Windows
Analysis Report
Invoke-noPac.ps1
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_21h1_office_active_directory
- powershell.exe (PID: 5580 cmdline:
C:\Windows \System32\ WindowsPow erShell\v1 .0\powersh ell.exe" - noLogo -Ex ecutionPol icy unrest ricted -fi le "C:\Use rs\user\De sktop\Invo ke-noPac.p s1 MD5: 04029E121A0CFA5991749937DD22A1D9) - conhost.exe (PID: 5700 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: D837FA4DEE7D84C19FF6F71FC48A6625)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_noPac | Yara detected noPac | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
INDICATOR_TOOL_PWS_Rubeus | Detects Rubeus kerberos defensive/offensive toolset | ditekSHen |
| |
JoeSecurity_noPac | Yara detected noPac | Joe Security | ||
JoeSecurity_noPac | Yara detected noPac | Joe Security |
System Summary |
---|
Source: | Author: Florian Roth: |
Source: | Author: Ilyas Ochkov, oscd.community: |
Source: | Author: oscd.community, Teymur Kheirkhabarov @HeirhabarovT, Zach Stanford @svch0st: |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Click to jump to signature section
Exploits |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | DNS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
System Summary |
---|
Source: | Matched rule: |
Source: | Matched rule: |
Source: | File created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: | ||
Source: | Process created: |
Source: | File read: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 11 Virtualization/Sandbox Evasion | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Non-Application Layer Protocol | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 Virtualization/Sandbox Evasion | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
252.0.0.224.in-addr.arpa | unknown | unknown | false | unknown | |
251.0.0.224.in-addr.arpa | unknown | unknown | false | unknown | |
254.141.248.8.in-addr.arpa | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|
IP |
---|
192.168.1.200 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 1730306 |
Start date: | 01.02.2022 |
Start time: | 11:40:41 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 8m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Invoke-noPac.ps1 |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10x64 v21H1 joined to AD domain (Office 2019, IE11, Chrome 97, Java 8 Update 321, Adobe Reader DC 21.011, Python 3) |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal60.expl.winPS1@2/8@3/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.87.187.111, 20.199.120.182, 8.248.141.254, 8.248.135.254, 67.26.81.254, 8.253.95.249, 8.248.117.254
- Excluded domains from analysis (whitelisted): 103.1.168.192.in-addr.arpa, client.wns.windows.com, 102.1.168.192.in-addr.arpa, fg.download.windowsupdate.com.c.footprint.net, 928100.ad01.local, _ldap._tcp.dc-01.ad01.local, wu-shim.trafficmanager.net, ctldl.windowsupdate.com, b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa, wdcp.microsoft.com, wd-prod-cp.trafficmanager.net, 109.1.168.192.in-addr.arpa, wdcpalt.microsoft.com, wns.notify.trafficmanager.net, wpad.ad01.local, 3.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa, wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com, 107.1.168.192.in-addr.arpa, 105.1.168.192.in-addr.arpa, f.4.f.0.c.f.d.2.f.c.0.e.e.c.9.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa, nexusrules.officeapps.live.com, _ldap._tcp.Default-First-Site-Name._sites.dc-01.ad01.local
- Not all processes where analyzed, report is missing behavior information
Samplename | Analysis ID | SHA256 | Similarity |
---|
Time | Type | Description |
---|---|---|
11:43:40 | API Interceptor |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 43873 |
Entropy (8bit): | 5.062295222575959 |
Encrypted: | false |
SSDEEP: | 768:vBfHWrxAfrRJPFY1UphNefsopbjoRjdvRgv6Cw4c/SvkDwKuYga5UoUv6h4iUxLe:vBfWrxAflJdY1UphNefsibjoRjdvRgvW |
MD5: | 721BF60FA4A785EFCF15FABAA2119FB2 |
SHA1: | EDFEE110B1625ACEE49BCD24EAC3B6018B2C16F8 |
SHA-256: | 7DE07F19A757CBB4815DC5588ECFCDB56C0C5C29ADB2ED03904EE7B68F10C9FF |
SHA-512: | 3187D90D37AF680128528AE7A58B8CE1AF036ED9DB500B1F9739713399BDDC1E038DE9BF90B29E03A9174B86E0A8E8A1F00E6464443029586DCE4B536D2BDFCB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1360 |
Entropy (8bit): | 5.33338808364183 |
Encrypted: | false |
SSDEEP: | 24:3pIwEVSIBo4KjpNs4RPTLiqemFoUe7omjKcm9qr9t7J0gt/NKY+r8Hc56ofW6G:6wWSL4D4R3iqemFoUeMmfm9qr9tK8Njp |
MD5: | 7F06805857E22B37B09600AF51E033D0 |
SHA1: | F946D8A75739F530D675873B3217C5D69C8A7E7F |
SHA-256: | 37CB72BC08F280C1DA4B229F312E05B9429B7303CA254A4B5C023E2E534C6797 |
SHA-512: | D973ABFB2B18C550AFA395B4F1F9643941F2BF3FAAF948C39E5942037CA5629D373DBCA2B2402605A4CB7ED46592F6635B22D2F705913E6CB784DE9B1294C43A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 602756 |
Entropy (8bit): | 3.6851002738970062 |
Encrypted: | false |
SSDEEP: | 6144:/BaTzpYXkFdejne6sxh7WtFS4QWuntn3Dh:i |
MD5: | 11009AFE0DB7D8D83BB4197BF61581BD |
SHA1: | 13624E392010BDB71F9B47FCAB8B8E82C4A7C74D |
SHA-256: | 16C8A95A2957EEF56629FAB34BF2EC6F0DBB5DE541325F5EF65F93751601304F |
SHA-512: | 5B5F5D5DC5F2E994606ABFBE3D91D672FFEA695FEEDFF40E8A600E3AA89205FFB1A1E65D8191B3279D057DBE5AAAD07F0A7EEE6FB808BA20A324B2E626211CD9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms. (copy)
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6221 |
