDP
2024-11-23T16:04:35.106515+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	59871	1.1.1.1	53	UDP
2024-11-23T16:04:40.107527+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	52597	1.1.1.1	53	UDP
2024-11-23T16:04:45.107891+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	65184	1.1.1.1	53	UDP
2024-11-23T16:04:50.105457+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	60948	1.1.1.1	53	UDP
2024-11-23T16:04:55.104010+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	52059	1.1.1.1	53	UDP
2024-11-23T16:05:00.117748+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	58043	1.1.1.1	53	UDP
2024-11-23T16:05:05.105991+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	53125	1.1.1.1	53	UDP
2024-11-23T16:05:10.104803+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	61962	1.1.1.1	53	UDP
2024-11-23T16:05:15.107685+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	52457	1.1.1.1	53	UDP
2024-11-23T16:05:20.104532+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	62897	1.1.1.1	53	UDP
2024-11-23T16:05:25.105579+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	49915	1.1.1.1	53	UDP
2024-11-23T16:05:30.224987+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	50279	1.1.1.1	53	UDP
2024-11-23T16:05:35.129454+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	55635	1.1.1.1	53	UDP
2024-11-23T16:05:40.106573+0100	2056108	1	Malware Command and Control Activity Detected	192.168.2.5	52978	1.1.1.1	53	UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://webtimeapi.com/#	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/m3ib	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/c	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/a	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com:443/)	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/O3Kb	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/2p_b	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/7yT	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/0r	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/j	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/h	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/g	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/Mb	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/s	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/1	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com:443/.	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/q	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com//	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/sL	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/sD	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/o	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/sx	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/w	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/-	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/v	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/4	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/x	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/U3Ab.	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/s4	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com:443/	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com:443/X	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/N	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/D	Avira URL Cloud: Label: malware
Source: https://webtimeapi.com/L	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: kbu317MlTn.exe

ReversingLabs: Detection: 87%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.1% probability

Source: kbu317MlTn.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:58385 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:58191 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:51438 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:59976 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:57423 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:53046 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:62472 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:58624 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:49162 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:59126 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:65429 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:52618 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:50573 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:57906 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:64162 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:50026 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:62640 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:54784 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:52438 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:63607 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:60877 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:54303 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:59657 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:58560 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:51597 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:59310 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:49915 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:55635 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:50627 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:56033 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:52059 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:54234 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:52597 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:54028 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:58138 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:59871 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:49877 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:60950 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:50279 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:53125 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:65184 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:58256 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:61368 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:61962 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:52978 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:62897 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:60948 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:52457 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:57707 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056108 - Severity 1 - ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com) : 192.168.2.5:58043 -> 1.1.1.1:53

Source: unknown

DNS traffic detected: query: webtimeapi.com replaycode: Name error (3)

