Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 21, 2025, 9:44 a.m.	April 21, 2025, 12:57 p.m.

Size	9.6MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`cb8cb16aa24029b84a3c40b2d61e3eb0`
SHA256	`c7cdd2f873541ea8719b50f54bb624d725c3a2df5a9743b30d3d145345b273b6`
CRC32	`CA3BD426`
ssdeep	`196608:r88mbmIklyu9YIk1Ig7HM311ytQJ15kP43:tw0hh3v3T3`
PDB Path	D:\CabalEP33\Luncher\Launcher\update\obj\Release\update.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.215.113.41	Active	Moloch
185.215.113.59	Active	Moloch
45.91.133.59	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 185.215.113.41:80 -> 192.168.56.103:49222	2400031	ET DROP Spamhaus DROP Listed Traffic Inbound group 32	Misc Attack
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 45.91.133.59:80 -> 192.168.56.103:49162	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 45.91.133.59:80 -> 192.168.56.103:49162	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 45.91.133.59:80 -> 192.168.56.103:49162	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 45.91.133.59:80 -> 192.168.56.103:49162	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 45.91.133.59:80 -> 192.168.56.103:49162	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 45.91.133.59:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 185.215.113.59:80 -> 192.168.56.103:49173	2400031	ET DROP Spamhaus DROP Listed Traffic Inbound group 32	Misc Attack

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\CabalEP33\Luncher\Launcher\update\obj\Release\update.pdb

HTTP traffic contains suspicious features which may be indicative of malware related traffic (50 out of 358 events)

suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59//resources.xml
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/updates/Guild/1_1.gld
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/updates/Guild/1_18.gld
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/updates/Guild/1_2.gld
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/updates/Guild/1_21.gld
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/updates/Guild/1_3.gld
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/updates/Guild/1_4.gld
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/updates/Guild/1_6.gld
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/updates/Guild/1_9.gld
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/updates/Guild/test.txt
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/cabal.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/byPassWinD.bat
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/cabalmain.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/cabalmainen.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/cabalmainth.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/d3dx9_30.dll
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/D3DX9_43.dll
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/dxwebsetup.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/fmodex.dll
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/libogg.dll
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/libvorbis.dll
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/natives_x64.dll
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/natives_x86.dll
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/VC_redist.x64.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/VC_redist.x86.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/_start.bat
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/achievement_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/Awaken_auramode_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/balloon_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/BaseChar.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/bossarena_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/cabal_msg.dec
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/cabal_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/caz_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/ChallengeMissionMsg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/Collection_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/cont2_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/cont3_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/cont_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/costume_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/craft_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/drop_list_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/DungeonBossKill_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/EventPass_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/extra_obj_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/FieldBossRaid_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/forcewing_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/Heil_msg.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/help.enc
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://45.91.133.59/client/Data/Aanguage/Thai/honor_medal_msg.enc

Performs some HTTP requests (50 out of 358 events)

request	GET http://45.91.133.59//resources.xml
request	GET http://45.91.133.59/updates/Guild/1_1.gld
request	GET http://45.91.133.59/updates/Guild/1_18.gld
request	GET http://45.91.133.59/updates/Guild/1_2.gld
request	GET http://45.91.133.59/updates/Guild/1_21.gld
request	GET http://45.91.133.59/updates/Guild/1_3.gld
request	GET http://45.91.133.59/updates/Guild/1_4.gld
request	GET http://45.91.133.59/updates/Guild/1_6.gld
request	GET http://45.91.133.59/updates/Guild/1_9.gld
request	GET http://45.91.133.59/updates/Guild/test.txt
request	GET http://45.91.133.59/client/cabal.exe
request	GET http://45.91.133.59/client/byPassWinD.bat
request	GET http://45.91.133.59/client/cabalmain.exe
request	GET http://45.91.133.59/client/cabalmainen.exe
request	GET http://45.91.133.59/client/cabalmainth.exe
request	GET http://45.91.133.59/client/d3dx9_30.dll
request	GET http://45.91.133.59/client/D3DX9_43.dll
request	GET http://45.91.133.59/client/dxwebsetup.exe
request	GET http://45.91.133.59/client/fmodex.dll
request	GET http://45.91.133.59/client/libogg.dll
request	GET http://45.91.133.59/client/libvorbis.dll
request	GET http://45.91.133.59/client/natives_x64.dll
request	GET http://45.91.133.59/client/natives_x86.dll
request	GET http://45.91.133.59/client/VC_redist.x64.exe
request	GET http://45.91.133.59/client/VC_redist.x86.exe
request	GET http://45.91.133.59/client/_start.bat
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/achievement_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/Awaken_auramode_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/balloon_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/BaseChar.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/bossarena_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/cabal_msg.dec
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/cabal_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/caz_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/ChallengeMissionMsg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/Collection_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/cont2_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/cont3_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/cont_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/costume_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/craft_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/drop_list_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/DungeonBossKill_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/EventPass_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/extra_obj_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/FieldBossRaid_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/forcewing_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/Heil_msg.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/help.enc
request	GET http://45.91.133.59/client/Data/Aanguage/Thai/honor_medal_msg.enc