Entropy (8bit): | 3.694519148049471 |
Encrypted: | false |
SSDEEP: | 96:iAYDCP5FXCAWB3y8ukvhkvCCtnSuSdkwM5BHhfdkwM5BHhQ:ii5FvWBn6zwM5SwM5I |
MD5: | F1778FF9415C3D60446D23A94C290809 |
SHA1: | 593D5297D3725270A6FD115FC6CE854C41CA1489 |
SHA-256: | DAF3C3EF908D9DD7C06AF5D9B720F2CAEAADF546C6CD3AE724C770015A1F7B4E |
SHA-512: | BD37981080E45709015FAFED3D7930D87AB9A41712D59D59C636A366AFBE997E18B0A21B4B687C73F81FC00502B1DD7E616F374372BC5506CCFB477BB32350B3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\78KEVS69JBGVUHT5SCEH.temp
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6221 |
Entropy (8bit): | 3.694519148049471 |
Encrypted: | false |
SSDEEP: | 96:iAYDCP5FXCAWB3y8ukvhkvCCtnSuSdkwM5BHhfdkwM5BHhQ:ii5FvWBn6zwM5SwM5I |
MD5: | F1778FF9415C3D60446D23A94C290809 |
SHA1: | 593D5297D3725270A6FD115FC6CE854C41CA1489 |
SHA-256: | DAF3C3EF908D9DD7C06AF5D9B720F2CAEAADF546C6CD3AE724C770015A1F7B4E |
SHA-512: | BD37981080E45709015FAFED3D7930D87AB9A41712D59D59C636A366AFBE997E18B0A21B4B687C73F81FC00502B1DD7E616F374372BC5506CCFB477BB32350B3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Documents\20220201\PowerShell_transcript.928100.jOLdaWNd.20220201114335.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3677 |
Entropy (8bit): | 6.0367578078889315 |
Encrypted: | false |
SSDEEP: | 96:BZ3xhjGNCHExo1Z+uvLcGQ134O5ACacU1/Z6XqhsV9Ih5rZX:DLQh55acU6ahX5l |
MD5: | 7967E4CB55064E684127FC89FE6AAC22 |
SHA1: | F6DC7397DCAE3CBBB7DE13F870D9AC301B9C1D3C |
SHA-256: | 238046B0C7B613C08D51300EE94646B38FC11E930408AC3A21CDD8144682C0E5 |
SHA-512: | A68D8CF3871AEC80641CED1F1073EC097D879F2F71C8FD570A8EDB011B170E5BBC68DFB2C4DFCB51F20403DEDF53B38C50147501DDA7A9499D3ECA1311694CE9 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.011272384618114 |
TrID: | |
File name: | Invoke-noPac.ps1 |
File size: | 211840 |
MD5: | 468704b3c87e636b9b8c360f5623f729 |
SHA1: | 62fc35b64b5034064d75001288b9b1911ea28635 |
SHA256: | 4e37819484e865f8e20c2aaa94ec05f3bfe3bb6f36ea4bb6df376c8d4f1ffcca |
SHA512: | 4bf7864cfe5b2450cae27d048f821cfba82403550fcfd461c4f5ebbcd05afbf9a013a34340b413989b9201dd5c3e87e77334e3f67895ebe8aca0c520c9af7f45 |
SSDEEP: | 3072:QIiVPj2D590fxKCETjxyWIaVaXuTdRWsiUEvOWew3FX9aTtHieW5AblQkgj5RmnK:QIO2D590eyRawXuTh0eMX93ltly4 |
File Content Preview: | function Invoke-noPac..{.... [CmdletBinding()].. Param (.. [String].. $Command = " ".. ).. # gzip -c noPac.exe | base64 -w0 > noPac.txt.. $a=New-Object IO.MemoryStream(,[Convert]::FromBAsE64String("H4sIAAAAAAAAA9S9B3wcxfU4Pre7 |
Icon Hash: | 72f2d6fef6f6dae4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 1, 2022 11:43:23.286159992 CET | 62691 | 135 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:23.292130947 CET | 135 | 62691 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:23.292166948 CET | 135 | 62691 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:23.292382002 CET | 62691 | 135 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:43.285917044 CET | 62701 | 49667 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:43.286165953 CET | 49667 | 62701 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:43.286314011 CET | 49667 | 62701 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:43.286438942 CET | 62701 | 49667 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.553690910 CET | 62722 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.561758041 CET | 389 | 62722 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.561949015 CET | 62722 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.722887993 CET | 62722 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.723568916 CET | 389 | 62722 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.728861094 CET | 62722 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.735474110 CET | 62723 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.736447096 CET | 88 | 62723 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.744762897 CET | 62723 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.745800018 CET | 62723 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.746787071 CET | 88 | 62723 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.747107983 CET | 62723 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.747272968 CET | 88 | 62723 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.747370958 CET | 88 | 62723 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.768305063 CET | 62724 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.768665075 CET | 88 | 62724 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.768950939 CET | 62724 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.769066095 CET | 62724 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.770452976 CET | 88 | 62724 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.770862103 CET | 62724 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.771004915 CET | 88 | 62724 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.771126986 CET | 88 | 62724 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.772367954 CET | 62725 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.772578955 CET | 88 | 62725 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.773046017 CET | 62725 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.773093939 CET | 62725 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.773240089 