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: webtimeapi.com

Source: kbu317MlTn.exe, 00000000.00000003.2015011782.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2240426007.0000015E54269000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2159418182.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2185610055.0000015E541EA000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2146115359.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2321662354.0000015E547C1000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2131113420.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/
Source: kbu317MlTn.exe, 00000000.00000003.2348461360.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2097860294.0000015E54252000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2355240997.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2361719340.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/#
Source: kbu317MlTn.exe, 00000000.00000003.2109426363.0000015E54251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/-
Source: kbu317MlTn.exe, 00000000.00000003.2125576664.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2158535428.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2154942986.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2160568418.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2158730803.0000015E54250000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2156547379.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2125443924.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2155609768.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2157892923.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2159418182.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com//
Source: kbu317MlTn.exe, 00000000.00000003.2058458416.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/0r
Source: kbu317MlTn.exe, 00000000.00000003.2321662354.0000015E547C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/1
Source: kbu317MlTn.exe, 00000000.00000003.2361719340.0000015E541EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/2p_b
Source: kbu317MlTn.exe, 00000000.00000003.2348461360.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2027171589.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2042254168.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2051268467.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/4
Source: kbu317MlTn.exe, 00000000.00000003.2112150416.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/7yT
Source: kbu317MlTn.exe, 00000000.00000003.2110112022.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2110534415.0000015E54254000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/C
Source: kbu317MlTn.exe, 00000000.00000003.2127693842.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2112150416.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2022939740.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2036700481.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2140134597.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2179481247.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/D
Source: kbu317MlTn.exe, 00000000.00000003.2058458416.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2053231788.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2146461177.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2053929759.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017970794.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2045085037.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2047527693.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2185610055.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2012311974.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2043606520.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2036301313.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2134030693.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017793540.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2055298236.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2103799161.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2181526285.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2047994445.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2071423519.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2010898849.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2033969032.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2128576919.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/L
Source: kbu317MlTn.exe, 00000000.00000003.2193798259.0000015E541EA000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2185610055.0000015E541EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/Mb
Source: kbu317MlTn.exe, 00000000.00000003.2349534279.0000015E54202000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/N
Source: kbu317MlTn.exe, 00000000.00000003.2095181714.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/O3Kb
Source: kbu317MlTn.exe, 00000000.00000003.2043606520.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/U3Ab.
Source: kbu317MlTn.exe, 00000000.00000003.2035736556.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2125774345.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/a
Source: kbu317MlTn.exe, 00000000.00000003.2011839414.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/c
Source: kbu317MlTn.exe, 00000000.00000003.2128479771.0000015E54254000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2128305015.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2148438667.0000015E54255000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2012683603.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2148194099.0000015E54246000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/g
Source: kbu317MlTn.exe, 00000000.00000003.2348461360.0000015E541EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/h
Source: kbu317MlTn.exe, 00000000.00000003.2238652710.0000015E54269000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2255454818.0000015E5426C000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2255071204.0000015E54266000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2240426007.0000015E54269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/j
Source: kbu317MlTn.exe, 00000000.00000003.2054731407.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/m3ib
Source: kbu317MlTn.exe, 00000000.00000003.2098790725.0000015E54252000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2098724830.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/o
Source: kbu317MlTn.exe, 00000000.00000003.2111033710.0000015E54255000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2110754640.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2096998194.0000015E54252000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/q
Source: kbu317MlTn.exe, 00000000.00000003.2046418151.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2193798259.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/s
Source: kbu317MlTn.exe, 00000000.00000003.2036700481.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/s4
Source: kbu317MlTn.exe, 00000000.00000003.2098286885.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2193798259.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/sD
Source: kbu317MlTn.exe, 00000000.00000003.2348461360.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2155161806.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/sL
Source: kbu317MlTn.exe, 00000000.00000003.2020172836.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2140134597.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/sx
Source: kbu317MlTn.exe, 00000000.00000003.2355240997.0000015E541EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/v
Source: kbu317MlTn.exe, 00000000.00000003.2036700481.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/w
Source: kbu317MlTn.exe, 00000000.00000003.2053929759.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2019118262.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2098286885.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2137495379.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2022939740.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2036700481.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2019341259.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2051268467.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com/x
Source: kbu317MlTn.exe, 00000000.00000003.2074250034.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2108593215.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2348461360.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2049556770.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2034970110.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2071423519.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2050148574.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017970794.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2058458416.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2019118262.0000015E541AC000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2124548569.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017793540.0000015E541AC000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2020172836.0000015E541AC000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2067234613.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2179481247.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2103799161.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2095181714.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2020354108.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2045085037.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2042254168.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2055298236.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com:443/
Source: kbu317MlTn.exe, 00000000.00000003.2155987352.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2012683603.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2111061982.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2137495379.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2046418151.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2155161806.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2038039180.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2361719340.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2015011782.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017970794.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017793540.0000015E541AC000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2104672520.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2193798259.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017117885.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2055298236.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2036700481.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2010898849.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com:443/)
Source: kbu317MlTn.exe, 00000000.00000003.2043606520.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2013689150.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2016192563.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2010398791.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2011839414.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2181526285.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2012683603.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2014048804.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2048564461.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2013171487.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2015688196.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2073249700.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2015011782.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2058458416.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2010754734.0000015E541A9000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2179481247.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2011212258.0000015E541A9000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2042254168.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2012311974.0000015E541A9000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2014503455.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2018378123.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com:443/.
Source: kbu317MlTn.exe, 00000000.00000003.2043606520.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2020730245.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2155987352.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2016192563.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2181526285.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2014048804.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2047994445.0000015E541AC000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2048564461.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2131113420.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2024679135.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2047527693.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2022939740.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2098286885.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2140134597.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2027171589.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2348461360.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2049556770.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2025816623.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2071423519.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2020172836.0000015E541AC000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2095181714.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webtimeapi.com:443/X

Source: kbu317MlTn.exe, 00000000.00000000.2007428182.00007FF679996000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameconfig-pdf.dll4 vs kbu317MlTn.exe
Source: kbu317MlTn.exe	Binary or memory string: OriginalFilenameconfig-pdf.dll4 vs kbu317MlTn.exe

Source: classification engine

Classification label: mal68.winEXE@1/0@50/0

Source: kbu317MlTn.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\kbu317MlTn.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: kbu317MlTn.exe

ReversingLabs: Detection: 87%

Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\kbu317MlTn.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: kbu317MlTn.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: kbu317MlTn.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: kbu317MlTn.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: kbu317MlTn.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: kbu317MlTn.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: kbu317MlTn.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: kbu317MlTn.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: kbu317MlTn.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: kbu317MlTn.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: kbu317MlTn.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: kbu317MlTn.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: kbu317MlTn.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: kbu317MlTn.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: kbu317MlTn.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: kbu317MlTn.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\kbu317MlTn.exe TID: 6112

Thread sleep time: -150000s >= -30000s

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	OS Credential Dumping	1 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 DLL Side-Loading	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
kbu317MlTn.exe	88%	ReversingLabs	Win64.Backdoor.Snipbot