Drops an executable to the user AppData folder (13 events)

file	C:\Users\test22\AppData\Local\Temp\cabalmain.exe
file	C:\Users\test22\AppData\Local\Temp\natives_x86.dll
file	C:\Users\test22\AppData\Local\Temp\cabalmainen.exe
file	C:\Users\test22\AppData\Local\Temp\d3dx9_30.dll
file	C:\Users\test22\AppData\Local\Temp\dxwebsetup.exe
file	C:\Users\test22\AppData\Local\Temp\VC_redist.x64.exe
file	C:\Users\test22\AppData\Local\Temp\fmodex.dll
file	C:\Users\test22\AppData\Local\Temp\VC_redist.x86.exe
file	C:\Users\test22\AppData\Local\Temp\libvorbis.dll
file	C:\Users\test22\AppData\Local\Temp\cabalmainth.exe
file	C:\Users\test22\AppData\Local\Temp\cabal.exe
file	C:\Users\test22\AppData\Local\Temp\D3DX9_43.dll
file	C:\Users\test22\AppData\Local\Temp\libogg.dll

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00997800', u'virtual_address': u'0x00002000', u'entropy': 7.409395316255241, u'name': u'.text', u'virtual_size': u'0x0099761c'}

entropy

7.40939531626

description

A section with a high entropy has been found

entropy

0.997866504115

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (3 events)

host	185.215.113.41
host	185.215.113.59
host	45.91.133.59

File has been identified by 26 AntiVirus engines on VirusTotal as malicious (26 events)

ALYac	Gen:Variant.Lazy.671430
VIPRE	Gen:Variant.Lazy.671430
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_60% (D)
BitDefender	Gen:Variant.Lazy.671430
Arcabit	Trojan.Lazy.DA3EC6
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/GameTool_AGen.BG potentially unsafe
Avast	Win32:MalwareX-gen [Misc]
Kaspersky	HEUR:Trojan-Downloader.MSIL.Agent.gen
MicroWorld-eScan	Gen:Variant.Lazy.671430
Rising	Trojan.Vebzenpak!8.11687 (TFE:dGZlOgx9BXGM4SS2Fg)
Emsisoft	Gen:Variant.Lazy.671430 (B)
McAfeeD	ti!C7CDD2F87354
CTX	exe.unknown.lazy
SentinelOne	Static AI - Malicious PE
Webroot	W32.Malware.gen
Google	Detected
Microsoft	Program:Win32/Wacapew.C!ml
GData	Gen:Variant.Lazy.671430
AhnLab-V3	Trojan/Win.Generic.C5746093
Malwarebytes	Malware.AI.2215750
Ikarus	Backdoor.Androm
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:MalwareX-gen [Misc]

Drops 215 unknown file mime types indicative of ransomware writing encrypted files back to disk (50 out of 215 events)

file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\00r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\war_called.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\08r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\mb_waiting_G.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\a10.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\fefx\mb_waiting.efx
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Myth_msg.enc
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\fefx\12.efx
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\mb_waiting_N.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\fefx\hurryup.efx
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\war_start.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\war_raedy_r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\script_msg.enc
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\stellar_msg.enc
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\fefx\war_cap_win.efx
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\a00r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\a14r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\CS_M.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\war_cap_lose_r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Skill_Enhanced_msg.enc
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\fefx\warning.efx
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\tab_msg.enc
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\war_called_r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\CC_C.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\12.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\mb_death_r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\a21r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\CS_O.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\war_raedy_y.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\a08r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\DungeonBossKill_msg.enc
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\09.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\fefx\16_01.efx
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\14.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\fefx\03.efx
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\mb_waiting_w.ebs
file	C:\Users\test22\AppData\Local\Temp\Guild\1_2.gld
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\a09.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\00.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\fefx\war_ready_on.efx
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\pvp_bteam_win_r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\war_cap_win_r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\fefx\08.efx
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\drop_list_msg.enc
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\a04r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\hurryup_r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\fefx\mb_death.efx
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\a00.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\war_pro_lose_r.ebs
file	C:\Users\test22\AppData\Local\Temp\Data\Aanguage\Thai\Font\21.ebs

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

192.168.56.103:49222

update.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All