CET | 88 | 62725 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.774779081 CET | 88 | 62725 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.780801058 CET | 62725 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.781038046 CET | 88 | 62725 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.781152964 CET | 88 | 62725 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.848985910 CET | 62722 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.849196911 CET | 389 | 62722 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.850568056 CET | 389 | 62722 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.884143114 CET | 389 | 62722 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.884282112 CET | 62722 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:04.649558067 CET | 62722 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:04.673340082 CET | 389 | 62722 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:04.773921967 CET | 389 | 62722 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:04.808330059 CET | 389 | 62722 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:04.808578968 CET | 62722 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:06.974596024 CET | 62722 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:06.975444078 CET | 62722 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:06.976730108 CET | 389 | 62722 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:06.976977110 CET | 389 | 62722 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.615756035 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.616413116 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.621007919 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.741796970 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.743999004 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.752160072 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.762471914 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.763567924 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.764426947 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.812269926 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.812926054 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.827871084 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.828336954 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.828906059 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.830271006 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.830467939 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.830593109 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.831763029 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.832586050 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.833903074 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.834393978 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.835061073 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.847117901 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.847517014 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.847676992 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.847846985 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.847964048 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.848144054 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.848843098 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.849100113 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.849252939 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.849500895 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.849626064 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.849811077 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.849931002 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.851711035 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.851887941 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.852854013 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.853271961 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.853503942 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.853729010 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.853955984 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.854080915 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.855082989 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.856462955 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.857713938 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.857888937 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.860650063 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.861171961 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.861321926 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.861537933 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.862185001 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.862417936 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.862461090 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.862627983 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.862627983 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.862763882 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.862881899 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.863002062 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.863152027 