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://webtimeapi.com/#	100%	Avira URL Cloud	malware
https://webtimeapi.com/m3ib	100%	Avira URL Cloud	malware
https://webtimeapi.com/c	100%	Avira URL Cloud	malware
https://webtimeapi.com/a	100%	Avira URL Cloud	malware
https://webtimeapi.com:443/)	100%	Avira URL Cloud	malware
https://webtimeapi.com/O3Kb	100%	Avira URL Cloud	malware
https://webtimeapi.com/	100%	Avira URL Cloud	malware
https://webtimeapi.com/2p_b	100%	Avira URL Cloud	malware
https://webtimeapi.com/7yT	100%	Avira URL Cloud	malware
https://webtimeapi.com/0r	100%	Avira URL Cloud	malware
https://webtimeapi.com/j	100%	Avira URL Cloud	malware
https://webtimeapi.com/h	100%	Avira URL Cloud	malware
https://webtimeapi.com/g	100%	Avira URL Cloud	malware
https://webtimeapi.com/Mb	100%	Avira URL Cloud	malware
https://webtimeapi.com/s	100%	Avira URL Cloud	malware
https://webtimeapi.com/1	100%	Avira URL Cloud	malware
https://webtimeapi.com:443/.	100%	Avira URL Cloud	malware
https://webtimeapi.com/q	100%	Avira URL Cloud	malware
https://webtimeapi.com//	100%	Avira URL Cloud	malware
https://webtimeapi.com/sL	100%	Avira URL Cloud	malware
https://webtimeapi.com/sD	100%	Avira URL Cloud	malware
https://webtimeapi.com/o	100%	Avira URL Cloud	malware
https://webtimeapi.com/sx	100%	Avira URL Cloud	malware
https://webtimeapi.com/w	100%	Avira URL Cloud	malware
https://webtimeapi.com/-	100%	Avira URL Cloud	malware
https://webtimeapi.com/v	100%	Avira URL Cloud	malware
https://webtimeapi.com/4	100%	Avira URL Cloud	malware
https://webtimeapi.com/x	100%	Avira URL Cloud	malware
https://webtimeapi.com/U3Ab.	100%	Avira URL Cloud	malware
https://webtimeapi.com/s4	100%	Avira URL Cloud	malware
https://webtimeapi.com:443/	100%	Avira URL Cloud	malware
https://webtimeapi.com:443/X	100%	Avira URL Cloud	malware
https://webtimeapi.com/N	100%	Avira URL Cloud	malware
https://webtimeapi.com/D	100%	Avira URL Cloud	malware
https://webtimeapi.com/L	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
webtimeapi.com	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://webtimeapi.com/m3ib	kbu317MlTn.exe, 00000000.00000003.2054731407.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/	kbu317MlTn.exe, 00000000.00000003.2015011782.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2240426007.0000015E54269000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2159418182.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2185610055.0000015E541EA000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2146115359.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2321662354.0000015E547C1000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2131113420.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/#	kbu317MlTn.exe, 00000000.00000003.2348461360.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2097860294.0000015E54252000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2355240997.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2361719340.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/7yT	kbu317MlTn.exe, 00000000.00000003.2112150416.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/c	kbu317MlTn.exe, 00000000.00000003.2011839414.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/O3Kb	kbu317MlTn.exe, 00000000.00000003.2095181714.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/a	kbu317MlTn.exe, 00000000.00000003.2035736556.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2125774345.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com:443/)	kbu317MlTn.exe, 00000000.00000003.2155987352.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2012683603.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2111061982.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2137495379.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2046418151.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2155161806.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2038039180.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2361719340.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2015011782.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017970794.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017793540.0000015E541AC000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2104672520.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2193798259.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017117885.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2055298236.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2036700481.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2010898849.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/2p_b	kbu317MlTn.exe, 00000000.00000003.2361719340.0000015E541EA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/0r	kbu317MlTn.exe, 00000000.00000003.2058458416.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/Mb	kbu317MlTn.exe, 00000000.00000003.2193798259.0000015E541EA000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2185610055.0000015E541EA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/j	kbu317MlTn.exe, 00000000.00000003.2238652710.0000015E54269000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2255454818.0000015E5426C000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2255071204.0000015E54266000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2240426007.0000015E54269000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/h	kbu317MlTn.exe, 00000000.00000003.2348461360.0000015E541EA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/g	kbu317MlTn.exe, 00000000.00000003.2128479771.0000015E54254000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2128305015.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2148438667.0000015E54255000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2012683603.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2148194099.0000015E54246000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/sL	kbu317MlTn.exe, 00000000.00000003.2348461360.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2155161806.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com:443/.	kbu317MlTn.exe, 00000000.00000003.2043606520.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2013689150.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2016192563.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2010398791.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2011839414.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2181526285.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2012683603.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2014048804.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2048564461.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2013171487.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2015688196.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2073249700.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2015011782.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2058458416.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2010754734.0000015E541A9000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2179481247.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2011212258.0000015E541A9000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2042254168.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2012311974.0000015E541A9000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2014503455.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2018378123.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/s	kbu317MlTn.exe, 00000000.00000003.2046418151.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2193798259.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/1	kbu317MlTn.exe, 00000000.00000003.2321662354.0000015E547C1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/q	kbu317MlTn.exe, 00000000.00000003.2111033710.0000015E54255000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2110754640.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2096998194.0000015E54252000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com//	kbu317MlTn.exe, 00000000.00000003.2125576664.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2158535428.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2154942986.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2160568418.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2158730803.0000015E54250000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2156547379.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2125443924.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2155609768.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2157892923.0000015E54246000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2159418182.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/o	kbu317MlTn.exe, 00000000.00000003.2098790725.0000015E54252000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2098724830.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/sD	kbu317MlTn.exe, 00000000.00000003.2098286885.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2193798259.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/-	kbu317MlTn.exe, 00000000.00000003.2109426363.0000015E54251000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/sx	kbu317MlTn.exe, 00000000.00000003.2020172836.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2140134597.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/x	kbu317MlTn.exe, 00000000.00000003.2053929759.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2019118262.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2098286885.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2137495379.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2022939740.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2036700481.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2019341259.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2051268467.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/w	kbu317MlTn.exe, 00000000.00000003.2036700481.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/v	kbu317MlTn.exe, 00000000.00000003.2355240997.0000015E541EA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/4	kbu317MlTn.exe, 00000000.00000003.2348461360.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2027171589.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2042254168.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2051268467.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/C	kbu317MlTn.exe, 00000000.00000003.2110112022.0000015E5424C000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2110534415.0000015E54254000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://webtimeapi.com/U3Ab.	kbu317MlTn.exe, 00000000.00000003.2043606520.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/s4	kbu317MlTn.exe, 00000000.00000003.2036700481.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com:443/	kbu317MlTn.exe, 00000000.00000003.2074250034.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2108593215.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2348461360.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2049556770.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2034970110.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2071423519.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2050148574.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017970794.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2058458416.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2019118262.0000015E541AC000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2124548569.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017793540.0000015E541AC000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2020172836.0000015E541AC000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2067234613.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2179481247.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2103799161.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2095181714.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2020354108.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2045085037.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2042254168.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2055298236.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/D	kbu317MlTn.exe, 00000000.00000003.2127693842.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2112150416.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2022939740.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2036700481.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2140134597.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2179481247.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com:443/X	kbu317MlTn.exe, 00000000.00000003.2043606520.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2020730245.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2155987352.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2016192563.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2181526285.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2014048804.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2047994445.0000015E541AC000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2048564461.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2131113420.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2024679135.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2047527693.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2022939740.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2098286885.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2140134597.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2027171589.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2348461360.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2049556770.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2025816623.0000015E541AD000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2071423519.0000015E541AB000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2020172836.0000015E541AC000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2095181714.0000015E541A8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/N	kbu317MlTn.exe, 00000000.00000003.2349534279.0000015E54202000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://webtimeapi.com/L	kbu317MlTn.exe, 00000000.00000003.2058458416.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2053231788.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2146461177.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2053929759.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017970794.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2045085037.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2047527693.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2185610055.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2012311974.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2043606520.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2036301313.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2134030693.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2017793540.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2055298236.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2103799161.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2181526285.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2047994445.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2071423519.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2010898849.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2033969032.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp, kbu317MlTn.exe, 00000000.00000003.2128576919.0000015E541B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1561506
Start date and time:	2024-11-23 16:00:47 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	kbu317MlTn.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original Sample Name:	b9677c50b20a1ed951962edcb593cce5f1ed9c742bc7bff827a6fc420202b045
Detection:	MAL
Classification:	mal68.winEXE@1/0@50/0
Cookbook Comments:	Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtNotifyChangeKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: kbu317MlTn.exe

Simulations

Behavior and APIs

Time	Type	Description
10:01:35	API Interceptor	2494x Sleep call for process: kbu317MlTn.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.1473977955751495
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	kbu317MlTn.exe
File size:	151'552 bytes
MD5:	fa400cb70d13cb329d05877b8fe73ed5
SHA1:	0fa5bfed7dafbe248f436a6b6ca4b08e7e859fd4
SHA256:	b9677c50b20a1ed951962edcb593cce5f1ed9c742bc7bff827a6fc420202b045
SHA512:	f27959aefabb5ab3c593e0459c3986b44659be9c2af5473af35f1a02c325c13449c049f6075b14d58e34ace20799d7bece293e23342ef8378c54145d99088106
SSDEEP:	3072:UKMfbovRC8bClY2Gadsq/faOU5HeJ3TaRW5o7nI/fJWu:UbWQ8bcBVdsq/iOUd7IE
TLSH:	BAE36C0B73B831F9E5A69179C9920A05F77278361B519B9F03B043751F232E19E2EB72
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....c{e.........."....$.x..........4Z.........@..........................................`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x140005a34
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x657B63A5 [Thu Dec 14 20:20:53 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	1eea15c3aa779c5201bfbb645cd671e3

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F18E0B833D4h
dec eax
add esp, 28h
jmp 00007F18E0B82E4Fh
int3
int3
dec eax
sub esp, 48h
dec eax
lea ecx, dword ptr [esp+20h]
call 00007F18E0B82A3Bh
dec eax
lea edx, dword ptr [0001CC3Bh]
dec eax
lea ecx, dword ptr [esp+20h]
call 00007F18E0B83A16h
int3
jmp 00007F18E0B89184h
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [00013677h]
dec eax
mov ecx, ebx
call dword ptr [00013666h]
call dword ptr [00013670h]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [00013664h]
dec eax
mov dword ptr [esp+08h], ecx
dec eax
sub esp, 38h
mov ecx, 00000017h
call dword ptr [00013658h]
test eax, eax
je 00007F18E0B82FD9h
mov ecx, 00000002h
int 29h
dec eax
lea ecx, dword ptr [0001F0E6h]
call 00007F18E0B8307Eh
dec eax
mov eax, dword ptr [esp+38h]
dec eax
mov dword ptr [0001F1CDh], eax
dec eax
lea eax, dword ptr [esp+38h]
dec eax
add eax, 08h
dec eax
mov dword ptr [0001F15Dh], eax
dec eax
mov eax, dword ptr [0001F1B6h]
dec eax
mov dword ptr [0001F027h], eax
dec eax
mov eax, dword ptr [eax+eax+00h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x227bc	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x29000	0x328	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x26000	0x15d8	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2a000	0x678	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x20c90	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x20b50	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x19000	0x328	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x17610	0x17800	8eebfd4b5be6a926458f9e31ad80e0ef	False	0.49092004654255317	data	6.483619249421673	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x19000	0xa280	0xa400	3ff7fbe602c4c04c9131936dc9a99155	False	0.42125571646341464	data	4.745480089074913	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x24000	0x1dc0	0xc00	e9a04f1971325554a9604c3fe3747877	False	0.14908854166666666	data	2.1674402954100906	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x26000	0x15d8	0x1600	1d860ae822d4c21ed5aa81b18660a56e	False	0.4825994318181818	PEX Binary Archive	5.16570378894776	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x28000	0x15c	0x200	6269abc1aea083f8b3bc8c5ad76b2944	False	0.392578125	data	2.823612998461848	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x29000	0x328	0x400	4a4c7ba07b387167b5c28bd4d26e041a	False	0.3662109375	data	2.688194648002761	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x2a000	0x678	0x800	5367b1849e5f82a2a0731ad8e6343273	False	0.4970703125	data	4.922812112071578	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x29060	0x2c8	data	English	United States	0.4747191011235955

Imports

DLL	Import
KERNEL32.dll	GetModuleHandleA, CreateProcessA, MultiByteToWideChar, CreateFileW, Sleep, GetLastError, CloseHandle, WriteFile, CreateFileA, GetProcAddress, CreateDirectoryA, SetFilePointerEx, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, HeapReAlloc, HeapSize, GetProcessHeap, LCMapStringW, CompareStringW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlPcToFileHeader, RaiseException, RtlUnwindEx, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RtlUnwind, GetStdHandle, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapFree, HeapAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetFileType, GetStringTypeW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, WriteConsoleW
ADVAPI32.dll	RegCreateKeyExA, RegSetValueExW, RegCloseKey
DNSAPI.dll	DnsFree, DnsQuery_A
WS2_32.dll	inet_ntoa
WINHTTP.dll	WinHttpGetProxyForUrl, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpOpenRequest, WinHttpGetIEProxyConfigForCurrentUser, WinHttpWriteData, WinHttpReadData, WinHttpConnect, WinHttpCloseHandle, WinHttpOpen, WinHttpSetOption

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-23T16:01:35.749641+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	58191	1.1.1.1	53	UDP
2024-11-23T16:01:40.108962+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	51438	1.1.1.1	53	UDP
2024-11-23T16:01:45.132096+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	58385	1.1.1.1	53	UDP
2024-11-23T16:01:50.135297+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	62472	1.1.1.1	53	UDP
2024-11-23T16:01:55.160068+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	59976	1.1.1.1	53	UDP
2024-11-23T16:02:00.106733+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	59126	1.1.1.1	53	UDP
2024-11-23T16:02:05.206439+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	49162	1.1.1.1	53	UDP
2024-11-23T16:02:10.141730+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	58624	1.1.1.1	53	UDP
2024-11-23T16:02:15.104983+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	57423	1.1.1.1	53	UDP
2024-11-23T16:02:20.107395+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	52618	1.1.1.1	53	UDP
2024-11-23T16:02:25.103734+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	65429	1.1.1.1	53	UDP
2024-11-23T16:02:30.106257+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	50573	1.1.1.1	53	UDP
2024-11-23T16:02:35.104222+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	53046	1.1.1.1	53	UDP
2024-11-23T16:02:40.116558+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	54784	1.1.1.1	53	UDP
2024-11-23T16:02:45.105712+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	57906	1.1.1.1	53	UDP
2024-11-23T16:02:50.113354+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	58560	1.1.1.1	53	UDP
2024-11-23T16:02:55.103904+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	64162	1.1.1.1	53	UDP
2024-11-23T16:03:00.107928+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	50026	1.1.1.1	53	UDP
2024-11-23T16:03:05.104085+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	62640	1.1.1.1	53	UDP
2024-11-23T16:03:10.105582+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	60950	1.1.1.1	53	UDP
2024-11-23T16:03:15.105023+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	52438	1.1.1.1	53	UDP
2024-11-23T16:03:20.106523+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	60877	1.1.1.1	53	UDP
2024-11-23T16:03:25.113753+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	63607	1.1.1.1	53	UDP
2024-11-23T16:03:30.103680+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	54303	1.1.1.1	53	UDP
2024-11-23T16:03:35.108421+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	57707	1.1.1.1	53	UDP
2024-11-23T16:03:40.121809+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	59657	1.1.1.1	53	UDP
2024-11-23T16:03:45.107987+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	54028	1.1.1.1	53	UDP
2024-11-23T16:03:50.104934+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	51597	1.1.1.1	53	UDP
2024-11-23T16:03:55.108079+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	49877	1.1.1.1	53	UDP
2024-11-23T16:04:00.104963+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	59310	1.1.1.1	53	UDP
2024-11-23T16:04:05.108124+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	50627	1.1.1.1	53	UDP
2024-11-23T16:04:10.107976+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	58138	1.1.1.1	53	UDP
2024-11-23T16:04:15.107300+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	61368	1.1.1.1	53	UDP
2024-11-23T16:04:20.105722+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	54234	1.1.1.1	53	UDP
2024-11-23T16:04:25.106512+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	58256	1.1.1.1	53	UDP
2024-11-23T16:04:30.104454+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	56033	1.1.1.1	53	UDP
2024-11-23T16:04:35.106515+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	59871	1.1.1.1	53	UDP
2024-11-23T16:04:40.107527+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	52597	1.1.1.1	53	UDP
2024-11-23T16:04:45.107891+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	65184	1.1.1.1	53	UDP
2024-11-23T16:04:50.105457+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	60948	1.1.1.1	53	UDP
2024-11-23T16:04:55.104010+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	52059	1.1.1.1	53	UDP
2024-11-23T16:05:00.117748+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	58043	1.1.1.1	53	UDP
2024-11-23T16:05:05.105991+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	53125	1.1.1.1	53	UDP
2024-11-23T16:05:10.104803+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	61962	1.1.1.1	53	UDP
2024-11-23T16:05:15.107685+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	52457	1.1.1.1	53	UDP
2024-11-23T16:05:20.104532+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	62897	1.1.1.1	53	UDP
2024-11-23T16:05:25.105579+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	49915	1.1.1.1	53	UDP
2024-11-23T16:05:30.224987+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	50279	1.1.1.1	53	UDP
2024-11-23T16:05:35.129454+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	55635	1.1.1.1	53	UDP
2024-11-23T16:05:40.106573+0100	2056108	ET MALWARE SnipBot CnC Domain in DNS Lookup (webtimeapi .com)	1	192.168.2.5	52978	1.1.1.1	53	UDP

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 23, 2024 16:01:35.749640942 CET	58191	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:01:35.975495100 CET	53	58191	1.1.1.1	192.168.2.5
Nov 23, 2024 16:01:40.108962059 CET	51438	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:01:40.248188972 CET	53	51438	1.1.1.1	192.168.2.5
Nov 23, 2024 16:01:45.132096052 CET	58385	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:01:45.271007061 CET	53	58385	1.1.1.1	192.168.2.5
Nov 23, 2024 16:01:50.135297060 CET	62472	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:01:50.273371935 CET	53	62472	1.1.1.1	192.168.2.5
Nov 23, 2024 16:01:55.160068035 CET	59976	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:01:55.299463034 CET	53	59976	1.1.1.1	192.168.2.5
Nov 23, 2024 16:02:00.106733084 CET	59126	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:02:00.248513937 CET	53	59126	1.1.1.1	192.168.2.5
Nov 23, 2024 16:02:05.206439018 CET	49162	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:02:05.353125095 CET	53	49162	1.1.1.1	192.168.2.5
Nov 23, 2024 16:02:10.141730070 CET	58624	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:02:10.278934002 CET	53	58624	1.1.1.1	192.168.2.5
Nov 23, 2024 16:02:15.104983091 CET	57423	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:02:15.243153095 CET	53	57423	1.1.1.1	192.168.2.5
Nov 23, 2024 16:02:20.107394934 CET	52618	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:02:20.247905970 CET	53	52618	1.1.1.1	192.168.2.5
Nov 23, 2024 16:02:25.103734016 CET	65429	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:02:25.241556883 CET	53	65429	1.1.1.1	192.168.2.5
Nov 23, 2024 16:02:30.106256962 CET	50573	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:02:30.246366978 CET	53	50573	1.1.1.1	192.168.2.5
Nov 23, 2024 16:02:35.104222059 CET	53046	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:02:35.256680012 CET	53	53046	1.1.1.1	192.168.2.5
Nov 23, 2024 16:02:40.116558075 CET	54784	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:02:40.253978968 CET	53	54784	1.1.1.1	192.168.2.5
Nov 23, 2024 16:02:45.105711937 CET	57906	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:02:45.246514082 CET	53	57906	1.1.1.1	192.168.2.5
Nov 23, 2024 16:02:50.113353968 CET	58560	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:02:50.251246929 CET	53	58560	1.1.1.1	192.168.2.5
Nov 23, 2024 16:02:55.103904009 CET	64162	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:02:55.253391981 CET	53	64162	1.1.1.1	192.168.2.5
Nov 23, 2024 16:03:00.107928038 CET	50026	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:03:00.245465040 CET	53	50026	1.1.1.1	192.168.2.5
Nov 23, 2024 16:03:05.104084969 CET	62640	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:03:05.243590117 CET	53	62640	1.1.1.1	192.168.2.5
Nov 23, 2024 16:03:10.105581999 CET	60950	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:03:10.242610931 CET	53	60950	1.1.1.1	192.168.2.5
Nov 23, 2024 16:03:15.105022907 CET	52438	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:03:15.242836952 CET	53	52438	1.1.1.1	192.168.2.5
Nov 23, 2024 16:03:20.106523037 CET	60877	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:03:20.243663073 CET	53	60877	1.1.1.1	192.168.2.5
Nov 23, 2024 16:03:25.113753080 CET	63607	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:03:25.253165007 CET	53	63607	1.1.1.1	192.168.2.5
Nov 23, 2024 16:03:30.103679895 CET	54303	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:03:30.243872881 CET	53	54303	1.1.1.1	192.168.2.5
Nov 23, 2024 16:03:35.108421087 CET	57707	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:03:35.245786905 CET	53	57707	1.1.1.1	192.168.2.5
Nov 23, 2024 16:03:40.121809006 CET	59657	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:03:40.259176016 CET	53	59657	1.1.1.1	192.168.2.5
Nov 23, 2024 16:03:45.107986927 CET	54028	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:03:45.245315075 CET	53	54028	1.1.1.1	192.168.2.5
Nov 23, 2024 16:03:50.104933977 CET	51597	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:03:50.247055054 CET	53	51597	1.1.1.1	192.168.2.5
Nov 23, 2024 16:03:55.108078957 CET	49877	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:03:55.253169060 CET	53	49877	1.1.1.1	192.168.2.5
Nov 23, 2024 16:04:00.104963064 CET	59310	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:04:00.251024008 CET	53	59310	1.1.1.1	192.168.2.5
Nov 23, 2024 16:04:05.108124018 CET	50627	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:04:05.247225046 CET	53	50627	1.1.1.1	192.168.2.5
Nov 23, 2024 16:04:10.107975960 CET	58138	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:04:10.265427113 CET	53	58138	1.1.1.1	192.168.2.5
Nov 23, 2024 16:04:15.107300043 CET	61368	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:04:15.248362064 CET	53	61368	1.1.1.1	192.168.2.5
Nov 23, 2024 16:04:20.105721951 CET	54234	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:04:20.245065928 CET	53	54234	1.1.1.1	192.168.2.5
Nov 23, 2024 16:04:25.106512070 CET	58256	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:04:25.246903896 CET	53	58256	1.1.1.1	192.168.2.5
Nov 23, 2024 16:04:30.104454041 CET	56033	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:04:30.242155075 CET	53	56033	1.1.1.1	192.168.2.5
Nov 23, 2024 16:04:35.106514931 CET	59871	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:04:35.244745016 CET	53	59871	1.1.1.1	192.168.2.5
Nov 23, 2024 16:04:40.107527018 CET	52597	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:04:40.246249914 CET	53	52597	1.1.1.1	192.168.2.5
Nov 23, 2024 16:04:45.107891083 CET	65184	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:04:45.246500969 CET	53	65184	1.1.1.1	192.168.2.5
Nov 23, 2024 16:04:50.105457067 CET	60948	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:04:50.242831945 CET	53	60948	1.1.1.1	192.168.2.5
Nov 23, 2024 16:04:55.104010105 CET	52059	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:04:55.247721910 CET	53	52059	1.1.1.1	192.168.2.5
Nov 23, 2024 16:05:00.117748022 CET	58043	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:05:00.262445927 CET	53	58043	1.1.1.1	192.168.2.5
Nov 23, 2024 16:05:05.105990887 CET	53125	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:05:05.245950937 CET	53	53125	1.1.1.1	192.168.2.5
Nov 23, 2024 16:05:10.104803085 CET	61962	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:05:10.249430895 CET	53	61962	1.1.1.1	192.168.2.5
Nov 23, 2024 16:05:15.107685089 CET	52457	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:05:15.248128891 CET	53	52457	1.1.1.1	192.168.2.5
Nov 23, 2024 16:05:20.104532003 CET	62897	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:05:20.243976116 CET	53	62897	1.1.1.1	192.168.2.5
Nov 23, 2024 16:05:25.105578899 CET	49915	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:05:25.243285894 CET	53	49915	1.1.1.1	192.168.2.5
Nov 23, 2024 16:05:30.224987030 CET	50279	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:05:30.362679958 CET	53	50279	1.1.1.1	192.168.2.5
Nov 23, 2024 16:05:35.129453897 CET	55635	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:05:35.268049955 CET	53	55635	1.1.1.1	192.168.2.5
Nov 23, 2024 16:05:40.106573105 CET	52978	53	192.168.2.5	1.1.1.1
Nov 23, 2024 16:05:40.246012926 CET	53	52978	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 23, 2024 16:01:35.749640942 CET	192.168.2.5	1.1.1.1	0x8dcb	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:01:40.108962059 CET	192.168.2.5	1.1.1.1	0xbfe2	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:01:45.132096052 CET	192.168.2.5	1.1.1.1	0x4ca8	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:01:50.135297060 CET	192.168.2.5	1.1.1.1	0xa39e	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:01:55.160068035 CET	192.168.2.5	1.1.1.1	0x6ec3	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:00.106733084 CET	192.168.2.5	1.1.1.1	0x9326	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:05.206439018 CET	192.168.2.5	1.1.1.1	0x149e	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:10.141730070 CET	192.168.2.5	1.1.1.1	0x53ff	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:15.104983091 CET	192.168.2.5	1.1.1.1	0x480c	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:20.107394934 CET	192.168.2.5	1.1.1.1	0x10ca	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:25.103734016 CET	192.168.2.5	1.1.1.1	0xc842	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:30.106256962 CET	192.168.2.5	1.1.1.1	0xbcb6	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:35.104222059 CET	192.168.2.5	1.1.1.1	0xf5f0	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:40.116558075 CET	192.168.2.5	1.1.1.1	0x1733	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:45.105711937 CET	192.168.2.5	1.1.1.1	0x185	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:50.113353968 CET	192.168.2.5	1.1.1.1	0x5f6d	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:55.103904009 CET	192.168.2.5	1.1.1.1	0xea8c	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:00.107928038 CET	192.168.2.5	1.1.1.1	0xdd0c	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:05.104084969 CET	192.168.2.5	1.1.1.1	0xecb0	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:10.105581999 CET	192.168.2.5	1.1.1.1	0x813c	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:15.105022907 CET	192.168.2.5	1.1.1.1	0x778a	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:20.106523037 CET	192.168.2.5	1.1.1.1	0x15b3	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:25.113753080 CET	192.168.2.5	1.1.1.1	0xdcaf	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:30.103679895 CET	192.168.2.5	1.1.1.1	0x74c	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:35.108421087 CET	192.168.2.5	1.1.1.1	0xf7de	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:40.121809006 CET	192.168.2.5	1.1.1.1	0x8e58	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:45.107986927 CET	192.168.2.5	1.1.1.1	0x94a9	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:50.104933977 CET	192.168.2.5	1.1.1.1	0x6739	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:55.108078957 CET	192.168.2.5	1.1.1.1	0x3217	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:00.104963064 CET	192.168.2.5	1.1.1.1	0xfb09	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:05.108124018 CET	192.168.2.5	1.1.1.1	0xb961	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:10.107975960 CET	192.168.2.5	1.1.1.1	0x69e4	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:15.107300043 CET	192.168.2.5	1.1.1.1	0xb761	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:20.105721951 CET	192.168.2.5	1.1.1.1	0xd7be	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:25.106512070 CET	192.168.2.5	1.1.1.1	0x11e8	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:30.104454041 CET	192.168.2.5	1.1.1.1	0x8521	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:35.106514931 CET	192.168.2.5	1.1.1.1	0x89ed	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:40.107527018 CET	192.168.2.5	1.1.1.1	0xdf31	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:45.107891083 CET	192.168.2.5	1.1.1.1	0xf835	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:50.105457067 CET	192.168.2.5	1.1.1.1	0x4021	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:55.104010105 CET	192.168.2.5	1.1.1.1	0xf0e1	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:00.117748022 CET	192.168.2.5	1.1.1.1	0xf98c	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:05.105990887 CET	192.168.2.5	1.1.1.1	0xfe2	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:10.104803085 CET	192.168.2.5	1.1.1.1	0xd75a	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:15.107685089 CET	192.168.2.5	1.1.1.1	0x8395	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:20.104532003 CET	192.168.2.5	1.1.1.1	0xc0e6	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:25.105578899 CET	192.168.2.5	1.1.1.1	0x65c7	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:30.224987030 CET	192.168.2.5	1.1.1.1	0x73ac	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:35.129453897 CET	192.168.2.5	1.1.1.1	0x4ae1	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:40.106573105 CET	192.168.2.5	1.1.1.1	0x1f63	Standard query (0)	webtimeapi.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 23, 2024 16:01:35.975495100 CET	1.1.1.1	192.168.2.5	0x8dcb	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:01:40.248188972 CET	1.1.1.1	192.168.2.5	0xbfe2	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:01:45.271007061 CET	1.1.1.1	192.168.2.5	0x4ca8	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:01:50.273371935 CET	1.1.1.1	192.168.2.5	0xa39e	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:01:55.299463034 CET	1.1.1.1	192.168.2.5	0x6ec3	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:00.248513937 CET	1.1.1.1	192.168.2.5	0x9326	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:05.353125095 CET	1.1.1.1	192.168.2.5	0x149e	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:10.278934002 CET	1.1.1.1	192.168.2.5	0x53ff	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:15.243153095 CET	1.1.1.1	192.168.2.5	0x480c	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:20.247905970 CET	1.1.1.1	192.168.2.5	0x10ca	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:25.241556883 CET	1.1.1.1	192.168.2.5	0xc842	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:30.246366978 CET	1.1.1.1	192.168.2.5	0xbcb6	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:35.256680012 CET	1.1.1.1	192.168.2.5	0xf5f0	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:40.253978968 CET	1.1.1.1	192.168.2.5	0x1733	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:45.246514082 CET	1.1.1.1	192.168.2.5	0x185	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:50.251246929 CET	1.1.1.1	192.168.2.5	0x5f6d	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:02:55.253391981 CET	1.1.1.1	192.168.2.5	0xea8c	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:00.245465040 CET	1.1.1.1	192.168.2.5	0xdd0c	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:05.243590117 CET	1.1.1.1	192.168.2.5	0xecb0	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:10.242610931 CET	1.1.1.1	192.168.2.5	0x813c	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:15.242836952 CET	1.1.1.1	192.168.2.5	0x778a	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:20.243663073 CET	1.1.1.1	192.168.2.5	0x15b3	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:25.253165007 CET	1.1.1.1	192.168.2.5	0xdcaf	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:30.243872881 CET	1.1.1.1	192.168.2.5	0x74c	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:35.245786905 CET	1.1.1.1	192.168.2.5	0xf7de	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:40.259176016 CET	1.1.1.1	192.168.2.5	0x8e58	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:45.245315075 CET	1.1.1.1	192.168.2.5	0x94a9	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:50.247055054 CET	1.1.1.1	192.168.2.5	0x6739	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:03:55.253169060 CET	1.1.1.1	192.168.2.5	0x3217	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:00.251024008 CET	1.1.1.1	192.168.2.5	0xfb09	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:05.247225046 CET	1.1.1.1	192.168.2.5	0xb961	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:10.265427113 CET	1.1.1.1	192.168.2.5	0x69e4	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:15.248362064 CET	1.1.1.1	192.168.2.5	0xb761	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:20.245065928 CET	1.1.1.1	192.168.2.5	0xd7be	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:25.246903896 CET	1.1.1.1	192.168.2.5	0x11e8	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:30.242155075 CET	1.1.1.1	192.168.2.5	0x8521	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:35.244745016 CET	1.1.1.1	192.168.2.5	0x89ed	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:40.246249914 CET	1.1.1.1	192.168.2.5	0xdf31	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:45.246500969 CET	1.1.1.1	192.168.2.5	0xf835	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:50.242831945 CET	1.1.1.1	192.168.2.5	0x4021	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:04:55.247721910 CET	1.1.1.1	192.168.2.5	0xf0e1	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:00.262445927 CET	1.1.1.1	192.168.2.5	0xf98c	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:05.245950937 CET	1.1.1.1	192.168.2.5	0xfe2	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:10.249430895 CET	1.1.1.1	192.168.2.5	0xd75a	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:15.248128891 CET	1.1.1.1	192.168.2.5	0x8395	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:20.243976116 CET	1.1.1.1	192.168.2.5	0xc0e6	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:25.243285894 CET	1.1.1.1	192.168.2.5	0x65c7	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:30.362679958 CET	1.1.1.1	192.168.2.5	0x73ac	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:35.268049955 CET	1.1.1.1	192.168.2.5	0x4ae1	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false
Nov 23, 2024 16:05:40.246012926 CET	1.1.1.1	192.168.2.5	0x1f63	Name error (3)	webtimeapi.com	none	none	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: kbu317MlTn.exePID: 1164, Parent PID: 1028

General

Target ID:	0
Start time:	10:01:34
Start date:	23/11/2024
Path:	C:\Users\user\Desktop\kbu317MlTn.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\kbu317MlTn.exe"
Imagebase:	0x7ff679970000
File size:	151'552 bytes
MD5 hash:	FA400CB70D13CB329D05877B8FE73ED5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report kbu317MlTn.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: kbu317MlTn.exePID: 1164, Parent PID: 1028

General

Chronological Activities

Disassembly

Windows Analysis Report
kbu317MlTn.exe