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.863275051 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.863403082 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.863529921 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.863676071 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.863795042 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.863960981 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.864082098 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.864114046 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.864237070 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.864301920 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:09.864490032 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:18.652791023 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:18.659372091 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:18.680980921 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:18.681921959 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:20.402918100 CET | 62726 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:20.403448105 CET | 389 | 62726 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:22.660028934 CET | 62728 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:22.660345078 CET | 389 | 62728 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:22.660599947 CET | 62728 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:22.664041042 CET | 62728 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:22.664617062 CET | 389 | 62728 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:22.666135073 CET | 62728 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:22.667490005 CET | 389 | 62728 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:22.668199062 CET | 62728 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:22.668653965 CET | 389 | 62728 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:22.683998108 CET | 62728 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:22.687057972 CET | 389 | 62728 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:22.687491894 CET | 62728 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:22.687700033 CET | 389 | 62728 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:28.749234915 CET | 62740 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:28.749525070 CET | 88 | 62740 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:28.749855995 CET | 62740 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:28.752336979 CET | 62740 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:28.776544094 CET | 88 | 62740 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:28.776649952 CET | 62740 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:28.778820038 CET | 88 | 62740 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:28.779350042 CET | 62740 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:28.779602051 CET | 88 | 62740 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:28.779727936 CET | 88 | 62740 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:36.744256973 CET | 62741 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:36.744574070 CET | 389 | 62741 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:36.744833946 CET | 62741 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:36.748274088 CET | 62741 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:36.748797894 CET | 389 | 62741 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:36.749684095 CET | 62741 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:36.752315998 CET | 389 | 62741 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:36.753261089 CET | 62741 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:36.753897905 CET | 389 | 62741 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:36.767260075 CET | 62741 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:36.769752979 CET | 389 | 62741 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:36.770791054 CET | 62741 | 389 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:36.771070957 CET | 389 | 62741 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:40.854106903 CET | 62742 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:40.854569912 CET | 88 | 62742 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:40.854732990 CET | 62742 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:40.854934931 CET | 62742 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:40.868436098 CET | 88 | 62742 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:40.868616104 CET | 62742 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:40.870723009 CET | 88 | 62742 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:40.871069908 CET | 62742 | 88 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:44:40.871185064 CET | 88 | 62742 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:40.871263981 CET | 88 | 62742 | 192.168.1.200 | 192.168.1.201 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 1, 2022 11:43:23.562066078 CET | 49526 | 53 | 192.168.1.200 | 1.1.1.1 |
Feb 1, 2022 11:43:23.577471018 CET | 53 | 55099 | 1.1.1.1 | 192.168.1.200 |
Feb 1, 2022 11:43:23.579490900 CET | 53 | 49526 | 1.1.1.1 | 192.168.1.200 |
Feb 1, 2022 11:43:24.399924994 CET | 137 | 137 | 192.168.1.200 | 192.168.1.108 |
Feb 1, 2022 11:43:25.945925951 CET | 137 | 137 | 192.168.1.200 | 192.168.1.108 |
Feb 1, 2022 11:43:48.355431080 CET | 53 | 49965 | 1.1.1.1 | 192.168.1.200 |
Feb 1, 2022 11:43:48.357671976 CET | 137 | 137 | 192.168.1.200 | 192.168.1.107 |
Feb 1, 2022 11:43:48.359935999 CET | 137 | 137 | 192.168.1.107 | 192.168.1.200 |
Feb 1, 2022 11:43:48.360420942 CET | 5355 | 53318 | 192.168.1.107 | 192.168.1.200 |
Feb 1, 2022 11:43:57.512604952 CET | 53 | 58860 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:58.026571989 CET | 49182 | 53 | 192.168.1.200 | 1.1.1.1 |
Feb 1, 2022 11:43:58.044071913 CET | 53 | 49182 | 1.1.1.1 | 192.168.1.200 |
Feb 1, 2022 11:43:58.048924923 CET | 53 | 50689 | 1.1.1.1 | 192.168.1.200 |
Feb 1, 2022 11:43:58.049098969 CET | 53 | 50269 | 1.1.1.1 | 192.168.1.200 |
Feb 1, 2022 11:43:58.052498102 CET | 5355 | 58058 | 192.168.1.201 | 192.168.1.200 |
Feb 1, 2022 11:43:59.507317066 CET | 53 | 58687 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:43:59.508996964 CET | 53 | 49363 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:02.108531952 CET | 53 | 54896 | 1.1.1.1 | 192.168.1.200 |
Feb 1, 2022 11:44:02.108839035 CET | 53 | 65414 | 1.1.1.1 | 192.168.1.200 |
Feb 1, 2022 11:44:02.112487078 CET | 137 | 137 | 192.168.1.200 | 192.168.1.109 |
Feb 1, 2022 11:44:02.117116928 CET | 137 | 137 | 192.168.1.200 | 192.168.1.102 |
Feb 1, 2022 11:44:03.684499979 CET | 137 | 137 | 192.168.1.200 | 192.168.1.102 |
Feb 1, 2022 11:44:03.684536934 CET | 137 | 137 | 192.168.1.200 | 192.168.1.109 |
Feb 1, 2022 11:44:04.778887033 CET | 137 | 137 | 192.168.1.200 | 192.168.1.255 |
Feb 1, 2022 11:44:04.778893948 CET | 137 | 137 | 192.168.1.200 | 192.168.1.255 |
Feb 1, 2022 11:44:05.139161110 CET | 53 | 50015 | 1.1.1.1 | 192.168.1.200 |
Feb 1, 2022 11:44:05.144342899 CET | 137 | 137 | 192.168.1.200 | 192.168.1.105 |
Feb 1, 2022 11:44:05.145418882 CET | 137 | 137 | 192.168.1.105 | 192.168.1.200 |
Feb 1, 2022 11:44:05.211410046 CET | 137 | 137 | 192.168.1.200 | 192.168.1.109 |
Feb 1, 2022 11:44:05.211543083 CET | 137 | 137 | 192.168.1.200 | 192.168.1.102 |
Feb 1, 2022 11:44:05.541835070 CET | 137 | 137 | 192.168.1.200 | 192.168.1.255 |
Feb 1, 2022 11:44:05.541840076 CET | 137 | 137 | 192.168.1.200 | 192.168.1.255 |
Feb 1, 2022 11:44:06.304716110 CET | 137 | 137 | 192.168.1.200 | 192.168.1.255 |
Feb 1, 2022 11:44:06.304770947 CET | 137 | 137 | 192.168.1.200 | 192.168.1.255 |
Feb 1, 2022 11:44:07.058146000 CET | 137 | 137 | 192.168.1.200 | 192.168.1.255 |
Feb 1, 2022 11:44:07.058165073 CET | 137 | 137 | 192.168.1.200 | 192.168.1.255 |
Feb 1, 2022 11:44:07.339049101 CET | 53 | 62068 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.606844902 CET | 53 | 53859 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:09.612562895 CET | 53 | 62712 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:12.172116995 CET | 55054 | 53 | 192.168.1.200 | 1.1.1.1 |
Feb 1, 2022 11:44:12.284538031 CET | 53 | 55054 | 1.1.1.1 | 192.168.1.200 |
Feb 1, 2022 11:44:12.699924946 CET | 53 | 59357 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:15.234267950 CET | 53 | 54966 | 1.1.1.1 | 192.168.1.200 |
Feb 1, 2022 11:44:15.243376017 CET | 137 | 137 | 192.168.1.200 | 192.168.1.103 |
Feb 1, 2022 11:44:16.748106003 CET | 137 | 137 | 192.168.1.200 | 192.168.1.103 |
Feb 1, 2022 11:44:16.748112917 CET | 137 | 137 | 192.168.1.200 | 192.168.1.103 |
Feb 1, 2022 11:44:18.276104927 CET | 137 | 137 | 192.168.1.200 | 192.168.1.103 |
Feb 1, 2022 11:44:18.276113033 CET | 137 | 137 | 192.168.1.200 | 192.168.1.103 |
Feb 1, 2022 11:44:20.553931952 CET | 53 | 50922 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:22.611747026 CET | 53 | 55089 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:22.629219055 CET | 53 | 63209 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:34.668649912 CET | 53 | 53965 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:36.716800928 CET | 53 | 53186 | 192.168.1.200 | 192.168.1.201 |
Feb 1, 2022 11:44:36.721396923 CET | 53 | 49626 | 192.168.1.200 | 192.168.1.201 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 1, 2022 11:43:23.562066078 CET | 192.168.1.200 | 1.1.1.1 | 0x31b9 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Feb 1, 2022 11:43:58.026571989 CET | 192.168.1.200 | 1.1.1.1 | 0x911a | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Feb 1, 2022 11:44:12.172116995 CET | 192.168.1.200 | 1.1.1.1 | 0x84a9 | Standard query (0) | PTR (Pointer record) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 1, 2022 11:43:23.579490900 CET | 1.1.1.1 | 192.168.1.200 | 0x31b9 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | |
Feb 1, 2022 11:43:58.044071913 CET | 1.1.1.1 | 192.168.1.200 | 0x911a | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | |
Feb 1, 2022 11:44:12.284538031 CET | 1.1.1.1 | 192.168.1.200 | 0x84a9 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:43:31 |
Start date: | 01/02/2022 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64f360000 |
File size: | 452608 bytes |
MD5 hash: | 04029E121A0CFA5991749937DD22A1D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | moderate |
Target ID: | 2 |
Start time: | 11:43:31 |
Start date: | 01/02/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff790d20000 |
File size: | 889344 bytes |
MD5 hash: | D837FA4DEE7D84C19FF6F71FC48A6625 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |